From 66e6ed6f69cc8feac2b96bd523fb6f28596e7dd6 Mon Sep 17 00:00:00 2001 From: Matteo Melli Date: Mon, 13 Nov 2023 22:06:07 +0100 Subject: [PATCH] operator stackgres (1.6.0) Signed-off-by: Matteo Melli --- ...c.authorization.k8s.io_v1_clusterrole.yaml | 25 + .../stackgres-operator_v1_service.yaml | 13 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 27 + ...rization.k8s.io_v1_clusterrolebinding.yaml | 20 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 27 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 130 + ...rization.k8s.io_v1_clusterrolebinding.yaml | 19 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 89 + ...c.authorization.k8s.io_v1_clusterrole.yaml | 115 + .../stackgres.clusterserviceversion.yaml | 10981 ++++++++ .../manifests/stackgres.io_sgbackups.yaml | 903 + .../manifests/stackgres.io_sgclusters.yaml | 8497 ++++++ .../manifests/stackgres.io_sgconfigs.yaml | 975 + .../1.6.0/manifests/stackgres.io_sgdbops.yaml | 1931 ++ .../stackgres.io_sgdistributedlogs.yaml | 1509 + .../stackgres.io_sginstanceprofiles.yaml | 320 + .../stackgres.io_sgobjectstorages.yaml | 442 + .../manifests/stackgres.io_sgpgconfigs.yaml | 108 + .../manifests/stackgres.io_sgpoolconfigs.yaml | 140 + .../manifests/stackgres.io_sgscripts.yaml | 243 + .../stackgres.io_sgshardedbackups.yaml | 188 + .../stackgres.io_sgshardedclusters.yaml | 23274 ++++++++++++++++ .../stackgres.io_sgshardeddbops.yaml | 1214 + .../stackgres/1.6.0/metadata/annotations.yaml | 12 + .../1.6.0/tests/scorecard/config.yaml | 70 + 25 files changed, 51272 insertions(+) create mode 100644 operators/stackgres/1.6.0/manifests/stackgres-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres-operator_v1_service.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres-restapi_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres-restapi_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres-webconsole-admin_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres-webconsole-admin_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres-webconsole-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres-webconsole-writer_rbac.authorization.k8s.io_v1_clusterrole.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.clusterserviceversion.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgbackups.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgclusters.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgconfigs.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgdbops.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgdistributedlogs.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sginstanceprofiles.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgobjectstorages.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgpgconfigs.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgpoolconfigs.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgscripts.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgshardedbackups.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgshardedclusters.yaml create mode 100644 operators/stackgres/1.6.0/manifests/stackgres.io_sgshardeddbops.yaml create mode 100644 operators/stackgres/1.6.0/metadata/annotations.yaml create mode 100644 operators/stackgres/1.6.0/tests/scorecard/config.yaml diff --git a/operators/stackgres/1.6.0/manifests/stackgres-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/stackgres/1.6.0/manifests/stackgres-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..bb1a2e9fca7 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: stackgres + app.kubernetes.io/instance: editor-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: stackgres + name: stackgres-editor-role +rules: + - apiGroups: + - stackgres.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/operators/stackgres/1.6.0/manifests/stackgres-operator_v1_service.yaml b/operators/stackgres/1.6.0/manifests/stackgres-operator_v1_service.yaml new file mode 100644 index 00000000000..64145f5c607 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres-operator_v1_service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + name: stackgres-operator +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + app: stackgres-operator +status: + loadBalancer: {} diff --git a/operators/stackgres/1.6.0/manifests/stackgres-restapi_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/stackgres/1.6.0/manifests/stackgres-restapi_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..863eb28facf --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres-restapi_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: stackgres-restapi +rules: + - apiGroups: + - '' + resources: + - users + - groups + - serviceaccount + verbs: + - impersonate + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - '' + resources: + - secrets + verbs: + - get + - list diff --git a/operators/stackgres/1.6.0/manifests/stackgres-restapi_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/operators/stackgres/1.6.0/manifests/stackgres-restapi_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml new file mode 100644 index 00000000000..5681ba8b9d3 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres-restapi_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: stackgres + app.kubernetes.io/instance: restapi-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: stackgres + name: stackgres-restapi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: stackgres-restapi +subjects: + - kind: ServiceAccount + name: restapi + namespace: system diff --git a/operators/stackgres/1.6.0/manifests/stackgres-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/stackgres/1.6.0/manifests/stackgres-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..ed10dbb909a --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: stackgres + app.kubernetes.io/instance: viewer-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: stackgres + name: stackgres-viewer-role +rules: + - apiGroups: + - stackgres.io + resources: + - '*' + verbs: + - get + - list + - watch + - apiGroups: + - stackgres.io + resources: + - sgconfigs/status + verbs: + - get diff --git a/operators/stackgres/1.6.0/manifests/stackgres-webconsole-admin_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/stackgres/1.6.0/manifests/stackgres-webconsole-admin_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..8a59ac506a3 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres-webconsole-admin_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,130 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: stackgres-webconsole-admin +rules: + - apiGroups: + - '' + - batch + resources: + - pods/exec + - configmaps + - secrets + - jobs + verbs: + - create + - apiGroups: + - '' + resources: + - pods/exec + verbs: + - get + - apiGroups: + - '' + - batch + resources: + - configmaps + - secrets + - jobs + verbs: + - delete + - apiGroups: + - '' + resources: + - configmaps + - secrets + verbs: + - patch + - update + - apiGroups: + - '' + - batch + - storage.k8s.io + resources: + - namespaces + - storageclasses + - pods + - services + - configmaps + - secrets + - persistentvolumes + - persistentvolumeclaims + - events + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - stackgres.io + resources: + - sgclusters + - sgpgconfigs + - sginstanceprofiles + - sgpoolconfigs + - sgbackupconfigs + - sgbackups + - sgdistributedlogs + - sgdbops + - sgobjectstorages + - sgscripts + - sgshardedclusters + verbs: + - create + - watch + - list + - get + - update + - patch + - delete + - apiGroups: + - stackgres.io + resources: + - sgconfigs + verbs: + - watch + - list + - get + - update + - patch + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - sgconfigs.stackgres.io + - sgclusters.stackgres.io + - sginstanceprofiles.stackgres.io + - sgpgconfigs.stackgres.io + - sgpoolconfigs.stackgres.io + - sgbackups.stackgres.io + - sgbackupconfigs.stackgres.io + - sgobjectstorages.stackgres.io + - sgdbops.stackgres.io + - sgdistributedlogs.stackgres.io + - sgshardedclusters.stackgres.io + - sgscripts.stackgres.io + resources: + - customresourcedefinitions + verbs: + - get + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/operators/stackgres/1.6.0/manifests/stackgres-webconsole-admin_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml b/operators/stackgres/1.6.0/manifests/stackgres-webconsole-admin_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml new file mode 100644 index 00000000000..3839db70bce --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres-webconsole-admin_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: stackgres + app.kubernetes.io/instance: webconsole-admin-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: stackgres + name: stackgres-webconsole-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: stackgres-webconsole-admin +subjects: + - kind: User + name: admin diff --git a/operators/stackgres/1.6.0/manifests/stackgres-webconsole-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/stackgres/1.6.0/manifests/stackgres-webconsole-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..0c00ce4a754 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres-webconsole-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,89 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: stackgres-webconsole-reader +rules: + - apiGroups: + - '' + - batch + resources: + - pods/exec + verbs: + - create + - apiGroups: + - '' + resources: + - pods/exec + verbs: + - get + - apiGroups: + - '' + - batch + - storage.k8s.io + resources: + - namespaces + - storageclasses + - pods + - services + - configmaps + - secrets + - persistentvolumes + - persistentvolumeclaims + - events + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - stackgres.io + resources: + - sgclusters + - sgpgconfigs + - sginstanceprofiles + - sgpoolconfigs + - sgbackupconfigs + - sgbackups + - sgdistributedlogs + - sgdbops + - sgobjectstorages + - sgscripts + - sgshardedclusters + verbs: + - watch + - list + - get + - apiGroups: + - stackgres.io + resources: + - sgconfigs + verbs: + - watch + - list + - get + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - sgconfigs.stackgres.io + - sgclusters.stackgres.io + - sginstanceprofiles.stackgres.io + - sgpgconfigs.stackgres.io + - sgpoolconfigs.stackgres.io + - sgbackups.stackgres.io + - sgbackupconfigs.stackgres.io + - sgobjectstorages.stackgres.io + - sgdbops.stackgres.io + - sgdistributedlogs.stackgres.io + - sgshardedclusters.stackgres.io + - sgscripts.stackgres.io + resources: + - customresourcedefinitions + verbs: + - get + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list diff --git a/operators/stackgres/1.6.0/manifests/stackgres-webconsole-writer_rbac.authorization.k8s.io_v1_clusterrole.yaml b/operators/stackgres/1.6.0/manifests/stackgres-webconsole-writer_rbac.authorization.k8s.io_v1_clusterrole.yaml new file mode 100644 index 00000000000..c1bc1a349bb --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres-webconsole-writer_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -0,0 +1,115 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: stackgres-webconsole-writer +rules: + - apiGroups: + - '' + - batch + resources: + - pods/exec + - configmaps + - secrets + - jobs + verbs: + - create + - apiGroups: + - '' + resources: + - pods/exec + verbs: + - get + - apiGroups: + - '' + - batch + resources: + - configmaps + - secrets + - jobs + verbs: + - delete + - apiGroups: + - '' + resources: + - configmaps + - secrets + verbs: + - patch + - update + - apiGroups: + - '' + - batch + - storage.k8s.io + resources: + - namespaces + - storageclasses + - pods + - services + - configmaps + - secrets + - persistentvolumes + - persistentvolumeclaims + - events + - jobs + verbs: + - get + - list + - watch + - apiGroups: + - stackgres.io + resources: + - sgclusters + - sgpgconfigs + - sginstanceprofiles + - sgpoolconfigs + - sgbackupconfigs + - sgbackups + - sgdistributedlogs + - sgdbops + - sgobjectstorages + - sgscripts + - sgshardedclusters + verbs: + - create + - watch + - list + - get + - update + - patch + - delete + - apiGroups: + - stackgres.io + resources: + - sgconfigs + verbs: + - watch + - list + - get + - update + - patch + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - sgconfigs.stackgres.io + - sgclusters.stackgres.io + - sginstanceprofiles.stackgres.io + - sgpgconfigs.stackgres.io + - sgpoolconfigs.stackgres.io + - sgbackups.stackgres.io + - sgbackupconfigs.stackgres.io + - sgobjectstorages.stackgres.io + - sgdbops.stackgres.io + - sgdistributedlogs.stackgres.io + - sgshardedclusters.stackgres.io + - sgscripts.stackgres.io + resources: + - customresourcedefinitions + verbs: + - get + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list diff --git a/operators/stackgres/1.6.0/manifests/stackgres.clusterserviceversion.yaml b/operators/stackgres/1.6.0/manifests/stackgres.clusterserviceversion.yaml new file mode 100644 index 00000000000..46cb5d9ba26 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.clusterserviceversion.yaml @@ -0,0 +1,10981 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: "[\n {\n \"apiVersion\": \"stackgres.io/v1\",\n \"kind\"\ + : \"SGBackup\",\n \"metadata\": {\n \"name\": \"demo-backup\",\n \ + \ \"namespace\": \"demo-db\"\n },\n \"spec\": {\n \"managedLifecycle\"\ + : false,\n \"sgCluster\": \"demo-db\"\n }\n },\n {\n \"apiVersion\"\ + : \"stackgres.io/v1\",\n \"kind\": \"SGCluster\",\n \"metadata\": {\n\ + \ \"name\": \"demo-db\",\n \"namespace\": \"demo-db\"\n },\n \ + \ \"spec\": {\n \"instances\": 3,\n \"pods\": {\n \"persistentVolume\"\ + : {\n \"size\": \"20Gi\"\n }\n },\n \"postgres\":\ + \ {\n \"version\": \"latest\"\n }\n }\n },\n {\n \"apiVersion\"\ + : \"stackgres.io/v1\",\n \"kind\": \"SGConfig\",\n \"metadata\": {\n \ + \ \"name\": \"stackgres-operator\"\n },\n \"spec\": {\n \"authentication\"\ + : {\n \"type\": \"jwt\",\n \"user\": \"admin\"\n },\n \ + \ \"containerRegistry\": \"quay.io\",\n \"extensions\": {\n \"\ + repositoryUrls\": [\n \"https://extensions.stackgres.io/postgres/repository\"\ + \n ]\n },\n \"grafana\": {\n \"autoEmbed\": false,\n\ + \ \"datasourceName\": \"Prometheus\",\n \"password\": \"prom-operator\"\ + ,\n \"schema\": \"http\",\n \"user\": \"admin\"\n },\n \ + \ \"imagePullPolicy\": \"IfNotPresent\",\n \"prometheus\": {\n \ + \ \"allowAutobind\": true\n }\n }\n },\n {\n \"apiVersion\":\ + \ \"stackgres.io/v1\",\n \"kind\": \"SGDbOps\",\n \"metadata\": {\n \ + \ \"name\": \"demo-restart-op\",\n \"namespace\": \"demo-db\"\n },\n\ + \ \"spec\": {\n \"op\": \"restart\",\n \"sgCluster\": \"demo-db\"\ + \n }\n },\n {\n \"apiVersion\": \"stackgres.io/v1\",\n \"kind\":\ + \ \"SGDistributedLogs\",\n \"metadata\": {\n \"name\": \"distributedlogs\"\ + ,\n \"namespace\": \"demo-db\"\n },\n \"spec\": {\n \"persistentVolume\"\ + : {\n \"size\": \"20Gi\"\n }\n }\n },\n {\n \"apiVersion\"\ + : \"stackgres.io/v1\",\n \"kind\": \"SGInstanceProfile\",\n \"metadata\"\ + : {\n \"name\": \"size-m\",\n \"namespace\": \"demo-db\"\n },\n\ + \ \"spec\": {\n \"cpu\": \"4\",\n \"memory\": \"8Gi\"\n }\n\ + \ },\n {\n \"apiVersion\": \"stackgres.io/v1\",\n \"kind\": \"SGPoolingConfig\"\ + ,\n \"metadata\": {\n \"name\": \"poolconfig\",\n \"namespace\"\ + : \"demo-db\"\n },\n \"spec\": {\n \"pgBouncer\": {\n \"pgbouncer.ini\"\ + : {\n \"databases\": {\n \"demo\": {\n \"dbname\"\ + : \"demo\",\n \"pool_size\": 400,\n \"reserve_pool\"\ + : 5\n },\n \"postgres\": {\n \"dbname\":\ + \ \"postgres\",\n \"pool_size\": 10,\n \"reserve_pool\"\ + : 5\n }\n },\n \"pgbouncer\": {\n \"\ + default_pool_size\": \"100\",\n \"max_client_conn\": \"2000\",\n\ + \ \"pool_mode\": \"session\"\n }\n }\n }\n \ + \ }\n },\n {\n \"apiVersion\": \"stackgres.io/v1\",\n \"kind\": \"\ + SGPostgresConfig\",\n \"metadata\": {\n \"name\": \"pgconfig\",\n \ + \ \"namespace\": \"demo-db\"\n },\n \"spec\": {\n \"postgresVersion\"\ + : \"15\",\n \"postgresql.conf\": {\n \"effective_cache_size\": \"\ + 5GB\",\n \"hot_standby_feedback\": \"on\",\n \"log_min_duration_statement\"\ + : \"1000\",\n \"maintenance_work_mem\": \"2GB\",\n \"max_connections\"\ + : \"600\",\n \"shared_buffers\": \"3GB\",\n \"work_mem\": \"16MB\"\ + \n }\n }\n },\n {\n \"apiVersion\": \"stackgres.io/v1\",\n \"\ + kind\": \"SGScript\",\n \"metadata\": {\n \"name\": \"create-db-script\"\ + ,\n \"namespace\": \"demo-db\"\n },\n \"spec\": {\n \"continueOnError\"\ + : false,\n \"managedVersions\": true,\n \"scripts\": [\n {\n\ + \ \"name\": \"create-demo-database\",\n \"script\": \"CREATE\ + \ DATABASE demo WITH OWNER postgres;\\n\"\n }\n ]\n }\n },\n\ + \ {\n \"apiVersion\": \"stackgres.io/v1alpha1\",\n \"kind\": \"SGShardedCluster\"\ + ,\n \"metadata\": {\n \"name\": \"demo-shardeddb\",\n \"namespace\"\ + : \"demo-db\"\n },\n \"spec\": {\n \"coordinator\": {\n \"\ + instances\": 2,\n \"pods\": {\n \"persistentVolume\": {\n \ + \ \"size\": \"10Gi\"\n }\n }\n },\n \"database\"\ + : \"sharded\",\n \"postgres\": {\n \"version\": \"15.3\"\n \ + \ },\n \"shards\": {\n \"clusters\": 3,\n \"instancesPerCluster\"\ + : 2,\n \"pods\": {\n \"persistentVolume\": {\n \"\ + size\": \"10Gi\"\n }\n }\n },\n \"type\": \"citus\"\ + \n }\n },\n {\n \"apiVersion\": \"stackgres.io/v1beta1\",\n \"kind\"\ + : \"SGObjectStorage\",\n \"metadata\": {\n \"name\": \"backupconfig\"\ + ,\n \"namespace\": \"demo-db\"\n },\n \"spec\": {\n \"gcs\"\ + : {\n \"bucket\": \"stackgres-backups\",\n \"gcpCredentials\"\ + : {\n \"secretKeySelectors\": {\n \"serviceAccountJSON\"\ + : {\n \"key\": \"gcloudkey\",\n \"name\": \"backups-gcp\"\ + \n }\n }\n }\n },\n \"type\": \"gcs\"\n\ + \ }\n }\n]" + capabilities: Deep Insights + categories: Database + containerImage: quay.io/stackgres/operator:1.6.0 + createdAt: '2023-11-13T12:57:51Z' + description: 'The most advanced Postgres Enterprise Platform. + + Fully Open Source. + + ' + operatorhub.io/ui-metadata-max-k8s-version: 1.28.999 + operators.operatorframework.io/builder: operator-sdk-v1.29.0 + operators.operatorframework.io/project_layout: quarkus.javaoperatorsdk.io/v1-alpha + repository: https://gitlab.com/ongresinc/stackgres + name: stackgres.v1.6.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Handle to a performed (or to be performed, if run manually) backup + displayName: StackGres Backup + kind: SGBackup + name: sgbackups.stackgres.io + specDescriptors: + - description: "The name of the `SGCluster` from which this backup is/will\ + \ be taken.\n\nIf this is a copy of an existing completed backup in\ + \ a different namespace\n the value must be prefixed with the namespace\ + \ of the source backup and a\n dot `.` (e.g. `.`) or have the same value\n if the source backup is also a copy.\n" + displayName: Target SGCluster + path: sgCluster + - description: "Indicate if this backup is permanent and should not be removed\ + \ by the automated\n retention policy. Default is `false`.\n" + displayName: Managed Lifecycle + path: managedLifecycle + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: 'The name of the backup. + + ' + displayName: Internal Name + path: internalName + - description: 'The path were the backup is stored. + + ' + displayName: Backup Path + path: backupPath + - description: 'Status of the backup. + + ' + displayName: Process Status + path: process.status + x-descriptors: + - urn:alm:descriptor:io.kubernetes.phase + - description: 'If the status is `failed` this field will contain a message + indicating the failure reason. + + ' + displayName: Process Failure + path: process.failure + - description: 'Name of the pod assigned to the backup. StackGres utilizes + internally a locking mechanism based on the pod name of the job that + creates the backup. + + ' + displayName: Process Job Pod + path: process.jobPod + - description: 'Status (may be transient) until converging to `spec.managedLifecycle`. + + ' + displayName: Process Managed Lifecycle + path: process.managedLifecycle + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Start time of backup. + + ' + displayName: Process Timing Start + path: process.timing.start + - description: 'End time of backup. + + ' + displayName: Process Timing End + path: process.timing.end + - description: 'Time at which the backup is safely stored in the object + storage. + + ' + displayName: Process Timing Stored + path: process.timing.stored + - description: 'Hostname of the instance where the backup is taken from. + + ' + displayName: Backup Information Hostname + path: backupInformation.hostname + - description: 'Pod where the backup is taken from. + + ' + displayName: Backup Information Source Pod + path: backupInformation.sourcePod + - description: 'Postgres *system identifier* of the cluster this backup + is taken from. + + ' + displayName: Backup Information System Identifier + path: backupInformation.systemIdentifier + - description: 'Postgres version of the server where the backup is taken + from. + + ' + displayName: Backup Information Postgres Version + path: backupInformation.postgresVersion + - description: 'Data directory where the backup is taken from. + + ' + displayName: Backup Information Pg Data + path: backupInformation.pgData + - description: 'Size (in bytes) of the uncompressed backup. + + ' + displayName: Backup Information Size Uncompressed + path: backupInformation.size.uncompressed + - description: 'Size (in bytes) of the compressed backup. + + ' + displayName: Backup Information Size Compressed + path: backupInformation.size.compressed + - description: 'LSN of when the backup started. + + ' + displayName: Backup Information Lsn Start + path: backupInformation.lsn.start + - description: 'LSN of when the backup finished. + + ' + displayName: Backup Information Lsn End + path: backupInformation.lsn.end + - description: 'WAL segment file name when the backup was started. + + ' + displayName: Backup Information Start Wal File + path: backupInformation.startWalFile + - description: 'Backup timeline. + + ' + displayName: Backup Information Timeline + path: backupInformation.timeline + - displayName: Backup Information Control Data Pg_control Version Number + path: backupInformation.controlData.pg_control version number + - displayName: Backup Information Control Data Catalog Version Number + path: backupInformation.controlData.Catalog version number + - displayName: Backup Information Control Data Database System Identifier + path: backupInformation.controlData.Database system identifier + - displayName: Backup Information Control Data Database Cluster State + path: backupInformation.controlData.Database cluster state + - displayName: Backup Information Control Data Pg_control Last Modified + path: backupInformation.controlData.pg_control last modified + - displayName: Backup Information Control Data Latest Checkpoint Location + path: backupInformation.controlData.Latest checkpoint location + - displayName: Backup Information Control Data Latest Checkpoint's REDO + Location + path: backupInformation.controlData.Latest checkpoint's REDO location + - displayName: Backup Information Control Data Latest Checkpoint's REDOWAL + File + path: backupInformation.controlData.Latest checkpoint's REDO WAL file + - displayName: Backup Information Control Data Latest Checkpoint's Time + Line ID + path: backupInformation.controlData.Latest checkpoint's TimeLineID + - displayName: Backup Information Control Data Latest Checkpoint's Prev + Time Line ID + path: backupInformation.controlData.Latest checkpoint's PrevTimeLineID + - displayName: Backup Information Control Data Latest Checkpoint's Full_page_writes + path: backupInformation.controlData.Latest checkpoint's full_page_writes + - displayName: Backup Information Control Data Latest Checkpoint's Next + XID + path: backupInformation.controlData.Latest checkpoint's NextXID + - displayName: Backup Information Control Data Latest Checkpoint's Next + OID + path: backupInformation.controlData.Latest checkpoint's NextOID + - displayName: Backup Information Control Data Latest Checkpoint's Next + Multi Xact Id + path: backupInformation.controlData.Latest checkpoint's NextMultiXactId + - displayName: Backup Information Control Data Latest Checkpoint's Next + Multi Offset + path: backupInformation.controlData.Latest checkpoint's NextMultiOffset + - displayName: Backup Information Control Data Latest Checkpoint's Oldest + XID + path: backupInformation.controlData.Latest checkpoint's oldestXID + - displayName: Backup Information Control Data Latest Checkpoint's Oldest + XI D's DB + path: backupInformation.controlData.Latest checkpoint's oldestXID's DB + - displayName: Backup Information Control Data Latest Checkpoint's Oldest + Active XID + path: backupInformation.controlData.Latest checkpoint's oldestActiveXID + - displayName: Backup Information Control Data Latest Checkpoint's Oldest + Multi Xid + path: backupInformation.controlData.Latest checkpoint's oldestMultiXid + - displayName: Backup Information Control Data Latest Checkpoint's Oldest + Multi's DB + path: backupInformation.controlData.Latest checkpoint's oldestMulti's + DB + - displayName: Backup Information Control Data Latest Checkpoint's Oldest + Commit Ts Xid + path: backupInformation.controlData.Latest checkpoint's oldestCommitTsXid + - displayName: Backup Information Control Data Latest Checkpoint's Newest + Commit Ts Xid + path: backupInformation.controlData.Latest checkpoint's newestCommitTsXid + - displayName: Backup Information Control Data Time Of Latest Checkpoint + path: backupInformation.controlData.Time of latest checkpoint + - displayName: Backup Information Control Data Fake LSN Counter For Unlogged + Rels + path: backupInformation.controlData.Fake LSN counter for unlogged rels + - displayName: Backup Information Control Data Minimum Recovery Ending Location + path: backupInformation.controlData.Minimum recovery ending location + - displayName: Backup Information Control Data Min Recovery Ending Loc's + Timeline + path: backupInformation.controlData.Min recovery ending loc's timeline + - displayName: Backup Information Control Data Backup Start Location + path: backupInformation.controlData.Backup start location + - displayName: Backup Information Control Data Backup End Location + path: backupInformation.controlData.Backup end location + - displayName: Backup Information Control Data End-of-backup Record Required + path: backupInformation.controlData.End-of-backup record required + - displayName: Backup Information Control Data Wal_level Setting + path: backupInformation.controlData.wal_level setting + - displayName: Backup Information Control Data Wal_log_hints Setting + path: backupInformation.controlData.wal_log_hints setting + - displayName: Backup Information Control Data Max_connections Setting + path: backupInformation.controlData.max_connections setting + - displayName: Backup Information Control Data Max_worker_processes Setting + path: backupInformation.controlData.max_worker_processes setting + - displayName: Backup Information Control Data Max_wal_senders Setting + path: backupInformation.controlData.max_wal_senders setting + - displayName: Backup Information Control Data Max_prepared_xacts Setting + path: backupInformation.controlData.max_prepared_xacts setting + - displayName: Backup Information Control Data Max_locks_per_xact Setting + path: backupInformation.controlData.max_locks_per_xact setting + - displayName: Backup Information Control Data Track_commit_timestamp Setting + path: backupInformation.controlData.track_commit_timestamp setting + - displayName: Backup Information Control Data Maximum Data Alignment + path: backupInformation.controlData.Maximum data alignment + - displayName: Backup Information Control Data Database Block Size + path: backupInformation.controlData.Database block size + - displayName: Backup Information Control Data Blocks Per Segment Of Large + Relation + path: backupInformation.controlData.Blocks per segment of large relation + - displayName: Backup Information Control Data WAL Block Size + path: backupInformation.controlData.WAL block size + - displayName: Backup Information Control Data Bytes Per WAL Segment + path: backupInformation.controlData.Bytes per WAL segment + - displayName: Backup Information Control Data Maximum Length Of Identifiers + path: backupInformation.controlData.Maximum length of identifiers + - displayName: Backup Information Control Data Maximum Columns In An Index + path: backupInformation.controlData.Maximum columns in an index + - displayName: Backup Information Control Data Maximum Size Of ATOAST Chunk + path: backupInformation.controlData.Maximum size of a TOAST chunk + - displayName: Backup Information Control Data Size Of A Large-object Chunk + path: backupInformation.controlData.Size of a large-object chunk + - displayName: Backup Information Control Data Date/time Type Storage + path: backupInformation.controlData.Date/time type storage + - displayName: Backup Information Control Data Float4 Argument Passing + path: backupInformation.controlData.Float4 argument passing + - displayName: Backup Information Control Data Float8 Argument Passing + path: backupInformation.controlData.Float8 argument passing + - displayName: Backup Information Control Data Data Page Checksum Version + path: backupInformation.controlData.Data page checksum version + - displayName: Backup Information Control Data Mock Authentication Nonce + path: backupInformation.controlData.Mock authentication nonce + - description: 'Continuous Archiving backups are composed of periodic *base + backups* and all the WAL segments produced in between those base backups. + This parameter specifies at what time and with what frequency to start + performing a new base backup. + + + Use cron syntax (`m h dom mon dow`) for this parameter, i.e., 5 values + separated by spaces: + + * `m`: minute, 0 to 59 + + * `h`: hour, 0 to 23 + + * `dom`: day of month, 1 to 31 (recommended not to set it higher than + 28) + + * `mon`: month, 1 to 12 + + * `dow`: day of week, 0 to 7 (0 and 7 both represent Sunday) + + + Also ranges of values (`start-end`), the symbol `*` (meaning `first-last`) + or even `*/N`, where `N` is a number, meaning every `N`, may be used. + All times are UTC. It is recommended to avoid 00:00 as base backup time, + to avoid overlapping with any other external operations happening at + this time. + + + If not provided, full backups will be performed each day at 05:00 UTC + + ' + displayName: SGBackup Config Base Backups Cron Schedule + path: sgBackupConfig.baseBackups.cronSchedule + - description: 'Based on this parameter, an automatic retention policy is + defined to delete old base backups. + + This parameter specifies the number of base backups to keep, in a sliding + window. + + Consequently, the time range covered by backups is `periodicity*retention`, + where `periodicity` is the separation between backups as specified by + the `cronSchedule` property. + + + Default is 5. + + ' + displayName: SGBackup Config Base Backups Retention + path: sgBackupConfig.baseBackups.retention + - description: 'Select the backup compression algorithm. Possible options + are: lz4, lzma, brotli. The default method is `lz4`. LZ4 is the fastest + method, but compression ratio is the worst. LZMA is way slower, but + it compresses backups about 6 times better than LZ4. Brotli is a good + trade-off between speed and compression ratio, being about 3 times better + than LZ4. + + ' + displayName: SGBackup Config Base Backups Compression + path: sgBackupConfig.baseBackups.compression + - description: '**Deprecated**: use instead maxNetworkBandwidth. + + + Maximum storage upload bandwidth to be used when storing the backup. + In bytes (per second). + + ' + displayName: SGBackup Config Base Backups Performance Max Network Bandwitdh + path: sgBackupConfig.baseBackups.performance.maxNetworkBandwitdh + - description: '**Deprecated**: use instead maxDiskBandwidth. + + + Maximum disk read I/O when performing a backup. In bytes (per second). + + ' + displayName: SGBackup Config Base Backups Performance Max Disk Bandwitdh + path: sgBackupConfig.baseBackups.performance.maxDiskBandwitdh + - description: 'Maximum storage upload bandwidth to be used when storing + the backup. In bytes (per second). + + ' + displayName: SGBackup Config Base Backups Performance Max Network Bandwidth + path: sgBackupConfig.baseBackups.performance.maxNetworkBandwidth + - description: 'Maximum disk read I/O when performing a backup. In bytes + (per second). + + ' + displayName: SGBackup Config Base Backups Performance Max Disk Bandwidth + path: sgBackupConfig.baseBackups.performance.maxDiskBandwidth + - description: 'Backup storage may use several concurrent streams to store + the data. This parameter configures the number of parallel streams to + use to reading from disk. By default, it''s set to 1 (use one stream). + + ' + displayName: SGBackup Config Base Backups Performance Upload Disk Concurrency + path: sgBackupConfig.baseBackups.performance.uploadDiskConcurrency + - description: 'Backup storage may use several concurrent streams to store + the data. This parameter configures the number of parallel streams to + use. By default, it''s set to 1 (use one stream). + + ' + displayName: SGBackup Config Base Backups Performance Upload Concurrency + path: sgBackupConfig.baseBackups.performance.uploadConcurrency + - description: 'Select the backup compression algorithm. Possible options + are: lz4, lzma, brotli. The default method is `lz4`. LZ4 is the fastest + method, but compression ratio is the worst. LZMA is way slower, but + it compresses backups about 6 times better than LZ4. Brotli is a good + trade-off between speed and compression ratio, being about 3 times better + than LZ4. + + ' + displayName: SGBackup Config Compression + path: sgBackupConfig.compression + - description: 'Specifies the type of object storage used for storing the + base backups and WAL segments. + + Possible values: + + * `s3`: Amazon Web Services S3 (Simple Storage Service). + + * `s3Compatible`: non-AWS services that implement a compatibility API + with AWS S3. + + * `gcs`: Google Cloud Storage. + + * `azureBlob`: Microsoft Azure Blob Storage. + + ' + displayName: SGBackup Config Storage Type + path: sgBackupConfig.storage.type + - description: 'AWS S3 bucket name. + + ' + displayName: SGBackup Config Storage S3 Bucket + path: sgBackupConfig.storage.s3.bucket + - description: 'Optional path within the S3 bucket. Note that StackGres + generates in any case a folder per + + StackGres cluster, using the `SGCluster.metadata.name`. + + ' + displayName: SGBackup Config Storage S3 Path + path: sgBackupConfig.storage.s3.path + - description: 'AWS S3 region. The Region may be detected using s3:GetBucketLocation, + but to avoid giving permissions to this API call or forbid it from the + applicable IAM policy, this property must be explicitely specified. + + ' + displayName: SGBackup Config Storage S3 Region + path: sgBackupConfig.storage.s3.region + - description: '[Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) + used for the backup object storage. By default, the `STANDARD` storage + class is used. Other supported values include `STANDARD_IA` for Infrequent + Access and `REDUCED_REDUNDANCY`. + + ' + displayName: SGBackup Config Storage S3 Storage Class + path: sgBackupConfig.storage.s3.storageClass + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: SGBackup Config Storage S3 Aws Credentials Secret Key Selectors + Access Key Id Key + path: sgBackupConfig.storage.s3.awsCredentials.secretKeySelectors.accessKeyId.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: SGBackup Config Storage S3 Aws Credentials Secret Key Selectors + Access Key Id Name + path: sgBackupConfig.storage.s3.awsCredentials.secretKeySelectors.accessKeyId.name + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: SGBackup Config Storage S3 Aws Credentials Secret Key Selectors + Secret Access Key Key + path: sgBackupConfig.storage.s3.awsCredentials.secretKeySelectors.secretAccessKey.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: SGBackup Config Storage S3 Aws Credentials Secret Key Selectors + Secret Access Key Name + path: sgBackupConfig.storage.s3.awsCredentials.secretKeySelectors.secretAccessKey.name + - description: 'Bucket name. + + ' + displayName: SGBackup Config Storage S3 Compatible Bucket + path: sgBackupConfig.storage.s3Compatible.bucket + - description: 'Optional path within the S3 bucket. Note that StackGres + generates in any case a folder per StackGres cluster, using the `SGCluster.metadata.name`. + + ' + displayName: SGBackup Config Storage S3 Compatible Path + path: sgBackupConfig.storage.s3Compatible.path + - description: 'Enable path-style addressing (i.e. `http://s3.amazonaws.com/BUCKET/KEY`) + when connecting to an S3-compatible service that lacks support for sub-domain + style bucket URLs (i.e. `http://BUCKET.s3.amazonaws.com/KEY`). Defaults + to false. + + ' + displayName: SGBackup Config Storage S3 Compatible Enable Path Style Addressing + path: sgBackupConfig.storage.s3Compatible.enablePathStyleAddressing + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Overrides the default url to connect to an S3-compatible + service. + + For example: `http://s3-like-service:9000`. + + ' + displayName: SGBackup Config Storage S3 Compatible Endpoint + path: sgBackupConfig.storage.s3Compatible.endpoint + - description: 'AWS S3 region. The Region may be detected using s3:GetBucketLocation, + but to avoid giving permissions to this API call or forbid it from the + applicable IAM policy, this property must be explicitely specified. + + ' + displayName: SGBackup Config Storage S3 Compatible Region + path: sgBackupConfig.storage.s3Compatible.region + - description: '[Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) + used for the backup object storage. By default, the `STANDARD` storage + class is used. Other supported values include `STANDARD_IA` for Infrequent + Access and `REDUCED_REDUNDANCY`. + + ' + displayName: SGBackup Config Storage S3 Compatible Storage Class + path: sgBackupConfig.storage.s3Compatible.storageClass + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: SGBackup Config Storage S3 Compatible Aws Credentials Secret + Key Selectors Access Key Id Key + path: sgBackupConfig.storage.s3Compatible.awsCredentials.secretKeySelectors.accessKeyId.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: SGBackup Config Storage S3 Compatible Aws Credentials Secret + Key Selectors Access Key Id Name + path: sgBackupConfig.storage.s3Compatible.awsCredentials.secretKeySelectors.accessKeyId.name + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: SGBackup Config Storage S3 Compatible Aws Credentials Secret + Key Selectors Secret Access Key Key + path: sgBackupConfig.storage.s3Compatible.awsCredentials.secretKeySelectors.secretAccessKey.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: SGBackup Config Storage S3 Compatible Aws Credentials Secret + Key Selectors Secret Access Key Name + path: sgBackupConfig.storage.s3Compatible.awsCredentials.secretKeySelectors.secretAccessKey.name + - description: 'GCS bucket name. + + ' + displayName: SGBackup Config Storage Gcs Bucket + path: sgBackupConfig.storage.gcs.bucket + - description: 'Optional path within the GCS bucket. Note that StackGres + generates in any case a folder per StackGres cluster, using the `SGCluster.metadata.name`. + + ' + displayName: SGBackup Config Storage Gcs Path + path: sgBackupConfig.storage.gcs.path + - description: 'If true, the credentials will be fetched from the GCE/GKE + metadata service and the credentials from `secretKeySelectors` field + will not be used. + + + This is useful when running StackGres inside a GKE cluster using [Workload + Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity). + + ' + displayName: SGBackup Config Storage Gcs Gcp Credentials Fetch Credentials + From Metadata Service + path: sgBackupConfig.storage.gcs.gcpCredentials.fetchCredentialsFromMetadataService + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: SGBackup Config Storage Gcs Gcp Credentials Secret Key Selectors + Service Account JSON Key + path: sgBackupConfig.storage.gcs.gcpCredentials.secretKeySelectors.serviceAccountJSON.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: SGBackup Config Storage Gcs Gcp Credentials Secret Key Selectors + Service Account JSON Name + path: sgBackupConfig.storage.gcs.gcpCredentials.secretKeySelectors.serviceAccountJSON.name + - description: 'Azure Blob Storage bucket name. + + ' + displayName: SGBackup Config Storage Azure Blob Bucket + path: sgBackupConfig.storage.azureBlob.bucket + - description: 'Optional path within the Azure Blobk bucket. Note that StackGres + generates in any case a folder per StackGres cluster, using the `SGCluster.metadata.name`. + + ' + displayName: SGBackup Config Storage Azure Blob Path + path: sgBackupConfig.storage.azureBlob.path + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: SGBackup Config Storage Azure Blob Azure Credentials Secret + Key Selectors Storage Account Key + path: sgBackupConfig.storage.azureBlob.azureCredentials.secretKeySelectors.storageAccount.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: SGBackup Config Storage Azure Blob Azure Credentials Secret + Key Selectors Storage Account Name + path: sgBackupConfig.storage.azureBlob.azureCredentials.secretKeySelectors.storageAccount.name + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: SGBackup Config Storage Azure Blob Azure Credentials Secret + Key Selectors Access Key Key + path: sgBackupConfig.storage.azureBlob.azureCredentials.secretKeySelectors.accessKey.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: SGBackup Config Storage Azure Blob Azure Credentials Secret + Key Selectors Access Key Name + path: sgBackupConfig.storage.azureBlob.azureCredentials.secretKeySelectors.accessKey.name + version: v1 + - description: Main CRD, manages Postgres clusters (one or more Postgres pods) + displayName: StackGres Cluster + kind: SGCluster + name: sgclusters.stackgres.io + specDescriptors: + - description: "The profile allow to change in a convenient place a set\ + \ of configuration defaults that affect how the cluster is generated.\n\ + \nAll those defaults can be overwritten by setting the correspoinding\ + \ fields.\n\nAvailable profiles are:\n\n* `production`:\n\n Prevents\ + \ two Pods from running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `false` by default).\n Sets both limits and requests using `SGInstanceProfile`\ + \ for `patroni` container that runs both Patroni and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced `SGInstanceProfile`\ + \ for sidecar containers other than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `testing`:\n\n Allows two Pods to running\ + \ in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Sets both limits and requests using `SGInstanceProfile`\ + \ for `patroni` container that runs both Patroni and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced `SGInstanceProfile`\ + \ for sidecar containers other than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `development`:\n\n Allows two Pods from\ + \ running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Unset both limits and requests for `patroni`\ + \ container that runs both Patroni and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `true` by default).\n Unsets requests for sidecar containers other\ + \ than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `true` by default).\n\n**Changing this field may require a restart.**\n" + displayName: Profile + path: profile + - description: 'Postgres version used on the cluster. It is either of: + + * The string ''latest'', which automatically sets the latest major.minor + Postgres version. + + * A major version, like ''14'' or ''13'', which sets that major version + and the latest minor version. + + * A specific major.minor version, like ''14.4''. + + ' + displayName: Postgres Version + path: postgres.version + - description: "Postgres flavor used on the cluster. It is either of:\n\n\ + \ * `vanilla` will use the [Official Postgres](https://www.postgresql.org/)\n\ + \ * `babelfish` will use the [Babelfish for Postgres](https://babelfish-for-postgresql.github.io/babelfish-for-postgresql/).\n\ + \nIf not specified then the vanilla Postgres will be used for the cluster.\n\ + \n**This field can only be set on creation.**\n" + displayName: Postgres Flavor + path: postgres.flavor + - description: The name of the extension to deploy. + displayName: Postgres Extensions Name + path: postgres.extensions.name + - description: The id of the publisher of the extension to deploy. If not + specified `com.ongres` will be used by default. + displayName: Postgres Extensions Publisher + path: postgres.extensions.publisher + - description: The version of the extension to deploy. If not specified + version of `stable` channel will be used by default and if only a version + is available that one will be used. + displayName: Postgres Extensions Version + path: postgres.extensions.version + - description: 'The repository base URL from where to obtain the extension + to deploy. + + + **This section is filled by the operator.** + + ' + displayName: Postgres Extensions Repository + path: postgres.extensions.repository + - description: 'Allow to enable SSL for connections to Postgres. By default + is `false`. + + + If `true` certificate and private key will be auto-generated unless + fields `certificateSecretKeySelector` and `privateKeySecretKeySelector` + are specified. + + ' + displayName: Postgres Ssl Enabled + path: postgres.ssl.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Secret key selector for the certificate or certificate chain + used for SSL connections. + + ' + displayName: Postgres Ssl Certificate Secret Key Selector + path: postgres.ssl.certificateSecretKeySelector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: 'The name of Secret that contains the certificate or certificate + chain for SSL connections + + ' + displayName: Postgres Ssl Certificate Secret Key Selector Name + path: postgres.ssl.certificateSecretKeySelector.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: 'The key of Secret that contains the certificate or certificate + chain for SSL connections + + ' + displayName: Postgres Ssl Certificate Secret Key Selector Key + path: postgres.ssl.certificateSecretKeySelector.key + - description: 'Secret key selector for the private key used for SSL connections. + + ' + displayName: Postgres Ssl Private Key Secret Key Selector + path: postgres.ssl.privateKeySecretKeySelector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: 'The name of Secret that contains the private key for SSL + connections + + ' + displayName: Postgres Ssl Private Key Secret Key Selector Name + path: postgres.ssl.privateKeySecretKeySelector.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: 'The key of Secret that contains the private key for SSL + connections + + ' + displayName: Postgres Ssl Private Key Secret Key Selector Key + path: postgres.ssl.privateKeySecretKeySelector.key + - description: "Number of StackGres instances for the cluster. Each instance\ + \ contains one Postgres server.\n Out of all of the Postgres servers,\ + \ one is elected as the primary, the rest remain as read-only replicas.\n" + displayName: Instances + path: instances + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podCount + - description: "The replication mode applied to the whole cluster.\nPossible\ + \ values are:\n* `async` (default)\n* `sync`\n* `strict-sync`\n* `sync-all`\n\ + * `strict-sync-all`\n\n**async**\n\nWhen in asynchronous mode the cluster\ + \ is allowed to lose some committed transactions.\n When the primary\ + \ server fails or becomes unavailable for any other reason a sufficiently\ + \ healthy standby\n will automatically be promoted to primary. Any\ + \ transactions that have not been replicated to that standby\n remain\ + \ in a \"forked timeline\" on the primary, and are effectively unrecoverable\ + \ (the data is still there,\n but recovering it requires a manual recovery\ + \ effort by data recovery specialists).\n\n**sync**\n\nWhen in synchronous\ + \ mode a standby will not be promoted unless it is certain that the\ + \ standby contains all\n transactions that may have returned a successful\ + \ commit status to client (clients can change the behavior\n per transaction\ + \ using PostgreSQL’s `synchronous_commit` setting. Transactions with\ + \ `synchronous_commit`\n values of `off` and `local` may be lost on\ + \ fail over, but will not be blocked by replication delays). This\n\ + \ means that the system may be unavailable for writes even though some\ + \ servers are available. System\n administrators can still use manual\ + \ failover commands to promote a standby even if it results in transaction\n\ + \ loss.\n\nSynchronous mode does not guarantee multi node durability\ + \ of commits under all circumstances. When no suitable\n standby is\ + \ available, primary server will still accept writes, but does not guarantee\ + \ their replication. When\n the primary fails in this mode no standby\ + \ will be promoted. When the host that used to be the primary comes\n\ + \ back it will get promoted automatically, unless system administrator\ + \ performed a manual failover. This behavior\n makes synchronous mode\ + \ usable with 2 node clusters.\n\nWhen synchronous mode is used and\ + \ a standby crashes, commits will block until the primary is switched\ + \ to standalone\n mode. Manually shutting down or restarting a standby\ + \ will not cause a commit service interruption. Standby will\n signal\ + \ the primary to release itself from synchronous standby duties before\ + \ PostgreSQL shutdown is initiated.\n\n**strict-sync**\n\nWhen it is\ + \ absolutely necessary to guarantee that each write is stored durably\ + \ on at least two nodes, use the strict\n synchronous mode. This mode\ + \ prevents synchronous replication to be switched off on the primary\ + \ when no synchronous\n standby candidates are available. As a downside,\ + \ the primary will not be available for writes (unless the Postgres\n\ + \ transaction explicitly turns off `synchronous_mode` parameter), blocking\ + \ all client write requests until at least one\n synchronous replica\ + \ comes up.\n\n**Note**: Because of the way synchronous replication\ + \ is implemented in PostgreSQL it is still possible to lose\n transactions\ + \ even when using strict synchronous mode. If the PostgreSQL backend\ + \ is cancelled while waiting to acknowledge\n replication (as a result\ + \ of packet cancellation due to client timeout or backend failure) transaction\ + \ changes become\n visible for other backends. Such changes are not\ + \ yet replicated and may be lost in case of standby promotion.\n\n**sync-all**\n\ + \nThe same as `sync` but `syncInstances` is ignored and the number of\ + \ synchronous instances is equals to the total number\n of instances\ + \ less one.\n\n**strict-sync-all**\n\nThe same as `strict-sync` but\ + \ `syncInstances` is ignored and the number of synchronous instances\ + \ is equals to the total number\n of instances less one.\n" + displayName: Replication Mode + path: replication.mode + - description: 'This role is applied to the instances of the implicit replication + group that is composed by `.spec.instances` number of instances. + + Possible values are: + + * `ha-read` (default) + + * `ha` + + The primary instance will be elected among all the replication groups + that are either `ha` or `ha-read`. + + Only if the role is set to `ha-read` instances of main replication group + will be exposed via the replicas service. + + ' + displayName: Replication Role + path: replication.role + - description: "Number of synchronous standby instances. Must be less than\ + \ the total number of instances. It is set to 1 by default.\n Only\ + \ setteable if mode is `sync` or `strict-sync`.\n" + displayName: Replication Sync Instances + path: replication.syncInstances + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podCount + - description: The name of the replication group. If not set will default + to the `group-`. + displayName: Replication Groups Name + path: replication.groups.name + - description: 'This role is applied to the instances of this replication + group. + + Possible values are: + + * `ha-read` + + * `ha` + + * `readonly` + + * `none` + + The primary instance will be elected among all the replication groups + that are either `ha` or `ha-read`. + + Only if the role is set to `readonly` or `ha-read` instances of such + replication group will be exposed via the replicas service. + + ' + displayName: Replication Groups Role + path: replication.groups.role + - description: "Number of StackGres instances for this replication group.\n\ + \nThe total number of instance of a cluster is always `.spec.instances`.\ + \ The sum of the instances in the replication group must be\n less\ + \ than the total number of instances.\n" + displayName: Replication Groups Instances + path: replication.groups.instances + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podCount + - description: 'Name of the [SGInstanceProfile](https://stackgres.io/doc/latest/reference/crd/sginstanceprofile/). + + + A SGInstanceProfile defines CPU and memory limits. Must exist before + creating a cluster. + + + When no profile is set, a default (1 core, 2 GiB RAM) one is used. + + + **Changing this field may require a restart.** + + ' + displayName: SGInstanceProfile + path: sgInstanceProfile + - displayName: Metadata Annotations All Resources + path: metadata.annotations.allResources + - displayName: Metadata Annotations Cluster Pods + path: metadata.annotations.clusterPods + - displayName: Metadata Annotations Services + path: metadata.annotations.services + - displayName: Metadata Annotations Primary Service + path: metadata.annotations.primaryService + - displayName: Metadata Annotations Replicas Service + path: metadata.annotations.replicasService + - displayName: Metadata Labels Cluster Pods + path: metadata.labels.clusterPods + - displayName: Metadata Labels Services + path: metadata.labels.services + - description: Specify if the service should be created or not. + displayName: Postgres Services Primary Enabled + path: postgresServices.primary.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'type determines how the Service is exposed. Defaults to + ClusterIP. Valid + + options are ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + + a cluster-internal IP address for load-balancing to endpoints. + + "NodePort" builds on ClusterIP and allocates a port on every node. + + "LoadBalancer" builds on NodePort and creates + + an external load-balancer (if supported in the current cloud). + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + + ' + displayName: Postgres Services Primary Type + path: postgresServices.primary.type + - description: allocateLoadBalancerNodePorts defines if NodePorts will be + automatically allocated for services with type LoadBalancer. Default + is "true". It may be set to "false" if the cluster load-balancer does + not rely on NodePorts. If the caller requests specific NodePorts (by + specifying a value), those requests will be respected, regardless of + this field. This field may only be set for services with type LoadBalancer + and will be cleared if the type is changed to any other type. + displayName: Postgres Services Primary Allocate Load Balancer Node Ports + path: postgresServices.primary.allocateLoadBalancerNodePorts + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Postgres Services Primary External I Ps + path: postgresServices.primary.externalIPs + - description: 'externalTrafficPolicy describes how nodes distribute service + traffic they receive on one of the Service''s "externally-facing" addresses + (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the + proxy will configure the service in a way that assumes that external + load balancers will take care of balancing the service traffic between + nodes, and so each node will deliver traffic only to the node-local + endpoints of the service, without masquerading the client source IP. + (Traffic mistakenly sent to a node with no endpoints will be dropped.) + The default value, "Cluster", uses the standard behavior of routing + to all endpoints evenly (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer IP from within + the cluster will always get "Cluster" semantics, but clients sending + to a NodePort from within the cluster may need to take traffic policy + into account when picking a node. + + + ' + displayName: Postgres Services Primary External Traffic Policy + path: postgresServices.primary.externalTrafficPolicy + - description: healthCheckNodePort specifies the healthcheck nodePort for + the service. This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, a value will + be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). This + field cannot be updated once set. + displayName: Postgres Services Primary Health Check Node Port + path: postgresServices.primary.healthCheckNodePort + - description: InternalTrafficPolicy describes how nodes distribute service + traffic they receive on the ClusterIP. If set to "Local", the proxy + will assume that pods only want to talk to endpoints of the service + on the same node as the pod, dropping the traffic if there are no local + endpoints. The default value, "Cluster", uses the standard behavior + of routing to all endpoints evenly (possibly modified by topology and + other features). + displayName: Postgres Services Primary Internal Traffic Policy + path: postgresServices.primary.internalTrafficPolicy + - displayName: Postgres Services Primary Ip Families + path: postgresServices.primary.ipFamilies + - description: IPFamilyPolicy represents the dual-stack-ness requested or + required by this Service. If there is no value provided, then this field + will be set to SingleStack. Services can be "SingleStack" (a single + IP family), "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). + The ipFamilies and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to type ExternalName. + displayName: Postgres Services Primary Ip Family Policy + path: postgresServices.primary.ipFamilyPolicy + - description: loadBalancerClass is the class of the load balancer implementation + this Service belongs to. If specified, the value of this field must + be a label-style identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. + If not set, the default load balancer implementation is used, today + this is typically done through the cloud provider integration, but should + apply for any default implementation. If set, it is assumed that a load + balancer implementation is watching for Services with a matching class. + Any default load balancer implementation (e.g. cloud providers) should + ignore Services that set this field. This field can only be set when + creating or updating a Service to type 'LoadBalancer'. Once set, it + can not be changed. This field will be wiped when a service is updated + to a non 'LoadBalancer' type. + displayName: Postgres Services Primary Load Balancer Class + path: postgresServices.primary.loadBalancerClass + - description: 'Only applies to Service Type: LoadBalancer. This feature + depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. This field will + be ignored if the cloud-provider does not support the feature. Deprecated: + This field was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, users are + encouraged to use implementation-specific annotations when available. + This field may be removed in a future API version.' + displayName: Postgres Services Primary Load Balancer IP + path: postgresServices.primary.loadBalancerIP + - displayName: Postgres Services Primary Load Balancer Source Ranges + path: postgresServices.primary.loadBalancerSourceRanges + - description: 'Supports "ClientIP" and "None". Used to maintain session + affinity. Enable client IP based session affinity. Must be ClientIP + or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + + + ' + displayName: Postgres Services Primary Session Affinity + path: postgresServices.primary.sessionAffinity + - description: timeoutSeconds specifies the seconds of ClientIP type session + sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + displayName: Postgres Services Primary Session Affinity Config Client + IP Timeout Seconds + path: postgresServices.primary.sessionAffinityConfig.clientIP.timeoutSeconds + - description: Specify if the service should be created or not. + displayName: Postgres Services Replicas Enabled + path: postgresServices.replicas.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'type determines how the Service is exposed. Defaults to + ClusterIP. Valid + + options are ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + + a cluster-internal IP address for load-balancing to endpoints. + + "NodePort" builds on ClusterIP and allocates a port on every node. + + "LoadBalancer" builds on NodePort and creates + + an external load-balancer (if supported in the current cloud). + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + + ' + displayName: Postgres Services Replicas Type + path: postgresServices.replicas.type + - description: allocateLoadBalancerNodePorts defines if NodePorts will be + automatically allocated for services with type LoadBalancer. Default + is "true". It may be set to "false" if the cluster load-balancer does + not rely on NodePorts. If the caller requests specific NodePorts (by + specifying a value), those requests will be respected, regardless of + this field. This field may only be set for services with type LoadBalancer + and will be cleared if the type is changed to any other type. + displayName: Postgres Services Replicas Allocate Load Balancer Node Ports + path: postgresServices.replicas.allocateLoadBalancerNodePorts + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Postgres Services Replicas External I Ps + path: postgresServices.replicas.externalIPs + - description: 'externalTrafficPolicy describes how nodes distribute service + traffic they receive on one of the Service''s "externally-facing" addresses + (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the + proxy will configure the service in a way that assumes that external + load balancers will take care of balancing the service traffic between + nodes, and so each node will deliver traffic only to the node-local + endpoints of the service, without masquerading the client source IP. + (Traffic mistakenly sent to a node with no endpoints will be dropped.) + The default value, "Cluster", uses the standard behavior of routing + to all endpoints evenly (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer IP from within + the cluster will always get "Cluster" semantics, but clients sending + to a NodePort from within the cluster may need to take traffic policy + into account when picking a node. + + + ' + displayName: Postgres Services Replicas External Traffic Policy + path: postgresServices.replicas.externalTrafficPolicy + - description: healthCheckNodePort specifies the healthcheck nodePort for + the service. This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, a value will + be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). This + field cannot be updated once set. + displayName: Postgres Services Replicas Health Check Node Port + path: postgresServices.replicas.healthCheckNodePort + - description: InternalTrafficPolicy describes how nodes distribute service + traffic they receive on the ClusterIP. If set to "Local", the proxy + will assume that pods only want to talk to endpoints of the service + on the same node as the pod, dropping the traffic if there are no local + endpoints. The default value, "Cluster", uses the standard behavior + of routing to all endpoints evenly (possibly modified by topology and + other features). + displayName: Postgres Services Replicas Internal Traffic Policy + path: postgresServices.replicas.internalTrafficPolicy + - displayName: Postgres Services Replicas Ip Families + path: postgresServices.replicas.ipFamilies + - description: IPFamilyPolicy represents the dual-stack-ness requested or + required by this Service. If there is no value provided, then this field + will be set to SingleStack. Services can be "SingleStack" (a single + IP family), "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). + The ipFamilies and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to type ExternalName. + displayName: Postgres Services Replicas Ip Family Policy + path: postgresServices.replicas.ipFamilyPolicy + - description: loadBalancerClass is the class of the load balancer implementation + this Service belongs to. If specified, the value of this field must + be a label-style identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. + If not set, the default load balancer implementation is used, today + this is typically done through the cloud provider integration, but should + apply for any default implementation. If set, it is assumed that a load + balancer implementation is watching for Services with a matching class. + Any default load balancer implementation (e.g. cloud providers) should + ignore Services that set this field. This field can only be set when + creating or updating a Service to type 'LoadBalancer'. Once set, it + can not be changed. This field will be wiped when a service is updated + to a non 'LoadBalancer' type. + displayName: Postgres Services Replicas Load Balancer Class + path: postgresServices.replicas.loadBalancerClass + - description: 'Only applies to Service Type: LoadBalancer. This feature + depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. This field will + be ignored if the cloud-provider does not support the feature. Deprecated: + This field was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, users are + encouraged to use implementation-specific annotations when available. + This field may be removed in a future API version.' + displayName: Postgres Services Replicas Load Balancer IP + path: postgresServices.replicas.loadBalancerIP + - displayName: Postgres Services Replicas Load Balancer Source Ranges + path: postgresServices.replicas.loadBalancerSourceRanges + - description: 'Supports "ClientIP" and "None". Used to maintain session + affinity. Enable client IP based session affinity. Must be ClientIP + or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + + + ' + displayName: Postgres Services Replicas Session Affinity + path: postgresServices.replicas.sessionAffinity + - description: timeoutSeconds specifies the seconds of ClientIP type session + sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + displayName: Postgres Services Replicas Session Affinity Config Client + IP Timeout Seconds + path: postgresServices.replicas.sessionAffinityConfig.clientIP.timeoutSeconds + - description: 'Size of the PersistentVolume set for each instance of the + cluster. This size is specified either in Mebibytes, Gibibytes or Tebibytes + (multiples of 2^20, 2^30 or 2^40, respectively). + + ' + displayName: Pods Persistent Volume Size + path: pods.persistentVolume.size + - description: 'Name of an existing StorageClass in the Kubernetes cluster, + used to create the PersistentVolumes for the instances of the cluster. + + ' + displayName: Pods Persistent Volume Storage Class + path: pods.persistentVolume.storageClass + - description: 'If set to `true`, avoids creating a connection pooling (using + [PgBouncer](https://www.pgbouncer.org/)) sidecar. + + + **Changing this field may require a restart.** + + ' + displayName: Pods Disable Connection Pooling + path: pods.disableConnectionPooling + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: If set to `true`, avoids creating the Prometheus exporter + sidecar. Recommended when there's no intention to use Prometheus for + monitoring. + displayName: Pods Disable Metrics Exporter + path: pods.disableMetricsExporter + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If set to `true`, avoids creating the `postgres-util` sidecar. + This sidecar contains usual Postgres administration utilities *that + are not present in the main (`patroni`) container*, like `psql`. Only + disable if you know what you are doing. + + + **Changing this field may require a restart.** + + ' + displayName: Pods Disable Postgres Util + path: pods.disablePostgresUtil + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'When enabled resource limits for containers other than the + patroni container wil be set just like for patroni contianer as specified + in the SGInstanceProfile. + + + **Changing this field may require a restart.** + + ' + displayName: Pods Resources Enable Cluster Limits Requirements + path: pods.resources.enableClusterLimitsRequirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "When set to `true` the resources requests values in fields\ + \ `SGInstanceProfile.spec.requests.cpu` and `SGInstanceProfile.spec.requests.memory`\ + \ will represent the resources\n requests of the patroni container and\ + \ the total resources requests calculated by adding the resources requests\ + \ of all the containers (including the patroni container).\n\n**Changing\ + \ this field may require a restart.**\n" + displayName: Pods Resources Disable Resources Requests Split From Total + path: pods.resources.disableResourcesRequestsSplitFromTotal + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Pods Scheduling Node Selector + path: pods.scheduling.nodeSelector + - description: 'The pod this Toleration is attached to tolerates any taint + that matches the triple using the matching operator + + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + displayName: Pods Scheduling Tolerations + path: pods.scheduling.tolerations + - description: 'Node affinity is a group of node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + displayName: Pods Scheduling Node Affinity + path: pods.scheduling.nodeAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:nodeAffinity + - description: 'Priority indicates the importance of a Pod relative to other + Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the pending Pod possible. + + ' + displayName: Pods Scheduling Priority Class Name + path: pods.scheduling.priorityClassName + - description: 'Pod affinity is a group of inter pod affinity scheduling + rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + displayName: Pods Scheduling Pod Affinity + path: pods.scheduling.podAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAffinity + - description: 'Pod anti affinity is a group of inter pod anti affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + displayName: Pods Scheduling Pod Anti Affinity + path: pods.scheduling.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: 'TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#topologyspreadconstraint-v1-core + + ' + displayName: Pods Scheduling Topology Spread Constraints + path: pods.scheduling.topologySpreadConstraints + - displayName: Pods Scheduling Backup Node Selector + path: pods.scheduling.backup.nodeSelector + - description: 'The pod this Toleration is attached to tolerates any taint + that matches the triple using the matching operator + + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + displayName: Pods Scheduling Backup Tolerations + path: pods.scheduling.backup.tolerations + - description: 'Node affinity is a group of node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + displayName: Pods Scheduling Backup Node Affinity + path: pods.scheduling.backup.nodeAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:nodeAffinity + - description: 'Priority indicates the importance of a Pod relative to other + Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the pending Pod possible. + + ' + displayName: Pods Scheduling Backup Priority Class Name + path: pods.scheduling.backup.priorityClassName + - description: 'Pod affinity is a group of inter pod affinity scheduling + rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + displayName: Pods Scheduling Backup Pod Affinity + path: pods.scheduling.backup.podAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAffinity + - description: 'Pod anti affinity is a group of inter pod anti affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + displayName: Pods Scheduling Backup Pod Anti Affinity + path: pods.scheduling.backup.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: "managementPolicy controls how pods are created during initial\ + \ scale up, when replacing pods\n on nodes, or when scaling down. The\ + \ default policy is `OrderedReady`, where pods are created\n in increasing\ + \ order (pod-0, then pod-1, etc) and the controller will wait until\ + \ each pod is\n ready before continuing. When scaling down, the pods\ + \ are removed in the opposite order.\n The alternative policy is `Parallel`\ + \ which will create pods in parallel to match the desired\n scale without\ + \ waiting, and on scale down will delete all pods at once.\n" + displayName: Pods Management Policy + path: pods.managementPolicy + - description: 'Name of the [SGPostgresConfig](https://stackgres.io/doc/latest/reference/crd/sgpgconfig) + used for the cluster. + + + It must exist. When not set, a default Postgres config, for the major + version selected, is used. + + + **Changing this field may require a restart.** + + ' + displayName: Configurations SGPostgresConfig + path: configurations.sgPostgresConfig + - description: 'Name of the [SGPoolingConfig](https://stackgres.io/doc/latest/reference/crd/sgpoolconfig) + used for this cluster. + + + Each pod contains a sidecar with a connection pooler (currently: [PgBouncer](https://www.pgbouncer.org/)). + The connection pooler is implemented as a sidecar. + + + If not set, a default configuration will be used. Disabling connection + pooling altogether is possible if the disableConnectionPooling property + of the pods object is set to true. + + + **Changing this field may require a restart.** + + ' + displayName: Configurations SGPoolingConfig + path: configurations.sgPoolingConfig + - description: '**Deprecated**: use instead `.spec.configurations.backups[].sgObjectStorage` + + + Name of the [SGBackupConfig](https://stackgres.io/doc/latest/reference/crd/sgbackupconfig) + to use for the cluster. It defines the backups policy, storage and retention, + among others, applied to the cluster. When not set, backup configuration + will not be used. + + ' + displayName: Configurations SGBackup Config + path: configurations.sgBackupConfig + - description: '**Deprecated**: use instead `.spec.configurations.backups[].path` + + + The path were the backup is stored. If not set this field is filled + up by the operator. + + + When provided will indicate were the backups and WAL files will be stored. + + ' + displayName: Configurations Backup Path + path: configurations.backupPath + - description: 'Specifies the backup compression algorithm. Possible options + are: lz4, lzma, brotli. The default method is `lz4`. LZ4 is the fastest + method, but compression ratio is the worst. LZMA is way slower, but + it compresses backups about 6 times better than LZ4. Brotli is a good + trade-off between speed and compression ratio, being about 3 times better + than LZ4. + + ' + displayName: Configurations Backups Compression + path: configurations.backups.compression + - description: 'Continuous Archiving backups are composed of periodic *base + backups* and all the WAL segments produced in between those base backups. + This parameter specifies at what time and with what frequency to start + performing a new base backup. + + + Use cron syntax (`m h dom mon dow`) for this parameter, i.e., 5 values + separated by spaces: + + * `m`: minute, 0 to 59. + + * `h`: hour, 0 to 23. + + * `dom`: day of month, 1 to 31 (recommended not to set it higher than + 28). + + * `mon`: month, 1 to 12. + + * `dow`: day of week, 0 to 7 (0 and 7 both represent Sunday). + + + Also ranges of values (`start-end`), the symbol `*` (meaning `first-last`) + or even `*/N`, where `N` is a number, meaning ""every `N`, may be used. + All times are UTC. It is recommended to avoid 00:00 as base backup time, + to avoid overlapping with any other external operations happening at + this time. + + + If not set, full backups are never performed automatically. + + ' + displayName: Configurations Backups Cron Schedule + path: configurations.backups.cronSchedule + - description: 'Maximum storage upload bandwidth used when storing a backup. + In bytes (per second). + + ' + displayName: Configurations Backups Performance Max Network Bandwidth + path: configurations.backups.performance.maxNetworkBandwidth + - description: 'Maximum disk read I/O when performing a backup. In bytes + (per second). + + ' + displayName: Configurations Backups Performance Max Disk Bandwidth + path: configurations.backups.performance.maxDiskBandwidth + - description: 'Backup storage may use several concurrent streams to store + the data. This parameter configures the number of parallel streams to + use to reading from disk. By default, it''s set to 1. + + ' + displayName: Configurations Backups Performance Upload Disk Concurrency + path: configurations.backups.performance.uploadDiskConcurrency + - description: 'Backup storage may use several concurrent streams to store + the data. This parameter configures the number of parallel streams to + use. By default, it''s set to 16. + + ' + displayName: Configurations Backups Performance Upload Concurrency + path: configurations.backups.performance.uploadConcurrency + - description: 'Backup storage may use several concurrent streams to read + the data. This parameter configures the number of parallel streams to + use. By default, it''s set to the minimum between the number of file + to read and 10. + + ' + displayName: Configurations Backups Performance Download Concurrency + path: configurations.backups.performance.downloadConcurrency + - description: 'When an automatic retention policy is defined to delete + old base backups, this parameter specifies the number of base backups + to keep, in a sliding window. + + + Consequently, the time range covered by backups is `periodicity*retention`, + where `periodicity` is the separation between backups as specified by + the `cronSchedule` property. + + + Default is 5. + + ' + displayName: Configurations Backups Retention + path: configurations.backups.retention + - description: 'Name of the [SGObjectStorage](https://stackgres.io/doc/latest/reference/crd/sgobjectstorage) + to use for the cluster. + + + It defines the location in which the the backups will be stored. + + ' + displayName: Configurations Backups SGObjectStorage + path: configurations.backups.sgObjectStorage + - description: 'The path were the backup is stored. If not set this field + is filled up by the operator. + + + When provided will indicate were the backups and WAL files will be stored. + + ' + displayName: Configurations Backups Path + path: configurations.backups.path + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Patroni Rest Api Password Name + path: configurations.credentials.patroni.restApiPassword.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Patroni Rest Api Password Key + path: configurations.credentials.patroni.restApiPassword.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Superuser Username Name + path: configurations.credentials.users.superuser.username.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Superuser Username Key + path: configurations.credentials.users.superuser.username.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Superuser Password Name + path: configurations.credentials.users.superuser.password.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Superuser Password Key + path: configurations.credentials.users.superuser.password.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Replication Username Name + path: configurations.credentials.users.replication.username.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Replication Username Key + path: configurations.credentials.users.replication.username.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Replication Password Name + path: configurations.credentials.users.replication.password.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Replication Password Key + path: configurations.credentials.users.replication.password.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Authenticator Username Name + path: configurations.credentials.users.authenticator.username.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Authenticator Username Key + path: configurations.credentials.users.authenticator.username.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Authenticator Password Name + path: configurations.credentials.users.authenticator.password.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Authenticator Password Key + path: configurations.credentials.users.authenticator.password.key + - description: It's the reference of custom provider name. If not specified, + then the default value will be `stackgres` + displayName: Configurations Binding Provider + path: configurations.binding.provider + - description: Allow to specify the database name. If not specified, then + the default value is `postgres` + displayName: Configurations Binding Database + path: configurations.binding.database + - description: Allow to specify the username. If not specified, then the + superuser username will be used. + displayName: Configurations Binding Username + path: configurations.binding.username + - description: The name of the Secret + displayName: Configurations Binding Password Name + path: configurations.binding.password.name + - description: The key of the Secret + displayName: Configurations Binding Password Key + path: configurations.binding.password.key + - description: If true, when any entry of any `SGScript` fail will not prevent + subsequent `SGScript` from being executed. By default is `false`. + displayName: Managed Sql Continue On SG Script Error + path: managedSql.continueOnSGScriptError + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'The id is immutable and must be unique across all the `SGScript` + entries. It is replaced by the operator and is used to identify the + `SGScript` entry. + + ' + displayName: Managed Sql Scripts Id + path: managedSql.scripts.id + - description: A reference to an `SGScript` + displayName: Managed Sql Scripts SGScript + path: managedSql.scripts.sgScript + - description: "When set to the UID of an existing [SGBackup](https://stackgres.io/doc/latest/reference/crd/sgbackup),\ + \ the cluster is initialized by restoring the\n backup data to it.\ + \ If not set, the cluster is initialized empty. This field is deprecated.\n" + displayName: Initial Data Restore From Backup Uid + path: initialData.restore.fromBackup.uid + - description: "When set to the name of an existing [SGBackup](https://stackgres.io/doc/latest/reference/crd/sgbackup),\ + \ the cluster is initialized by restoring the\n backup data to it.\ + \ If not set, the cluster is initialized empty. The selected backup\ + \ must be in the same namespace.\n" + displayName: Initial Data Restore From Backup Name + path: initialData.restore.fromBackup.name + - description: "Specify the [recovery_target](https://postgresqlco.nf/doc/en/param/recovery_target/)\ + \ that specifies that recovery should end as soon as a consistent\n\ + \ state is reached, i.e., as early as possible. When restoring from\ + \ an online backup, this means the point where taking the backup ended.\n\ + \n Technically, this is a string parameter, but 'immediate' is currently\ + \ the only allowed value.\n" + displayName: Initial Data Restore From Backup Target + path: initialData.restore.fromBackup.target + - description: "Specify the [recovery_target_timeline](https://postgresqlco.nf/doc/en/param/recovery_target_timeline/)\ + \ to recover into a particular timeline.\n The default is to recover\ + \ along the same timeline that was current when the base backup was\ + \ taken. Setting this to latest recovers to the latest\n timeline found\ + \ in the archive, which is useful in a standby server. Other than that\ + \ you only need to set this parameter in complex re-recovery\n situations,\ + \ where you need to return to a state that itself was reached after\ + \ a point-in-time recovery.\n" + displayName: Initial Data Restore From Backup Target Timeline + path: initialData.restore.fromBackup.targetTimeline + - description: "Specify the [recovery_target_inclusive](https://postgresqlco.nf/doc/en/param/recovery_target_timeline/)\ + \ to stop recovery just after the specified\n recovery target (true),\ + \ or just before the recovery target (false). Applies when targetLsn,\ + \ pointInTimeRecovery, or targetXid is specified. This\n setting controls\ + \ whether transactions having exactly the target WAL location (LSN),\ + \ commit time, or transaction ID, respectively, will be included\n \ + \ in the recovery. Default is true.\n" + displayName: Initial Data Restore From Backup Target Inclusive + path: initialData.restore.fromBackup.targetInclusive + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "[recovery_target_name](https://postgresqlco.nf/doc/en/param/recovery_target_name/)\ + \ specifies the named restore point\n (created with pg_create_restore_point())\ + \ to which recovery will proceed.\n" + displayName: Initial Data Restore From Backup Target Name + path: initialData.restore.fromBackup.targetName + - description: "[recovery_target_xid](https://postgresqlco.nf/doc/en/param/recovery_target_xid/)\ + \ specifies the transaction ID up to which recovery will proceed.\n\ + \ Keep in mind that while transaction IDs are assigned sequentially\ + \ at transaction start, transactions can complete in a different numeric\ + \ order.\n The transactions that will be recovered are those that committed\ + \ before (and optionally including) the specified one. The precise stopping\ + \ point\n is also influenced by targetInclusive.\n" + displayName: Initial Data Restore From Backup Target Xid + path: initialData.restore.fromBackup.targetXid + - description: "[recovery_target_lsn](https://postgresqlco.nf/doc/en/param/recovery_target_lsn/)\ + \ specifies the LSN of the write-ahead log location up to which\n recovery\ + \ will proceed. The precise stopping point is also influenced by targetInclusive.\ + \ This parameter is parsed using the system data type\n pg_lsn.\n" + displayName: Initial Data Restore From Backup Target Lsn + path: initialData.restore.fromBackup.targetLsn + - description: 'An ISO 8601 date, that holds UTC date indicating at which + point-in-time the database have to be restored. + + ' + displayName: Initial Data Restore From Backup Point In Time Recovery Restore + To Timestamp + path: initialData.restore.fromBackup.pointInTimeRecovery.restoreToTimestamp + - description: 'The backup fetch process may fetch several streams in parallel. + Parallel fetching is enabled when set to a value larger than one. + + + If not specified it will be interpreted as latest. + + ' + displayName: Initial Data Restore Download Disk Concurrency + path: initialData.restore.downloadDiskConcurrency + - description: 'Name of the script. Must be unique across this SGCluster. + + ' + displayName: Initial Data Scripts Name + path: initialData.scripts.name + - description: 'Database where the script is executed. Defaults to the `postgres` + database, if not specified. + + ' + displayName: Initial Data Scripts Database + path: initialData.scripts.database + - description: 'Raw SQL script to execute. This field is mutually exclusive + with `scriptFrom` field. + + ' + displayName: Initial Data Scripts Script + path: initialData.scripts.script + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Initial Data Scripts Script From Secret Key Ref Name + path: initialData.scripts.scriptFrom.secretKeyRef.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Initial Data Scripts Script From Secret Key Ref Key + path: initialData.scripts.scriptFrom.secretKeyRef.key + - description: 'The name of the ConfigMap that contains the SQL script to + execute. + + ' + displayName: Initial Data Scripts Script From Config Map Key Ref Name + path: initialData.scripts.scriptFrom.configMapKeyRef.name + - description: 'The key name within the ConfigMap that contains the SQL + script to execute. + + ' + displayName: Initial Data Scripts Script From Config Map Key Ref Key + path: initialData.scripts.scriptFrom.configMapKeyRef.key + - description: 'Configure replication from an SGCluster. + + ' + displayName: Replicate From Instance SGCluster Reference + path: replicateFrom.instance.sgCluster + - description: The host of the PostgreSQL to replicate from. + displayName: Replicate From Instance External Host + path: replicateFrom.instance.external.host + - description: The port of the PostgreSQL to replicate from. + displayName: Replicate From Instance External Port + path: replicateFrom.instance.external.port + - description: 'Maximum storage upload bandwidth used when storing a backup. + In bytes (per second). + + ' + displayName: Replicate From Storage Performance Max Network Bandwidth + path: replicateFrom.storage.performance.maxNetworkBandwidth + - description: 'Maximum disk read I/O when performing a backup. In bytes + (per second). + + ' + displayName: Replicate From Storage Performance Max Disk Bandwidth + path: replicateFrom.storage.performance.maxDiskBandwidth + - description: 'Backup storage may use several concurrent streams to read + the data. This parameter configures the number of parallel streams to + use. By default, it''s set to the minimum between the number of file + to read and 10. + + ' + displayName: Replicate From Storage Performance Download Concurrency + path: replicateFrom.storage.performance.downloadConcurrency + - description: The SGObjectStorage name to replicate from. + displayName: Replicate From Storage SGObjectStorage + path: replicateFrom.storage.sgObjectStorage + - description: The path in the SGObjectStorage to replicate from. + displayName: Replicate From Storage Path + path: replicateFrom.storage.path + - description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + displayName: Replicate From Users Superuser Username + path: replicateFrom.users.superuser.username + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Replicate From Users Superuser Username Name + path: replicateFrom.users.superuser.username.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Replicate From Users Superuser Username Key + path: replicateFrom.users.superuser.username.key + - description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + displayName: Replicate From Users Superuser Password + path: replicateFrom.users.superuser.password + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Replicate From Users Superuser Password Name + path: replicateFrom.users.superuser.password.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Replicate From Users Superuser Password Key + path: replicateFrom.users.superuser.password.key + - description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + displayName: Replicate From Users Replication Username + path: replicateFrom.users.replication.username + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Replicate From Users Replication Username Name + path: replicateFrom.users.replication.username.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Replicate From Users Replication Username Key + path: replicateFrom.users.replication.username.key + - description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + displayName: Replicate From Users Replication Password + path: replicateFrom.users.replication.password + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Replicate From Users Replication Password Name + path: replicateFrom.users.replication.password.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Replicate From Users Replication Password Key + path: replicateFrom.users.replication.password.key + - description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + displayName: Replicate From Users Authenticator Username + path: replicateFrom.users.authenticator.username + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Replicate From Users Authenticator Username Name + path: replicateFrom.users.authenticator.username.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Replicate From Users Authenticator Username Key + path: replicateFrom.users.authenticator.username.key + - description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + displayName: Replicate From Users Authenticator Password + path: replicateFrom.users.authenticator.password + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Replicate From Users Authenticator Password Name + path: replicateFrom.users.authenticator.password.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Replicate From Users Authenticator Password Key + path: replicateFrom.users.authenticator.password.key + - description: 'If enabled, a ServiceMonitor is created for each Prometheus + instance found in order to collect metrics. + + ' + displayName: Prometheus Autobind + path: prometheusAutobind + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'It is a best practice, on non-containerized environments, + when running production workloads, to run each database server on a + different server (virtual or physical), i.e., not to co-locate more + than one database server per host. + + + The same best practice applies to databases on containers. By default, + StackGres will not allow to run more than one StackGres pod on a given + Kubernetes node. Set this property to true to allow more than one StackGres + pod per node. + + + This property default value may be changed depending on the value of + field `.spec.profile`. + + + **Changing this field may require a restart.** + + ' + displayName: Non Production Options Disable Cluster Pod Anti Affinity + path: nonProductionOptions.disableClusterPodAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'It is a best practice, on containerized environments, when + running production workloads, to enforce container''s resources requirements. + + + The same best practice applies to databases on containers. By default, + StackGres will configure resource requirements for patroni container. + Set this property to true to prevent StackGres from setting patroni + container''s resources requirement. + + + This property default value may be changed depending on the value of + field `.spec.profile`. + + + **Changing this field may require a restart.** + + ' + displayName: Non Production Options Disable Patroni Resource Requirements + path: nonProductionOptions.disablePatroniResourceRequirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'It is a best practice, on containerized environments, when + running production workloads, to enforce container''s resources requirements. + + + By default, StackGres will configure resource requirements for all the + containers. Set this property to true to prevent StackGres from setting + container''s resources requirements (except for patroni container, see + `disablePatroniResourceRequirements`). + + + This property default value may be changed depending on the value of + field `.spec.profile`. + + + **Changing this field may require a restart.** + + ' + displayName: Non Production Options Disable Cluster Resource Requirements + path: nonProductionOptions.disableClusterResourceRequirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's cpu requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ cpu than it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs on the node.\n\ + \nBy default, StackGres will configure cpu requirements to have the\ + \ same limit and request for the patroni container. Set this property\ + \ to true to prevent StackGres from setting patroni container's cpu\ + \ requirements request equals to the limit\n when `.spec.requests.cpu`\ + \ is configured in the referenced `SGInstanceProfile`.\n\n**Changing\ + \ this field may require a restart.**\n" + displayName: Non Production Options Enable Set Patroni Cpu Requests + path: nonProductionOptions.enableSetPatroniCpuRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's cpu requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ cpu than it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs on the node.\n\ + \nBy default, StackGres will configure cpu requirements to have the\ + \ same limit and request for all the containers. Set this property to\ + \ true to prevent StackGres from setting container's cpu requirements\ + \ request equals to the limit (except for patroni container, see `enablePatroniCpuRequests`)\n\ + \ when `.spec.requests.containers..cpu` `.spec.requests.initContainers..cpu` is configured in the referenced `SGInstanceProfile`.\n\n\ + **Changing this field may require a restart.**\n" + displayName: Non Production Options Enable Set Cluster Cpu Requests + path: nonProductionOptions.enableSetClusterCpuRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's memory requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ memory than it requires.\n\nBy default, StackGres will configure memory\ + \ requirements to have the same limit and request for the patroni container.\ + \ Set this property to true to prevent StackGres from setting patroni\ + \ container's memory requirements request equals to the limit\n when\ + \ `.spec.requests.memory` is configured in the referenced `SGInstanceProfile`.\n\ + \n**Changing this field may require a restart.**\n" + displayName: Non Production Options Enable Set Patroni Memory Requests + path: nonProductionOptions.enableSetPatroniMemoryRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's memory requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ memory than it requires.\n\nBy default, StackGres will configure memory\ + \ requirements to have the same limit and request for all the containers.\ + \ Set this property to true to prevent StackGres from setting container's\ + \ memory requirements request equals to the limit (except for patroni\ + \ container, see `enablePatroniCpuRequests`)\n when `.spec.requests.containers..memory` `.spec.requests.initContainers..memory`\ + \ is configured in the referenced `SGInstanceProfile`.\n\n**Changing\ + \ this field may require a restart.**\n" + displayName: Non Production Options Enable Set Cluster Memory Requests + path: nonProductionOptions.enableSetClusterMemoryRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The name of the fature gate to enable. + displayName: Non Production Options Enabled Feature Gates + path: nonProductionOptions.enabledFeatureGates + - description: 'Name of the [SGDistributedLogs](https://stackgres.io/doc/latest/reference/crd/sgdistributedlogs/) + to use for this cluster. It must exist. + + ' + displayName: SGDistributedLogs Reference + path: distributedLogs.sgDistributedLogs + - description: "Define a retention window with the syntax ` (minutes|hours|days|months)`\ + \ in which log entries are kept.\n Log entries will be removed when\ + \ they get older more than the double of the specified retention window.\n\ + \nWhen this field is changed the retention will be applied only to log\ + \ entries that are newer than the end of\n the retention window previously\ + \ specified. If no retention window was previously specified it is considered\n\ + \ to be of 7 days. This means that if previous retention window is\ + \ of `7 days` new retention configuration will\n apply after UTC timestamp\ + \ calculated with: `SELECT date_trunc('days', now() at time zone 'UTC')\ + \ - INTERVAL '7 days'`.\n" + displayName: Distributed Logs Retention + path: distributedLogs.retention + - description: The name of the extension to install. + displayName: To Install Postgres Extensions Name + path: toInstallPostgresExtensions.name + - description: The id of the publisher of the extension to install. + displayName: To Install Postgres Extensions Publisher + path: toInstallPostgresExtensions.publisher + - description: The version of the extension to install. + displayName: To Install Postgres Extensions Version + path: toInstallPostgresExtensions.version + - description: The repository base URL from where the extension will be + installed from. + displayName: To Install Postgres Extensions Repository + path: toInstallPostgresExtensions.repository + - description: The postgres major version of the extension to install. + displayName: To Install Postgres Extensions Postgres Version + path: toInstallPostgresExtensions.postgresVersion + - description: The build version of the extension to install. + displayName: To Install Postgres Extensions Build + path: toInstallPostgresExtensions.build + - description: The extra mount of the installed extension. + displayName: To Install Postgres Extensions Extra Mounts + path: toInstallPostgresExtensions.extraMounts + statusDescriptors: + - displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Last time the condition transitioned from one status to another. + displayName: Conditions Last Transition Time + path: conditions.lastTransitionTime + - description: A human readable message indicating details about the transition. + displayName: Conditions Message + path: conditions.message + - description: The reason for the condition's last transition. + displayName: Conditions Reason + path: conditions.reason + - description: Status of the condition, one of True, False, Unknown. + displayName: Conditions Status + path: conditions.status + - description: Type of deployment condition. + displayName: Conditions Type + path: conditions.type + - description: The name of the pod. + displayName: Pod Statuses Name + path: podStatuses.name + - description: Indicates the replication group this Pod belongs to. + displayName: Pod Statuses Replication Group + path: podStatuses.replicationGroup + - description: Indicates if the pod is the elected primary + displayName: Pod Statuses Primary + path: podStatuses.primary + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Indicates if the pod requires restart + displayName: Pod Statuses Pending Restart + path: podStatuses.pendingRestart + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The name of the installed extension. + displayName: Pod Statuses Installed Postgres Extensions Name + path: podStatuses.installedPostgresExtensions.name + - description: The id of the publisher of the installed extension. + displayName: Pod Statuses Installed Postgres Extensions Publisher + path: podStatuses.installedPostgresExtensions.publisher + - description: The version of the installed extension. + displayName: Pod Statuses Installed Postgres Extensions Version + path: podStatuses.installedPostgresExtensions.version + - description: The repository base URL from where the extension was installed + from. + displayName: Pod Statuses Installed Postgres Extensions Repository + path: podStatuses.installedPostgresExtensions.repository + - description: The postgres major version of the installed extension. + displayName: Pod Statuses Installed Postgres Extensions Postgres Version + path: podStatuses.installedPostgresExtensions.postgresVersion + - description: The build version of the installed extension. + displayName: Pod Statuses Installed Postgres Extensions Build + path: podStatuses.installedPostgresExtensions.build + - description: The extra mount of the installed extension. + displayName: Pod Statuses Installed Postgres Extensions Extra Mounts + path: podStatuses.installedPostgresExtensions.extraMounts + - displayName: Db Ops Major Version Upgrade Initial Instances + path: dbOps.majorVersionUpgrade.initialInstances + - description: 'The primary instance that this operation is targetting + + ' + displayName: Db Ops Major Version Upgrade Primary Instance + path: dbOps.majorVersionUpgrade.primaryInstance + - description: 'The source PostgreSQL version + + ' + displayName: Db Ops Major Version Upgrade Source Postgres Version + path: dbOps.majorVersionUpgrade.sourcePostgresVersion + - description: The name of the extension to deploy. + displayName: Db Ops Major Version Upgrade Source Postgres Extensions Name + path: dbOps.majorVersionUpgrade.sourcePostgresExtensions.name + - description: The id of the publisher of the extension to deploy. If not + specified `com.ongres` will be used by default. + displayName: Db Ops Major Version Upgrade Source Postgres Extensions Publisher + path: dbOps.majorVersionUpgrade.sourcePostgresExtensions.publisher + - description: The version of the extension to deploy. If not specified + version of `stable` channel will be used by default and if only a version + is available that one will be used. + displayName: Db Ops Major Version Upgrade Source Postgres Extensions Version + path: dbOps.majorVersionUpgrade.sourcePostgresExtensions.version + - description: 'The repository base URL from where to obtain the extension + to deploy. + + ' + displayName: Db Ops Major Version Upgrade Source Postgres Extensions Repository + path: dbOps.majorVersionUpgrade.sourcePostgresExtensions.repository + - description: 'The source SGPostgresConfig reference + + ' + displayName: Db Ops Major Version Upgrade Source SGPostgresConfig + path: dbOps.majorVersionUpgrade.sourceSgPostgresConfig + - description: 'The source backup path + + ' + displayName: Db Ops Major Version Upgrade Source Backup Path + path: dbOps.majorVersionUpgrade.sourceBackupPath + - description: 'The target PostgreSQL version + + ' + displayName: Db Ops Major Version Upgrade Target Postgres Version + path: dbOps.majorVersionUpgrade.targetPostgresVersion + - description: 'The PostgreSQL locale + + ' + displayName: Db Ops Major Version Upgrade Locale + path: dbOps.majorVersionUpgrade.locale + - description: 'The PostgreSQL encoding + + ' + displayName: Db Ops Major Version Upgrade Encoding + path: dbOps.majorVersionUpgrade.encoding + - description: 'Indicates if PostgreSQL data checksum is enabled + + ' + displayName: Db Ops Major Version Upgrade Data Checksum + path: dbOps.majorVersionUpgrade.dataChecksum + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Use `--link` option when running `pg_upgrade` + + ' + displayName: Db Ops Major Version Upgrade Link + path: dbOps.majorVersionUpgrade.link + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Use `--clone` option when running `pg_upgrade` + + ' + displayName: Db Ops Major Version Upgrade Clone + path: dbOps.majorVersionUpgrade.clone + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Run `pg_upgrade` with check option instead of performing + the real upgrade + + ' + displayName: Db Ops Major Version Upgrade Check + path: dbOps.majorVersionUpgrade.check + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Indicates to rollback from a previous major version upgrade + + ' + displayName: Db Ops Major Version Upgrade Rollback + path: dbOps.majorVersionUpgrade.rollback + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Db Ops Restart Initial Instances + path: dbOps.restart.initialInstances + - description: 'The primary instance that this operation is targetting + + ' + displayName: Db Ops Restart Primary Instance + path: dbOps.restart.primaryInstance + - displayName: Db Ops Minor Version Upgrade Initial Instances + path: dbOps.minorVersionUpgrade.initialInstances + - description: 'The primary instance that this operation is targetting + + ' + displayName: Db Ops Minor Version Upgrade Primary Instance + path: dbOps.minorVersionUpgrade.primaryInstance + - description: 'Postgres version that is currently running on the cluster + + ' + displayName: Db Ops Minor Version Upgrade Source Postgres Version + path: dbOps.minorVersionUpgrade.sourcePostgresVersion + - description: 'The desired Postgres version for the cluster + + ' + displayName: Db Ops Minor Version Upgrade Target Postgres Version + path: dbOps.minorVersionUpgrade.targetPostgresVersion + - displayName: Db Ops Security Upgrade Initial Instances + path: dbOps.securityUpgrade.initialInstances + - description: 'The primary instance that this operation is targetting + + ' + displayName: Db Ops Security Upgrade Primary Instance + path: dbOps.securityUpgrade.primaryInstance + - description: The architecture on which the cluster has been initialized. + displayName: Arch + path: arch + - description: The operative system on which the cluster has been initialized. + displayName: Os + path: os + - description: The custom prefix that is prepended to all labels. + displayName: Label Prefix + path: labelPrefix + - description: Identify the associated `SGScript` entry with the same value + in the `id` field. + displayName: Managed Sql Scripts Id + path: managedSql.scripts.id + - description: ISO-8601 datetime of when the script execution has been started. + displayName: Managed Sql Scripts Started At + path: managedSql.scripts.startedAt + - description: ISO-8601 datetime of when the last script execution occurred. + Will be reset each time the referenced `SGScripts` entry will be applied. + displayName: Managed Sql Scripts Updated At + path: managedSql.scripts.updatedAt + - description: ISO-8601 datetime of when the script execution had failed + (mutually exclusive with `completedAt`). + displayName: Managed Sql Scripts Failed At + path: managedSql.scripts.failedAt + - description: ISO-8601 datetime of when the script execution had completed + (mutually exclusive with `failedAt`). + displayName: Managed Sql Scripts Completed At + path: managedSql.scripts.completedAt + - description: Identify the associated script entry with the same value + in the `id` field. + displayName: Managed Sql Scripts Scripts Id + path: managedSql.scripts.scripts.id + - description: The latest version applied + displayName: Managed Sql Scripts Scripts Version + path: managedSql.scripts.scripts.version + - description: Indicates the number of intents or failures occurred + displayName: Managed Sql Scripts Scripts Intents + path: managedSql.scripts.scripts.intents + - description: If failed, the error code of the failure. See also https://www.postgresql.org/docs/current/errcodes-appendix.html + displayName: Managed Sql Scripts Scripts Failure Code + path: managedSql.scripts.scripts.failureCode + - description: If failed, a message of the failure + displayName: Managed Sql Scripts Scripts Failure + path: managedSql.scripts.scripts.failure + - description: The name of the Secret as specified in [Service Binding spec + for provisioned service](https://servicebinding.io/spec/core/1.0.0/#provisioned-service). + displayName: Binding Name + path: binding.name + version: v1 + - description: Operator configuration for OLM-based installations (equivalent + to values.yaml with Helm) + displayName: StackGres Operator Configuration + kind: SGConfig + name: sgconfigs.stackgres.io + specDescriptors: + - description: The container registry host (and port) where the images will + be pulled from. + displayName: Container Registry + path: containerRegistry + - description: Image pull policy used for images loaded by the Operator + displayName: Image Pull Policy + path: imagePullPolicy + - description: If `true` the Operator Installation ServiceAccount will be + created + displayName: Service Account Create + path: serviceAccount.create + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Repository credentials Secret name + displayName: Service Account Repo Credentials + path: serviceAccount.repoCredentials + - description: Operator image name + displayName: Operator Image Name + path: operator.image.name + - description: Operator image tag + displayName: Operator Image Tag + path: operator.image.tag + - description: Operator image pull policy + displayName: Operator Image Pull Policy + path: operator.image.pullPolicy + - description: Repository credentials Secret name + displayName: Operator Service Account Repo Credentials + path: operator.serviceAccount.repoCredentials + - description: REST API container name + displayName: Restapi Name + path: restapi.name + - description: REST API image name + displayName: Restapi Image Name + path: restapi.image.name + - description: REST API image tag + displayName: Restapi Image Tag + path: restapi.image.tag + - description: REST API image pull policy + displayName: Restapi Image Pull Policy + path: restapi.image.pullPolicy + - description: Repository credentials Secret name + displayName: Restapi Service Account Repo Credentials + path: restapi.serviceAccount.repoCredentials + - description: Web Console image name + displayName: Adminui Image Name + path: adminui.image.name + - description: Web Console image tag + displayName: Adminui Image Tag + path: adminui.image.tag + - description: Web Console image pull policy + displayName: Adminui Image Pull Policy + path: adminui.image.pullPolicy + - description: When set to `true` the HTTP port will be exposed in the Web + Console Service + displayName: Adminui Service Expose HTTP + path: adminui.service.exposeHTTP + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "The type used for the service of the UI:\n* Set to LoadBalancer\ + \ to create a load balancer (if supported by the kubernetes cluster)\n\ + \ to allow connect from Internet to the UI. Note that enabling this\ + \ feature will probably incurr in\n some fee that depend on the host\ + \ of the kubernetes cluster (for example this is true for EKS, GKE\n\ + \ and AKS).\n* Set to NodePort to expose admin UI from kubernetes nodes.\n" + displayName: Adminui Service Type + path: adminui.service.type + - description: 'LoadBalancer will get created with the IP specified in + + this field. This feature depends on whether the underlying cloud-provider + supports specifying + + the loadBalancerIP when a load balancer is created. This field will + be ignored if the + + cloud-provider does not support the feature. + + ' + displayName: Adminui Service Load Balancer IP + path: adminui.service.loadBalancerIP + - displayName: Adminui Service Load Balancer Source Ranges + path: adminui.service.loadBalancerSourceRanges + - description: The HTTPS port used to expose the Service on Kubernetes nodes + displayName: Adminui Service Node Port + path: adminui.service.nodePort + - description: The HTTP port used to expose the Service on Kubernetes nodes + displayName: Adminui Service Node Port HTTP + path: adminui.service.nodePortHTTP + - description: Operator Installation Jobs image name + displayName: Jobs Image Name + path: jobs.image.name + - description: Operator Installation Jobs image tag + displayName: Jobs Image Tag + path: jobs.image.tag + - description: Operator Installation Jobs image pull policy + displayName: Jobs Image Pull Policy + path: jobs.image.pullPolicy + - description: When set to `true` the Operator will be deployed. + displayName: Deploy Operator + path: deploy.operator + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: When set to `true` the Web Console / REST API will be deployed. + displayName: Deploy Restapi + path: deploy.restapi + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "If set to `true` the CertificateSigningRequest used to generate\ + \ the certificate used by\n Webhooks will be approved by the Operator\ + \ Installation Job.\n" + displayName: Cert Autoapprove + path: cert.autoapprove + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: When set to `true` the Operator certificate will be created. + displayName: Cert Create For Operator + path: cert.createForOperator + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: When set to `true` the Web Console / REST API certificate + will be created. + displayName: Cert Create For Web Api + path: cert.createForWebApi + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "The Secret name with the Operator Webhooks certificate issued\ + \ by the Kubernetes cluster CA\n of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets\n" + displayName: Cert Secret Name + path: cert.secretName + - description: 'When set to `true` the Operator certificates will be regenerated + if `createForOperator` is set to `true`, and the certificate is expired + or invalid. + + ' + displayName: Cert Regenerate Cert + path: cert.regenerateCert + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'The duration in days of the generated certificate for the + Operator after which it will expire and be regenerated. + + If not specified it will be set to 730 (2 years) by default. + + ' + displayName: Cert Cert Duration + path: cert.certDuration + - description: "The Secret name with the Web Console / REST API certificate\n\ + \ of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets\n" + displayName: Cert Web Secret Name + path: cert.webSecretName + - description: 'When set to `true` the Web Console / REST API certificates + will be regenerated if `createForWebApi` is set to `true`, and the certificate + is expired or invalid. + + ' + displayName: Cert Regenerate Web Cert + path: cert.regenerateWebCert + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'When set to `true` the Web Console / REST API RSA key pair + will be regenerated if `createForWebApi` is set to `true`, and the certificate + is expired or invalid. + + ' + displayName: Cert Regenerate Web Rsa + path: cert.regenerateWebRsa + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'The duration in days of the generated certificate for the + Web Console / REST API after which it will expire and be regenerated. + + If not specified it will be set to 730 (2 years) by default. + + ' + displayName: Cert Web Cert Duration + path: cert.webCertDuration + - description: 'The duration in days of the generated RSA key pair for the + Web Console / REST API after which it will expire and be regenerated. + + If not specified it will be set to 730 (2 years) by default. + + ' + displayName: Cert Web Rsa Duration + path: cert.webRsaDuration + - description: "The private RSA key used to create the Operator Webhooks\ + \ certificate issued by the\n Kubernetes cluster CA.\n" + displayName: Cert Key + path: cert.key + - description: The Operator Webhooks certificate issued by Kubernetes cluster + CA. + displayName: Cert Crt + path: cert.crt + - description: The private RSA key used to generate JWTs used in REST API + authentication. + displayName: Cert Jwt Rsa Key + path: cert.jwtRsaKey + - description: The public RSA key used to verify JWTs used in REST API authentication. + displayName: Cert Jwt Rsa Pub + path: cert.jwtRsaPub + - description: The private RSA key used to create the Web Console / REST + API certificate + displayName: Cert Web Key + path: cert.webKey + - description: The Web Console / REST API certificate + displayName: Cert Web Crt + path: cert.webCrt + - description: "When set to `true` then Issuer and Certificate for Operator\ + \ and Web Console / REST API\n Pods will be generated\n" + displayName: Cert Cert Manager Auto Configure + path: cert.certManager.autoConfigure + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The requested duration (i.e. lifetime) of the Certificates. + See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 + displayName: Cert Cert Manager Duration + path: cert.certManager.duration + - description: How long before the currently issued certificate’s expiry + cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 + displayName: Cert Cert Manager Renew Before + path: cert.certManager.renewBefore + - description: The private key cryptography standards (PKCS) encoding for + this certificate’s private key to be encoded in. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey + displayName: Cert Cert Manager Encoding + path: cert.certManager.encoding + - description: Size is the key bit size of the corresponding private key + for this certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey + displayName: Cert Cert Manager Size + path: cert.certManager.size + - description: "When set to `true` the admin user is assigned the `cluster-admin`\ + \ ClusterRole by creating\n ClusterRoleBinding.\n" + displayName: Rbac Create + path: rbac.create + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "Specify the authentication mechanism to use. By default\ + \ is `jwt`, see https://stackgres.io/doc/latest/api/rbac#local-secret-mechanism.\n\ + \ If set to `oidc` then see https://stackgres.io/doc/latest/api/rbac/#openid-connect-provider-mechanism.\n" + displayName: Authentication Type + path: authentication.type + - description: 'When `true` will create the secret used to store the admin + user credentials to access the UI. + + ' + displayName: Authentication Create Admin Secret + path: authentication.createAdminSecret + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The admin username that will be created for the Web Console + displayName: Authentication User + path: authentication.user + - description: 'The admin password that will be created for the Web Console. + + + If not specified a random password will be generated. + + ' + displayName: Authentication Password + path: authentication.password + - description: Can be one of `required`, `certificate-validation` or `none` + displayName: Authentication Oidc Tls Verification + path: authentication.oidc.tlsVerification + - displayName: Authentication Oidc Auth Server Url + path: authentication.oidc.authServerUrl + - displayName: Authentication Oidc Client Id + path: authentication.oidc.clientId + - displayName: Authentication Oidc Credentials Secret + path: authentication.oidc.credentialsSecret + - displayName: Authentication Oidc Client Id Secret Ref Name + path: authentication.oidc.clientIdSecretRef.name + - displayName: Authentication Oidc Client Id Secret Ref Key + path: authentication.oidc.clientIdSecretRef.key + - displayName: Authentication Oidc Credentials Secret Secret Ref Name + path: authentication.oidc.credentialsSecretSecretRef.name + - displayName: Authentication Oidc Credentials Secret Secret Ref Key + path: authentication.oidc.credentialsSecretSecretRef.key + - description: "If set to false disable automatic bind to Prometheus\n \ + \ created using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator).\n\ + If disabled the cluster will not be binded to Prometheus automatically\ + \ and will require manual\n intervention by the Kubernetes cluster\ + \ administrator.\n" + displayName: Prometheus Allow Autobind + path: prometheus.allowAutobind + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "When set to `true` embed automatically Grafana into the\ + \ Web Console by creating the\n StackGres dashboard and the read-only\ + \ role used to read it from the Web Console \n" + displayName: Grafana Auto Embed + path: grafana.autoEmbed + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "The schema to access Grafana. By default http. (used to\ + \ embed manually and\n automatically grafana)\n" + displayName: Grafana Schema + path: grafana.schema + - description: "The service host name to access grafana (used to embed manually\ + \ and\n automatically Grafana). \nThe parameter value should point to\ + \ the grafana service following the \n [DNS reference](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/)\ + \ `svc_name.namespace`\n" + displayName: Grafana Web Host + path: grafana.webHost + - description: The datasource name used to create the StackGres Dashboard + into Grafana + displayName: Grafana Datasource Name + path: grafana.datasourceName + - description: "The username to access Grafana. By default admin. (used\ + \ to embed automatically\n Grafana)\n" + displayName: Grafana User + path: grafana.user + - description: "The password to access Grafana. By default prom-operator\ + \ (the default in for\n kube-prometheus-stack helm chart). (used to\ + \ embed automatically Grafana)\n" + displayName: Grafana Password + path: grafana.password + - description: "The namespace of secret with credentials to access Grafana.\ + \ (used to\n embed automatically Grafana, alternative to use `user`\ + \ and `password`)\n" + displayName: Grafana Secret Namespace + path: grafana.secretNamespace + - description: "The name of secret with credentials to access Grafana. (used\ + \ to embed\n automatically Grafana, alternative to use `user` and `password`)\n" + displayName: Grafana Secret Name + path: grafana.secretName + - description: "The key of secret with username used to access Grafana.\ + \ (used to embed\n automatically Grafana, alternative to use `user`\ + \ and `password`)\n" + displayName: Grafana Secret User Key + path: grafana.secretUserKey + - description: "The key of secret with password used to access Grafana.\ + \ (used to\n embed automatically Grafana, alternative to use `user`\ + \ and `password`)\n" + displayName: Grafana Secret Password Key + path: grafana.secretPasswordKey + - description: "The ConfigMap name with the dashboard JSON in the key `grafana-dashboard.json`\n\ + \ that will be created in Grafana. If not set the default\n" + displayName: Grafana Dashboard Config Map + path: grafana.dashboardConfigMap + - description: "The dashboard id that will be create in Grafana\n (see https://grafana.com/grafana/dashboards).\ + \ By default 9628. (used to embed automatically\n Grafana)\n\nManual\ + \ Steps:\n \nCreate grafana dashboard for postgres exporter and copy/paste\ + \ share URL:\n- Grafana > Create > Import > Grafana.com Dashboard 9628\n\ + Copy/paste grafana dashboard URL for postgres exporter:\n- Grafana >\ + \ Dashboard > Manage > Select postgres exporter dashboard > Copy URL\n" + displayName: Grafana Dashboard Id + path: grafana.dashboardId + - description: "The URL of the PostgreSQL dashboard created in Grafana (used\ + \ to embed manually\n Grafana)\n" + displayName: Grafana Url + path: grafana.url + - description: "The Grafana API token to access the PostgreSQL dashboard\ + \ created\n in Grafana (used to embed manually Grafana)\n\nManual Steps:\n\ + \ \nCreate and copy/paste grafana API token:\n- Grafana > Configuration\ + \ > API Keys > Add API key (for viewer) > Copy key value\n" + displayName: Grafana Token + path: grafana.token + - displayName: Extensions Repository Urls + path: extensions.repositoryUrls + - description: "When set to `true` enable the extensions cache.\n\nThis\ + \ feature is in beta and may cause failures, please use with caution\ + \ and report any\n error to https://gitlab.com/ongresinc/stackgres/-/issues/new\n" + displayName: Extensions Cache Enabled + path: extensions.cache.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: An extension pattern used to pre-loaded estensions into the + extensions cache + displayName: Extensions Cache Preloaded Extensions + path: extensions.cache.preloadedExtensions + - description: 'The PersistentVolume size for the extensions cache + + + Only use whole numbers (e.g. not 1e6) and K/Ki/M/Mi/G/Gi as units + + ' + displayName: Extensions Cache Persistent Volume Size + path: extensions.cache.persistentVolume.size + - description: "If defined set storage class\nIf set to \"-\" (equivalent\ + \ to storageClass: \"\" in a PV spec) disables\n dynamic provisioning\n\ + If undefined (the default) or set to null, no storageClass spec is\n\ + \ set, choosing the default provisioner. (gp2 on AWS, standard on\n\ + \ GKE, AWS & OpenStack)\n" + displayName: Extensions Cache Persistent Volume Storage Class + path: extensions.cache.persistentVolume.storageClass + - description: "If set, will use a host path volume with the specified path\ + \ for the extensions cache\n instead of a PersistentVolume\n" + displayName: Extensions Cache Host Path + path: extensions.cache.hostPath + - description: Set the operator version (used for testing) + displayName: Developer Version + path: developer.version + - description: Set `quarkus.log.level`. See https://quarkus.io/guides/logging#root-logger-configuration + displayName: Developer Log Level + path: developer.logLevel + - description: If set to `true` add extra debug to any script controlled + by the reconciliation cycle of the operator configuration + displayName: Developer Show Debug + path: developer.showDebug + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set `quarkus.log.console.format` to `%d{yyyy-MM-dd HH:mm:ss,SSS} + %-5p [%c{4.}] (%t) %s%e%n`. See https://quarkus.io/guides/logging#logging-format + displayName: Developer Show Stack Traces + path: developer.showStackTraces + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'The operator will use JVM version of the images + + ' + displayName: Developer Use Jvm Images + path: developer.useJvmImages + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "Only work with JVM version and allow connect\n on port 8000\ + \ of operator Pod with jdb or similar\n" + displayName: Developer Enable Jvm Debug + path: developer.enableJvmDebug + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "Only work with JVM version and if `enableJvmDebug` is `true`\n\ + \ suspend the JVM until a debugger session is started\n" + displayName: Developer Enable Jvm Debug Suspend + path: developer.enableJvmDebugSuspend + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Set the external Operator IP + displayName: Developer External Operator Ip + path: developer.externalOperatorIp + - description: Set the external Operator port + displayName: Developer External Operator Port + path: developer.externalOperatorPort + - description: Set the external REST API IP + displayName: Developer External Rest Api Ip + path: developer.externalRestApiIp + - description: Set the external REST API port + displayName: Developer External Rest Api Port + path: developer.externalRestApiPort + - description: "If set to `true` and `extensions.cache.enabled` is also\ + \ `true`\n it will try to download extensions from images (experimental)\n" + displayName: Developer Allow Pull Extensions From Image Repository + path: developer.allowPullExtensionsFromImageRepository + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'It set to `true` disable arbitrary user that is set for + OpenShift clusters + + ' + displayName: Developer Disable Arbitrary User + path: developer.disableArbitraryUser + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: Last time the condition transitioned from one status to another. + displayName: Conditions Last Transition Time + path: conditions.lastTransitionTime + - description: A human readable message indicating details about the transition. + displayName: Conditions Message + path: conditions.message + - description: The reason for the condition's last transition. + displayName: Conditions Reason + path: conditions.reason + - description: Status of the condition, one of True, False, Unknown. + displayName: Conditions Status + path: conditions.status + - description: Type of deployment condition. + displayName: Conditions Type + path: conditions.type + - description: Latest version of the operator used to check for updates + displayName: Version + path: version + - description: Indicate when the old operator bundle resources has been + removed + displayName: Remove Old Operator Bundle Resources + path: removeOldOperatorBundleResources + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Grafana URL to StackGres dashboards preceded by the dashboard + name and a semicolon `:` + displayName: Grafana Urls + path: grafana.urls + - description: Grafana Token that allow to access dashboards + displayName: Grafana Token + path: grafana.token + - description: Grafana configuration hash + displayName: Grafana Config Hash + path: grafana.configHash + version: v1 + - description: Day 2 Operations, including upgrades, restarts, vacuum, repack, + etc + displayName: StackGres Database Operation + kind: SGDbOps + name: sgdbops.stackgres.io + specDescriptors: + - description: 'The name of SGCluster on which the operation will be performed. + + ' + displayName: Target SGCluster + path: sgCluster + - displayName: Scheduling Node Selector + path: scheduling.nodeSelector + - description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + + + ' + displayName: Scheduling Tolerations Effect + path: scheduling.tolerations.effect + - description: Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator must be Exists; + this combination means to match all values and all keys. + displayName: Scheduling Tolerations Key + path: scheduling.tolerations.key + - description: 'Operator represents a key''s relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate all taints of a particular + category. + + + ' + displayName: Scheduling Tolerations Operator + path: scheduling.tolerations.operator + - description: TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is ignored) + tolerates the taint. By default, it is not set, which means tolerate + the taint forever (do not evict). Zero and negative values will be treated + as 0 (evict immediately) by the system. + displayName: Scheduling Tolerations Toleration Seconds + path: scheduling.tolerations.tolerationSeconds + - description: Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just a regular + string. + displayName: Scheduling Tolerations Value + path: scheduling.tolerations.value + - description: The label key that the selector applies to. + displayName: Scheduling Node Affinity Preferred During Scheduling Ignored + During Execution Preference Match Expressions Key + path: scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Scheduling Node Affinity Preferred During Scheduling Ignored + During Execution Preference Match Expressions Operator + path: scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.operator + - displayName: Scheduling Node Affinity Preferred During Scheduling Ignored + During Execution Preference Match Expressions Values + path: scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Scheduling Node Affinity Preferred During Scheduling Ignored + During Execution Preference Match Fields Key + path: scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Scheduling Node Affinity Preferred During Scheduling Ignored + During Execution Preference Match Fields Operator + path: scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.operator + - displayName: Scheduling Node Affinity Preferred During Scheduling Ignored + During Execution Preference Match Fields Values + path: scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.values + - description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + displayName: Scheduling Node Affinity Preferred During Scheduling Ignored + During Execution Weight + path: scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: The label key that the selector applies to. + displayName: Scheduling Node Affinity Required During Scheduling Ignored + During Execution Node Selector Terms Match Expressions Key + path: scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Scheduling Node Affinity Required During Scheduling Ignored + During Execution Node Selector Terms Match Expressions Operator + path: scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.operator + - displayName: Scheduling Node Affinity Required During Scheduling Ignored + During Execution Node Selector Terms Match Expressions Values + path: scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Scheduling Node Affinity Required During Scheduling Ignored + During Execution Node Selector Terms Match Fields Key + path: scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Scheduling Node Affinity Required During Scheduling Ignored + During Execution Node Selector Terms Match Fields Operator + path: scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.operator + - displayName: Scheduling Node Affinity Required During Scheduling Ignored + During Execution Node Selector Terms Match Fields Values + path: scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.values + - description: 'Priority indicates the importance of a Pod relative to other + Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the pending Pod possible. + + ' + displayName: Scheduling Priority Class Name + path: scheduling.priorityClassName + - description: key is the label key that the selector applies to. + displayName: Scheduling Pod Affinity Preferred During Scheduling Ignored + During Execution Pod Affinity Term Label Selector Match Expressions + Key + path: scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Scheduling Pod Affinity Preferred During Scheduling Ignored + During Execution Pod Affinity Term Label Selector Match Expressions + Operator + path: scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.operator + - displayName: Scheduling Pod Affinity Preferred During Scheduling Ignored + During Execution Pod Affinity Term Label Selector Match Expressions + Values + path: scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.values + - displayName: Scheduling Pod Affinity Preferred During Scheduling Ignored + During Execution Pod Affinity Term Label Selector Match Labels + path: scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Scheduling Pod Affinity Preferred During Scheduling Ignored + During Execution Pod Affinity Term Namespace Selector Match Expressions + Key + path: scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Scheduling Pod Affinity Preferred During Scheduling Ignored + During Execution Pod Affinity Term Namespace Selector Match Expressions + Operator + path: scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.operator + - displayName: Scheduling Pod Affinity Preferred During Scheduling Ignored + During Execution Pod Affinity Term Namespace Selector Match Expressions + Values + path: scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.values + - displayName: Scheduling Pod Affinity Preferred During Scheduling Ignored + During Execution Pod Affinity Term Namespace Selector Match Labels + path: scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchLabels + - displayName: Scheduling Pod Affinity Preferred During Scheduling Ignored + During Execution Pod Affinity Term Namespaces + path: scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Scheduling Pod Affinity Preferred During Scheduling Ignored + During Execution Pod Affinity Term Topology Key + path: scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.topologyKey + - description: weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + displayName: Scheduling Pod Affinity Preferred During Scheduling Ignored + During Execution Weight + path: scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: key is the label key that the selector applies to. + displayName: Scheduling Pod Affinity Required During Scheduling Ignored + During Execution Label Selector Match Expressions Key + path: scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Scheduling Pod Affinity Required During Scheduling Ignored + During Execution Label Selector Match Expressions Operator + path: scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.operator + - displayName: Scheduling Pod Affinity Required During Scheduling Ignored + During Execution Label Selector Match Expressions Values + path: scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.values + - displayName: Scheduling Pod Affinity Required During Scheduling Ignored + During Execution Label Selector Match Labels + path: scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Scheduling Pod Affinity Required During Scheduling Ignored + During Execution Namespace Selector Match Expressions Key + path: scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Scheduling Pod Affinity Required During Scheduling Ignored + During Execution Namespace Selector Match Expressions Operator + path: scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.operator + - displayName: Scheduling Pod Affinity Required During Scheduling Ignored + During Execution Namespace Selector Match Expressions Values + path: scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.values + - displayName: Scheduling Pod Affinity Required During Scheduling Ignored + During Execution Namespace Selector Match Labels + path: scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchLabels + - displayName: Scheduling Pod Affinity Required During Scheduling Ignored + During Execution Namespaces + path: scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Scheduling Pod Affinity Required During Scheduling Ignored + During Execution Topology Key + path: scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.topologyKey + - description: key is the label key that the selector applies to. + displayName: Scheduling Pod Anti Affinity Preferred During Scheduling + Ignored During Execution Pod Affinity Term Label Selector Match Expressions + Key + path: scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Scheduling Pod Anti Affinity Preferred During Scheduling + Ignored During Execution Pod Affinity Term Label Selector Match Expressions + Operator + path: scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.operator + - displayName: Scheduling Pod Anti Affinity Preferred During Scheduling + Ignored During Execution Pod Affinity Term Label Selector Match Expressions + Values + path: scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.values + - displayName: Scheduling Pod Anti Affinity Preferred During Scheduling + Ignored During Execution Pod Affinity Term Label Selector Match Labels + path: scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Scheduling Pod Anti Affinity Preferred During Scheduling + Ignored During Execution Pod Affinity Term Namespace Selector Match + Expressions Key + path: scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Scheduling Pod Anti Affinity Preferred During Scheduling + Ignored During Execution Pod Affinity Term Namespace Selector Match + Expressions Operator + path: scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.operator + - displayName: Scheduling Pod Anti Affinity Preferred During Scheduling + Ignored During Execution Pod Affinity Term Namespace Selector Match + Expressions Values + path: scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.values + - displayName: Scheduling Pod Anti Affinity Preferred During Scheduling + Ignored During Execution Pod Affinity Term Namespace Selector Match + Labels + path: scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchLabels + - displayName: Scheduling Pod Anti Affinity Preferred During Scheduling + Ignored During Execution Pod Affinity Term Namespaces + path: scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Scheduling Pod Anti Affinity Preferred During Scheduling + Ignored During Execution Pod Affinity Term Topology Key + path: scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.topologyKey + - description: weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + displayName: Scheduling Pod Anti Affinity Preferred During Scheduling + Ignored During Execution Weight + path: scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: key is the label key that the selector applies to. + displayName: Scheduling Pod Anti Affinity Required During Scheduling Ignored + During Execution Label Selector Match Expressions Key + path: scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Scheduling Pod Anti Affinity Required During Scheduling Ignored + During Execution Label Selector Match Expressions Operator + path: scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.operator + - displayName: Scheduling Pod Anti Affinity Required During Scheduling Ignored + During Execution Label Selector Match Expressions Values + path: scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.values + - displayName: Scheduling Pod Anti Affinity Required During Scheduling Ignored + During Execution Label Selector Match Labels + path: scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Scheduling Pod Anti Affinity Required During Scheduling Ignored + During Execution Namespace Selector Match Expressions Key + path: scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Scheduling Pod Anti Affinity Required During Scheduling Ignored + During Execution Namespace Selector Match Expressions Operator + path: scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.operator + - displayName: Scheduling Pod Anti Affinity Required During Scheduling Ignored + During Execution Namespace Selector Match Expressions Values + path: scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.values + - displayName: Scheduling Pod Anti Affinity Required During Scheduling Ignored + During Execution Namespace Selector Match Labels + path: scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchLabels + - displayName: Scheduling Pod Anti Affinity Required During Scheduling Ignored + During Execution Namespaces + path: scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Scheduling Pod Anti Affinity Required During Scheduling Ignored + During Execution Topology Key + path: scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.topologyKey + - description: 'The kind of operation that will be performed on the SGCluster. + Available operations are: + + + * `benchmark`: run a benchmark on the specified SGCluster and report + the results in the status. + + * `vacuum`: perform a [vacuum](https://www.postgresql.org/docs/current/sql-vacuum.html) + operation on the specified SGCluster. + + * `repack`: run [`pg_repack`](https://github.com/reorg/pg_repack) command + on the specified SGCluster. + + * `majorVersionUpgrade`: perform a major version upgrade of PostgreSQL + using [`pg_upgrade`](https://www.postgresql.org/docs/current/pgupgrade.html) + command. + + * `restart`: perform a restart of the cluster. + + * `minorVersionUpgrade`: perform a minor version upgrade of PostgreSQL. + + * `securityUpgrade`: perform a security upgrade of the cluster. + + ' + displayName: Op + path: op + - description: 'An ISO 8601 date, that holds UTC scheduled date of the operation + execution. + + + If not specified or if the date it''s in the past, it will be interpreted + ASAP. + + ' + displayName: Run At + path: runAt + - description: 'An ISO 8601 duration in the format `PnDTnHnMn.nS`, that + specifies a timeout after which the operation execution will be canceled. + + + If the operation can not be performed due to timeout expiration, the + condition `Failed` will have a status of `True` and the reason will + be `OperationTimedOut`. + + + If not specified the operation will never fail for timeout expiration. + + ' + displayName: Timeout + path: timeout + - description: 'The maximum number of retries the operation is allowed to + do after a failure. + + + A value of `0` (zero) means no retries are made. Can not be greater + than `10`. Defaults to: `0`. + + ' + displayName: Max Retries + path: maxRetries + - description: 'The type of benchmark that will be performed on the SGCluster. + Available benchmarks are: + + + * `pgbench`: run [pgbench](https://www.postgresql.org/docs/current/pgbench.html) + on the specified SGCluster and report the results in the status. + + ' + displayName: Benchmark Type + path: benchmark.type + - description: 'Size of the database to generate. This size is specified + either in Mebibytes, Gibibytes or Tebibytes (multiples of 2^20, 2^30 + or 2^40, respectively). + + ' + displayName: Benchmark Pgbench Database Size + path: benchmark.pgbench.databaseSize + - description: 'An ISO 8601 duration in the format `PnDTnHnMn.nS`, that + specifies how long the benchmark will run. + + ' + displayName: Benchmark Pgbench Duration + path: benchmark.pgbench.duration + - description: 'Use extended query protocol with prepared statements. Defaults + to: `false`. + + ' + displayName: Benchmark Pgbench Use Prepared Statements + path: benchmark.pgbench.usePreparedStatements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Number of clients simulated, that is, number of concurrent + database sessions. Defaults to: `1`. + + ' + displayName: Benchmark Pgbench Concurrent Clients + path: benchmark.pgbench.concurrentClients + - description: 'Number of worker threads within pgbench. Using more than + one thread can be helpful on multi-CPU machines. Clients are distributed + as evenly as possible among available threads. Default is `1`. + + ' + displayName: Benchmark Pgbench Threads + path: benchmark.pgbench.threads + - description: 'Specify the service where the benchmark will connect to: + + + * `primary-service`: Connect to the primary service + + * `replicas-service`: Connect to the replicas service + + ' + displayName: Benchmark Connection Type + path: benchmark.connectionType + - description: "If true selects \"full\" vacuum, which can reclaim more\ + \ space, but takes much longer and exclusively locks the table.\nThis\ + \ method also requires extra disk space, since it writes a new copy\ + \ of the table and doesn't release the old copy\n until the operation\ + \ is complete. Usually this should only be used when a significant amount\ + \ of space needs to be\n reclaimed from within the table. Defaults\ + \ to: `false`.\n" + displayName: Vacuum Full + path: vacuum.full + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "If true selects aggressive \"freezing\" of tuples. Specifying\ + \ FREEZE is equivalent to performing VACUUM with the\n vacuum_freeze_min_age\ + \ and vacuum_freeze_table_age parameters set to zero. Aggressive freezing\ + \ is always performed\n when the table is rewritten, so this option\ + \ is redundant when FULL is specified. Defaults to: `false`.\n" + displayName: Vacuum Freeze + path: vacuum.freeze + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If true, updates statistics used by the planner to determine + the most efficient way to execute a query. Defaults to: `true`. + + ' + displayName: Vacuum Analyze + path: vacuum.analyze + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "Normally, VACUUM will skip pages based on the visibility\ + \ map. Pages where all tuples are known to be frozen can always be\n\ + \ skipped, and those where all tuples are known to be visible to all\ + \ transactions may be skipped except when performing an\n aggressive\ + \ vacuum. Furthermore, except when performing an aggressive vacuum,\ + \ some pages may be skipped in order to avoid\n waiting for other sessions\ + \ to finish using them. This option disables all page-skipping behavior,\ + \ and is intended to be\n used only when the contents of the visibility\ + \ map are suspect, which should happen only if there is a hardware or\n\ + \ software issue causing database corruption. Defaults to: `false`.\n" + displayName: Vacuum Disable Page Skipping + path: vacuum.disablePageSkipping + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: the name of the database + displayName: Vacuum Databases Name + path: vacuum.databases.name + - description: "If true selects \"full\" vacuum, which can reclaim more\ + \ space, but takes much longer and exclusively locks the table.\nThis\ + \ method also requires extra disk space, since it writes a new copy\ + \ of the table and doesn't release the old copy\n until the operation\ + \ is complete. Usually this should only be used when a significant amount\ + \ of space needs to be\n reclaimed from within the table. Defaults\ + \ to: `false`.\n" + displayName: Vacuum Databases Full + path: vacuum.databases.full + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "If true selects aggressive \"freezing\" of tuples. Specifying\ + \ FREEZE is equivalent to performing VACUUM with the\n vacuum_freeze_min_age\ + \ and vacuum_freeze_table_age parameters set to zero. Aggressive freezing\ + \ is always performed\n when the table is rewritten, so this option\ + \ is redundant when FULL is specified. Defaults to: `false`.\n" + displayName: Vacuum Databases Freeze + path: vacuum.databases.freeze + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If true, updates statistics used by the planner to determine + the most efficient way to execute a query. Defaults to: `true`. + + ' + displayName: Vacuum Databases Analyze + path: vacuum.databases.analyze + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "Normally, VACUUM will skip pages based on the visibility\ + \ map. Pages where all tuples are known to be frozen can always be\n\ + \ skipped, and those where all tuples are known to be visible to all\ + \ transactions may be skipped except when performing an\n aggressive\ + \ vacuum. Furthermore, except when performing an aggressive vacuum,\ + \ some pages may be skipped in order to avoid\n waiting for other sessions\ + \ to finish using them. This option disables all page-skipping behavior,\ + \ and is intended to be\n used only when the contents of the visibility\ + \ map are suspect, which should happen only if there is a hardware or\n\ + \ software issue causing database corruption. Defaults to: `false`.\n" + displayName: Vacuum Databases Disable Page Skipping + path: vacuum.databases.disablePageSkipping + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If true do vacuum full instead of cluster. Defaults to: + `false`. + + ' + displayName: Repack No Order + path: repack.noOrder + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If specified, an ISO 8601 duration format `PnDTnHnMn.nS` + to set a timeout to cancel other backends on conflict. + + ' + displayName: Repack Wait Timeout + path: repack.waitTimeout + - description: 'If true don''t kill other backends when timed out. Defaults + to: `false`. + + ' + displayName: Repack No Kill Backend + path: repack.noKillBackend + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If true don''t analyze at end. Defaults to: `false`. + + ' + displayName: Repack No Analyze + path: repack.noAnalyze + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If true don''t repack tables which belong to specific extension. + Defaults to: `false`. + + ' + displayName: Repack Exclude Extension + path: repack.excludeExtension + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: the name of the database + displayName: Repack Databases Name + path: repack.databases.name + - description: 'If true do vacuum full instead of cluster. Defaults to: + `false`. + + ' + displayName: Repack Databases No Order + path: repack.databases.noOrder + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If specified, an ISO 8601 duration format `PnDTnHnMn.nS` + to set a timeout to cancel other backends on conflict. + + ' + displayName: Repack Databases Wait Timeout + path: repack.databases.waitTimeout + - description: 'If true don''t kill other backends when timed out. Defaults + to: `false`. + + ' + displayName: Repack Databases No Kill Backend + path: repack.databases.noKillBackend + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If true don''t analyze at end. Defaults to: `false`. + + ' + displayName: Repack Databases No Analyze + path: repack.databases.noAnalyze + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If true don''t repack tables which belong to specific extension. + Defaults to: `false`. + + ' + displayName: Repack Databases Exclude Extension + path: repack.databases.excludeExtension + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'The target postgres version that must have the same major + version of the target SGCluster. + + ' + displayName: Major Version Upgrade Postgres Version + path: majorVersionUpgrade.postgresVersion + - description: The name of the extension to deploy. + displayName: Major Version Upgrade Postgres Extensions Name + path: majorVersionUpgrade.postgresExtensions.name + - description: The id of the publisher of the extension to deploy. If not + specified `com.ongres` will be used by default. + displayName: Major Version Upgrade Postgres Extensions Publisher + path: majorVersionUpgrade.postgresExtensions.publisher + - description: The version of the extension to deploy. If not specified + version of `stable` channel will be used by default and if only a version + is available that one will be used. + displayName: Major Version Upgrade Postgres Extensions Version + path: majorVersionUpgrade.postgresExtensions.version + - description: 'The repository base URL from where to obtain the extension + to deploy. + + + **This section is filled by the operator.** + + ' + displayName: Major Version Upgrade Postgres Extensions Repository + path: majorVersionUpgrade.postgresExtensions.repository + - description: 'The postgres config that must have the same major version + of the target postgres version. + + ' + displayName: Major Version Upgrade SGPostgresConfig + path: majorVersionUpgrade.sgPostgresConfig + - description: "The path were the backup is stored. If not set this field\ + \ is filled up by the operator.\n\nWhen provided will indicate were\ + \ the backups and WAL files will be stored.\n\nThe path should be different\ + \ from the current `.spec.configurations.backups[].path` value for the\ + \ target `SGCluster`\n in order to avoid mixing WAL files of two distinct\ + \ major versions of postgres.\n" + displayName: Major Version Upgrade Backup Path + path: majorVersionUpgrade.backupPath + - description: 'If true use hard links instead of copying files to the new + cluster. This option is mutually exclusive with `clone`. Defaults to: + `false`. + + ' + displayName: Major Version Upgrade Link + path: majorVersionUpgrade.link + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "If true use efficient file cloning (also known as \"reflinks\"\ + \ on some systems) instead of copying files to the new cluster.\nThis\ + \ can result in near-instantaneous copying of the data files, giving\ + \ the speed advantages of `link` while leaving the old\n cluster untouched.\ + \ This option is mutually exclusive with `link`. Defaults to: `false`.\n\ + \nFile cloning is only supported on some operating systems and file\ + \ systems. If it is selected but not supported, the pg_upgrade\n run\ + \ will error. At present, it is supported on Linux (kernel 4.5 or later)\ + \ with Btrfs and XFS (on file systems created with\n reflink support),\ + \ and on macOS with APFS.\n" + displayName: Major Version Upgrade Clone + path: majorVersionUpgrade.clone + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If true does some checks to see if the cluster can perform + a major version upgrade without changing any data. Defaults to: `false`. + + ' + displayName: Major Version Upgrade Check + path: majorVersionUpgrade.check + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The name of the extension to install. + displayName: Major Version Upgrade To Install Postgres Extensions Name + path: majorVersionUpgrade.toInstallPostgresExtensions.name + - description: The id of the publisher of the extension to install. + displayName: Major Version Upgrade To Install Postgres Extensions Publisher + path: majorVersionUpgrade.toInstallPostgresExtensions.publisher + - description: The version of the extension to install. + displayName: Major Version Upgrade To Install Postgres Extensions Version + path: majorVersionUpgrade.toInstallPostgresExtensions.version + - description: The repository base URL from where the extension will be + installed from. + displayName: Major Version Upgrade To Install Postgres Extensions Repository + path: majorVersionUpgrade.toInstallPostgresExtensions.repository + - description: The postgres major version of the extension to install. + displayName: Major Version Upgrade To Install Postgres Extensions Postgres + Version + path: majorVersionUpgrade.toInstallPostgresExtensions.postgresVersion + - description: The build version of the extension to install. + displayName: Major Version Upgrade To Install Postgres Extensions Build + path: majorVersionUpgrade.toInstallPostgresExtensions.build + - description: The extra mount of the installed extension. + displayName: Major Version Upgrade To Install Postgres Extensions Extra + Mounts + path: majorVersionUpgrade.toInstallPostgresExtensions.extraMounts + - description: "The method used to perform the restart operation. Available\ + \ methods are:\n\n* `InPlace`: the in-place method does not require\ + \ more resources than those that are available.\n In case only an instance\ + \ of the StackGres cluster is present this mean the service disruption\ + \ will\n last longer so we encourage use the reduced impact restart\ + \ and especially for a production environment.\n* `ReducedImpact`: this\ + \ procedure is the same as the in-place method but require additional\n\ + \ resources in order to spawn a new updated replica that will be removed\ + \ when the procedure completes.\n" + displayName: Restart Method + path: restart.method + - description: "By default all Pods are restarted. Setting this option to\ + \ `true` allow to restart only those Pods which\n are in pending restart\ + \ state as detected by the operation. Defaults to: `false`.\n" + displayName: Restart Only Pending Restart + path: restart.onlyPendingRestart + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'The target postgres version that must have the same major + version of the target SGCluster. + + ' + displayName: Minor Version Upgrade Postgres Version + path: minorVersionUpgrade.postgresVersion + - description: "The method used to perform the minor version upgrade operation.\ + \ Available methods are:\n\n* `InPlace`: the in-place method does not\ + \ require more resources than those that are available.\n In case only\ + \ an instance of the StackGres cluster is present this mean the service\ + \ disruption will\n last longer so we encourage use the reduced impact\ + \ restart and especially for a production environment.\n* `ReducedImpact`:\ + \ this procedure is the same as the in-place method but require additional\n\ + \ resources in order to spawn a new updated replica that will be removed\ + \ when the procedure completes.\n" + displayName: Minor Version Upgrade Method + path: minorVersionUpgrade.method + - description: "The method used to perform the security upgrade operation.\ + \ Available methods are:\n\n* `InPlace`: the in-place method does not\ + \ require more resources than those that are available.\n In case only\ + \ an instance of the StackGres cluster is present this mean the service\ + \ disruption will\n last longer so we encourage use the reduced impact\ + \ restart and especially for a production environment.\n* `ReducedImpact`:\ + \ this procedure is the same as the in-place method but require additional\n\ + \ resources in order to spawn a new updated replica that will be removed\ + \ when the procedure completes.\n" + displayName: Security Upgrade Method + path: securityUpgrade.method + statusDescriptors: + - displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Last time the condition transitioned from one status to another. + displayName: Conditions Last Transition Time + path: conditions.lastTransitionTime + - description: A human-readable message indicating details about the transition. + displayName: Conditions Message + path: conditions.message + - description: The reason for the condition last transition. + displayName: Conditions Reason + path: conditions.reason + - description: Status of the condition, one of `True`, `False` or `Unknown`. + displayName: Conditions Status + path: conditions.status + - description: Type of deployment condition. + displayName: Conditions Type + path: conditions.type + - description: 'The number of retries performed by the operation + + ' + displayName: Op Retries + path: opRetries + - description: 'The ISO 8601 timestamp of when the operation started running + + ' + displayName: Op Started + path: opStarted + - description: 'The number of transactions processed. + + ' + displayName: Benchmark Pgbench Transactions Processed + path: benchmark.pgbench.transactionsProcessed + - description: 'The latency measure unit represented in milliseconds + + ' + displayName: Benchmark Pgbench Latency Average Unit + path: benchmark.pgbench.latency.average.unit + - description: 'The latency measure unit represented in milliseconds + + ' + displayName: Benchmark Pgbench Latency Standard Deviation Unit + path: benchmark.pgbench.latency.standardDeviation.unit + - description: 'Transaction Per Second (tps) measure + + ' + displayName: Benchmark Pgbench Transactions Per Second Including Connections + Establishing Unit + path: benchmark.pgbench.transactionsPerSecond.includingConnectionsEstablishing.unit + - description: 'Transaction Per Second (tps) measure + + ' + displayName: Benchmark Pgbench Transactions Per Second Excluding Connections + Establishing Unit + path: benchmark.pgbench.transactionsPerSecond.excludingConnectionsEstablishing.unit + - description: 'The postgres version currently used by the primary instance + + ' + displayName: Major Version Upgrade Source Postgres Version + path: majorVersionUpgrade.sourcePostgresVersion + - description: 'The postgres version that the cluster will be upgraded to + + ' + displayName: Major Version Upgrade Target Postgres Version + path: majorVersionUpgrade.targetPostgresVersion + - description: 'The primary instance when the operation started + + ' + displayName: Major Version Upgrade Primary Instance + path: majorVersionUpgrade.primaryInstance + - displayName: Major Version Upgrade Initial Instances + path: majorVersionUpgrade.initialInstances + - displayName: Major Version Upgrade Pending To Restart Instances + path: majorVersionUpgrade.pendingToRestartInstances + - displayName: Major Version Upgrade Restarted Instances + path: majorVersionUpgrade.restartedInstances + - description: 'The phase the operation is or was executing) + + ' + displayName: Major Version Upgrade Phase + path: majorVersionUpgrade.phase + - description: 'A failure message (when available) + + ' + displayName: Major Version Upgrade Failure + path: majorVersionUpgrade.failure + - description: 'The primary instance when the operation started + + ' + displayName: Restart Primary Instance + path: restart.primaryInstance + - displayName: Restart Initial Instances + path: restart.initialInstances + - displayName: Restart Pending To Restart Instances + path: restart.pendingToRestartInstances + - displayName: Restart Restarted Instances + path: restart.restartedInstances + - description: 'An ISO 8601 date indicating if and when the switchover initiated + + ' + displayName: Restart Switchover Initiated + path: restart.switchoverInitiated + - description: 'An ISO 8601 date indicating if and when the switchover finalized + + ' + displayName: Restart Switchover Finalized + path: restart.switchoverFinalized + - description: 'A failure message (when available) + + ' + displayName: Restart Failure + path: restart.failure + - description: 'The postgres version currently used by the primary instance + + ' + displayName: Minor Version Upgrade Source Postgres Version + path: minorVersionUpgrade.sourcePostgresVersion + - description: 'The postgres version that the cluster will be upgraded (or + downgraded) to + + ' + displayName: Minor Version Upgrade Target Postgres Version + path: minorVersionUpgrade.targetPostgresVersion + - description: 'The primary instance when the operation started + + ' + displayName: Minor Version Upgrade Primary Instance + path: minorVersionUpgrade.primaryInstance + - displayName: Minor Version Upgrade Initial Instances + path: minorVersionUpgrade.initialInstances + - displayName: Minor Version Upgrade Pending To Restart Instances + path: minorVersionUpgrade.pendingToRestartInstances + - displayName: Minor Version Upgrade Restarted Instances + path: minorVersionUpgrade.restartedInstances + - description: 'An ISO 8601 date indicating if and when the switchover initiated + + ' + displayName: Minor Version Upgrade Switchover Initiated + path: minorVersionUpgrade.switchoverInitiated + - description: 'An ISO 8601 date indicating if and when the switchover finalized + + ' + displayName: Minor Version Upgrade Switchover Finalized + path: minorVersionUpgrade.switchoverFinalized + - description: 'A failure message (when available) + + ' + displayName: Minor Version Upgrade Failure + path: minorVersionUpgrade.failure + - description: 'The primary instance when the operation started + + ' + displayName: Security Upgrade Primary Instance + path: securityUpgrade.primaryInstance + - displayName: Security Upgrade Initial Instances + path: securityUpgrade.initialInstances + - displayName: Security Upgrade Pending To Restart Instances + path: securityUpgrade.pendingToRestartInstances + - displayName: Security Upgrade Restarted Instances + path: securityUpgrade.restartedInstances + - description: 'An ISO 8601 date indicating if and when the switchover initiated + + ' + displayName: Security Upgrade Switchover Initiated + path: securityUpgrade.switchoverInitiated + - description: 'An ISO 8601 date indicating if and when the switchover finalized + + ' + displayName: Security Upgrade Switchover Finalized + path: securityUpgrade.switchoverFinalized + - description: 'A failure message (when available) + + ' + displayName: Security Upgrade Failure + path: securityUpgrade.failure + version: v1 + - description: Multi-tenant logs server, to aggregate Postgres logs. Fully managed + displayName: StackGres Distributed Logs + kind: SGDistributedLogs + name: sgdistributedlogs.stackgres.io + specDescriptors: + - description: "The profile allow to change in a convenient place a set\ + \ of configuration defaults that affect how the cluster is generated.\n\ + \nAll those defaults can be overwritten by setting the correspoinding\ + \ fields.\n\nAvailable profiles are:\n\n* `production`:\n\n Prevents\ + \ two Pods from running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `false` by default).\n Sets both limits and requests using `SGInstanceProfile`\ + \ for `patroni` container that runs both Patroni and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced `SGInstanceProfile`\ + \ for sidecar containers other than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `testing`:\n\n Allows two Pods to running\ + \ in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Sets both limits and requests using `SGInstanceProfile`\ + \ for `patroni` container that runs both Patroni and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced `SGInstanceProfile`\ + \ for sidecar containers other than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `development`:\n\n Allows two Pods from\ + \ running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Unset both limits and requests for `patroni`\ + \ container that runs both Patroni and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `true` by default).\n Unsets requests for sidecar containers other\ + \ than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `true` by default).\n\n**Changing this field may require a restart.**\n" + displayName: Profile + path: profile + - description: 'Size of the PersistentVolume set for the pod of the cluster + for distributed logs. This size is specified either in Mebibytes, Gibibytes + or Tebibytes (multiples of 2^20, 2^30 or 2^40, respectively). + + ' + displayName: Persistent Volume Size + path: persistentVolume.size + - description: 'Name of an existing StorageClass in the Kubernetes cluster, + used to create the PersistentVolumes for the instances of the cluster. + + ' + displayName: Persistent Volume Storage Class + path: persistentVolume.storageClass + - description: Specifies the type of Kubernetes service(`ClusterIP`, `LoadBalancer`, + `NodePort`) + displayName: Postgres Services Primary Type + path: postgresServices.primary.type + - displayName: Postgres Services Primary Annotations + path: postgresServices.primary.annotations + - description: Specify loadBalancer IP of Postgres primary service for Distributed + Log + displayName: Postgres Services Primary Load Balancer IP + path: postgresServices.primary.loadBalancerIP + - description: Specify if the `-replicas` service should be created or not. + displayName: Postgres Services Replicas Enabled + path: postgresServices.replicas.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Specifies the type of Kubernetes service(`ClusterIP`, `LoadBalancer`, + `NodePort`). + displayName: Postgres Services Replicas Type + path: postgresServices.replicas.type + - displayName: Postgres Services Replicas Annotations + path: postgresServices.replicas.annotations + - description: Specify loadBalancer IP of Postgres replica service for Distributed + Log + displayName: Postgres Services Replicas Load Balancer IP + path: postgresServices.replicas.loadBalancerIP + - description: 'When set to `true` resources limits for containers other + than the patroni container wil be set just like for patroni contianer + as specified in the SGInstanceProfile. + + + **Changing this field may require a restart.** + + ' + displayName: Resources Enable Cluster Limits Requirements + path: resources.enableClusterLimitsRequirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "When set to `true` the resources requests values in fields\ + \ `SGInstanceProfile.spec.requests.cpu` and `SGInstanceProfile.spec.requests.memory`\ + \ will represent the resources\n requests of the patroni container and\ + \ the total resources requests calculated by adding the resources requests\ + \ of all the containers (including the patroni container).\n\n**Changing\ + \ this field may require a restart.**\n" + displayName: Resources Disable Resources Requests Split From Total + path: resources.disableResourcesRequestsSplitFromTotal + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Scheduling Node Selector + path: scheduling.nodeSelector + - description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + + + ' + displayName: Scheduling Tolerations Effect + path: scheduling.tolerations.effect + - description: Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator must be Exists; + this combination means to match all values and all keys. + displayName: Scheduling Tolerations Key + path: scheduling.tolerations.key + - description: 'Operator represents a key''s relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate all taints of a particular + category. + + + ' + displayName: Scheduling Tolerations Operator + path: scheduling.tolerations.operator + - description: TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is ignored) + tolerates the taint. By default, it is not set, which means tolerate + the taint forever (do not evict). Zero and negative values will be treated + as 0 (evict immediately) by the system. + displayName: Scheduling Tolerations Toleration Seconds + path: scheduling.tolerations.tolerationSeconds + - description: Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just a regular + string. + displayName: Scheduling Tolerations Value + path: scheduling.tolerations.value + - description: 'Node affinity is a group of node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + displayName: Scheduling Node Affinity + path: scheduling.nodeAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:nodeAffinity + - description: 'Priority indicates the importance of a Pod relative to other + Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the pending Pod possible. + + ' + displayName: Scheduling Priority Class Name + path: scheduling.priorityClassName + - description: 'Pod affinity is a group of inter pod affinity scheduling + rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + displayName: Scheduling Pod Affinity + path: scheduling.podAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAffinity + - description: 'Pod anti affinity is a group of inter pod anti affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + displayName: Scheduling Pod Anti Affinity + path: scheduling.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: 'Name of the [SGInstanceProfile](https://stackgres.io/doc/latest/04-postgres-cluster-management/03-resource-profiles/). + A SGInstanceProfile defines CPU and memory limits. Must exist before + creating a distributed logs. When no profile is set, a default (currently: + 1 core, 2 GiB RAM) one is used. + + + **Changing this field may require a restart.** + + ' + displayName: SGInstanceProfile + path: sgInstanceProfile + - description: 'Name of the [SGPostgresConfig](https://stackgres.io/doc/latest/reference/crd/sgpgconfig) + used for the distributed logs. It must exist. When not set, a default + Postgres config, for the major version selected, is used. + + + **Changing this field may require a restart.** + + ' + displayName: Configurations SGPostgresConfig + path: configurations.sgPostgresConfig + - displayName: Metadata Annotations All Resources + path: metadata.annotations.allResources + - displayName: Metadata Annotations Pods + path: metadata.annotations.pods + - displayName: Metadata Annotations Services + path: metadata.annotations.services + - description: The name of the extension to install. + displayName: To Install Postgres Extensions Name + path: toInstallPostgresExtensions.name + - description: The id of the publisher of the extension to install. + displayName: To Install Postgres Extensions Publisher + path: toInstallPostgresExtensions.publisher + - description: The version of the extension to install. + displayName: To Install Postgres Extensions Version + path: toInstallPostgresExtensions.version + - description: The repository base URL from where the extension will be + installed from. + displayName: To Install Postgres Extensions Repository + path: toInstallPostgresExtensions.repository + - description: The postgres major version of the extension to install. + displayName: To Install Postgres Extensions Postgres Version + path: toInstallPostgresExtensions.postgresVersion + - description: The build version of the extension to install. + displayName: To Install Postgres Extensions Build + path: toInstallPostgresExtensions.build + - description: The extra mount of the installed extension. + displayName: To Install Postgres Extensions Extra Mounts + path: toInstallPostgresExtensions.extraMounts + - description: 'It is a best practice, on non-containerized environments, + when running production workloads, to run each database server on a + different server (virtual or physical), i.e., not to co-locate more + than one database server per host. + + + The same best practice applies to databases on containers. By default, + StackGres will not allow to run more than one StackGres or Distributed + Logs pod on a given Kubernetes node. If set to `true` it will allow + more than one StackGres pod per node. + + + **Changing this field may require a restart.** + + ' + displayName: Non Production Options Disable Cluster Pod Anti Affinity + path: nonProductionOptions.disableClusterPodAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'It is a best practice, on containerized environments, when + running production workloads, to enforce container''s resources requirements. + + + The same best practice applies to databases on containers. By default, + StackGres will configure resource requirements for patroni container. + Set this property to true to prevent StackGres from setting patroni + container''s resources requirement. + + + **Changing this field may require a restart.** + + ' + displayName: Non Production Options Disable Patroni Resource Requirements + path: nonProductionOptions.disablePatroniResourceRequirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'It is a best practice, on containerized environments, when + running production workloads, to enforce container''s resources requirements. + + + By default, StackGres will configure resource requirements for all the + containers. Set this property to true to prevent StackGres from setting + container''s resources requirements (except for patroni container, see + `disablePatroniResourceRequirements`). + + + **Changing this field may require a restart.** + + ' + displayName: Non Production Options Disable Cluster Resource Requirements + path: nonProductionOptions.disableClusterResourceRequirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's cpu requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ cpu than it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs on the node.\n\ + \nBy default, StackGres will configure cpu requirements to have the\ + \ same limit and request for the patroni container. Set this property\ + \ to true to prevent StackGres from setting patroni container's cpu\ + \ requirements request equals to the limit\n when `.spec.requests.cpu`\ + \ is configured in the referenced `SGInstanceProfile`.\n\n**Changing\ + \ this field may require a restart.**\n" + displayName: Non Production Options Enable Set Patroni Cpu Requests + path: nonProductionOptions.enableSetPatroniCpuRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's cpu requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ cpu than it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs on the node.\n\ + \nBy default, StackGres will configure cpu requirements to have the\ + \ same limit and request for all the containers. Set this property to\ + \ true to prevent StackGres from setting container's cpu requirements\ + \ request equals to the limit (except for patroni container, see `enablePatroniCpuRequests`)\n\ + \ when `.spec.requests.containers..cpu` `.spec.requests.initContainers..cpu` is configured in the referenced `SGInstanceProfile`.\n\n\ + **Changing this field may require a restart.**\n" + displayName: Non Production Options Enable Set Cluster Cpu Requests + path: nonProductionOptions.enableSetClusterCpuRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's memory requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ memory than it requires.\n\nBy default, StackGres will configure memory\ + \ requirements to have the same limit and request for the patroni container.\ + \ Set this property to true to prevent StackGres from setting patroni\ + \ container's memory requirements request equals to the limit\n when\ + \ `.spec.requests.memory` is configured in the referenced `SGInstanceProfile`.\n\ + \n**Changing this field may require a restart.**\n" + displayName: Non Production Options Enable Set Patroni Memory Requests + path: nonProductionOptions.enableSetPatroniMemoryRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's memory requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ memory than it requires.\n\nBy default, StackGres will configure memory\ + \ requirements to have the same limit and request for all the containers.\ + \ Set this property to true to prevent StackGres from setting container's\ + \ memory requirements request equals to the limit (except for patroni\ + \ container, see `enablePatroniCpuRequests`)\n when `.spec.requests.containers..memory` `.spec.requests.initContainers..memory`\ + \ is configured in the referenced `SGInstanceProfile`.\n\n**Changing\ + \ this field may require a restart.**\n" + displayName: Non Production Options Enable Set Cluster Memory Requests + path: nonProductionOptions.enableSetClusterMemoryRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: Last time the condition transitioned from one status to another. + displayName: Conditions Last Transition Time + path: conditions.lastTransitionTime + - description: A human readable message indicating details about the transition. + displayName: Conditions Message + path: conditions.message + - description: The reason for the condition's last transition. + displayName: Conditions Reason + path: conditions.reason + - description: Status of the condition, one of True, False, Unknown. + displayName: Conditions Status + path: conditions.status + - description: Type of deployment condition. + displayName: Conditions Type + path: conditions.type + - description: The name of the pod. + displayName: Pod Statuses Name + path: podStatuses.name + - description: Indicates if the pod is the elected primary + displayName: Pod Statuses Primary + path: podStatuses.primary + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Indicates if the pod requires restart + displayName: Pod Statuses Pending Restart + path: podStatuses.pendingRestart + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The name of the installed extension. + displayName: Pod Statuses Installed Postgres Extensions Name + path: podStatuses.installedPostgresExtensions.name + - description: The id of the publisher of the installed extension. + displayName: Pod Statuses Installed Postgres Extensions Publisher + path: podStatuses.installedPostgresExtensions.publisher + - description: The version of the installed extension. + displayName: Pod Statuses Installed Postgres Extensions Version + path: podStatuses.installedPostgresExtensions.version + - description: The repository base URL from where the extension was installed. + displayName: Pod Statuses Installed Postgres Extensions Repository + path: podStatuses.installedPostgresExtensions.repository + - description: The postgres major version of the installed extension. + displayName: Pod Statuses Installed Postgres Extensions Postgres Version + path: podStatuses.installedPostgresExtensions.postgresVersion + - description: The build version of the installed extension. + displayName: Pod Statuses Installed Postgres Extensions Build + path: podStatuses.installedPostgresExtensions.build + - description: The database name that has been created + displayName: Databases Name + path: databases.name + - description: The retention window that has been applied to tables + displayName: Databases Retention + path: databases.retention + - description: The `sgcluster` namespace + displayName: Connected Clusters Namespace + path: connectedClusters.namespace + - description: The `sgcluster` name + displayName: Connected Clusters Name + path: connectedClusters.name + - description: The `sgdistributedlogs` to which this `sgcluster` is connected + to + displayName: Connected Clusters Config SGDistributedLogs + path: connectedClusters.config.sgDistributedLogs + - description: The retention window that has been applied to tables + displayName: Connected Clusters Config Retention + path: connectedClusters.config.retention + - description: The hash of the configuration file that is used by fluentd + displayName: Fluentd Config Hash + path: fluentdConfigHash + - description: The architecture on which the cluster has been initialized. + displayName: Arch + path: arch + - description: The operative system on which the cluster has been initialized. + displayName: Os + path: os + - description: The custom prefix that is prepended to all labels. + displayName: Label Prefix + path: labelPrefix + version: v1 + - description: Instance Profiles are like "t-shirt" sizes, used for pods sizing + displayName: StackGres Instance Profile + kind: SGInstanceProfile + name: sginstanceprofiles.stackgres.io + specDescriptors: + - description: "CPU(s) (cores) limits for every resource's Pod that reference\ + \ this SGInstanceProfile. The suffix `m`\n specifies millicpus (where\ + \ 1000m is equals to 1).\n\nThe number of cpu limits is assigned to\ + \ the patroni container (that runs both Patroni and PostgreSQL).\n\n\ + A minimum of 2 cpu is recommended.\n" + displayName: Cpu + path: cpu + - description: "RAM limits for every resource's Pod that reference this\ + \ SGInstanceProfile. The suffix `Mi` or `Gi`\n specifies Mebibytes\ + \ or Gibibytes, respectively.\n\nThe amount of RAM limits is assigned\ + \ to the patroni container (that runs both Patroni and PostgreSQL).\n\ + \nA minimum of 2Gi is recommended.\n" + displayName: Memory + path: memory + - description: "RAM limits allocated for huge pages of the patroni container\ + \ (that runs both Patroni and PostgreSQL) with a size of 2Mi. The suffix\ + \ `Mi` or `Gi`\n specifies Mebibytes or Gibibytes, respectively.\n" + displayName: Huge Pages Hugepages-2 Mi + path: hugePages.hugepages-2Mi + - description: "RAM limits allocated for huge pages of the patroni container\ + \ (that runs both Patroni and PostgreSQL) with a size of 1Gi. The suffix\ + \ `Mi` or `Gi`\n specifies Mebibytes or Gibibytes, respectively.\n" + displayName: Huge Pages Hugepages-1 Gi + path: hugePages.hugepages-1Gi + - description: "CPU(s) (cores) limits for the specified container. The suffix\ + \ `m`\n specifies millicpus (where 1000m is equals to 1).\n" + displayName: Containers Cpu + path: containers.cpu + - description: "RAM limits for the specified container. The suffix `Mi`\ + \ or `Gi`\n specifies Mebibytes or Gibibytes, respectively.\n" + displayName: Containers Memory + path: containers.memory + - description: "RAM limits for huge pages of the specified container with\ + \ a size of 2Mi. The suffix `Mi`\n or `Gi` specifies Mebibytes or Gibibytes,\ + \ respectively.\n" + displayName: Containers Huge Pages Hugepages-2 Mi + path: containers.hugePages.hugepages-2Mi + - description: "RAM limits for huge pages of the specified container with\ + \ a size of 1Gi. The suffix `Mi`\n or `Gi` specifies Mebibytes or Gibibytes,\ + \ respectively.\n" + displayName: Containers Huge Pages Hugepages-1 Gi + path: containers.hugePages.hugepages-1Gi + - description: "CPU(s) (cores) limits for the specified init container.\ + \ The suffix\n `m` specifies millicpus (where 1000m is equals to 1).\n" + displayName: Init Containers Cpu + path: initContainers.cpu + - description: "RAM limits for the specified init container. The suffix\ + \ `Mi`\n or `Gi` specifies Mebibytes or Gibibytes, respectively.\n" + displayName: Init Containers Memory + path: initContainers.memory + - description: "RAM limits for huge pages of the specified init container\ + \ with a size of 2Mi. The suffix `Mi`\n or `Gi` specifies Mebibytes\ + \ or Gibibytes, respectively.\n" + displayName: Init Containers Huge Pages Hugepages-2 Mi + path: initContainers.hugePages.hugepages-2Mi + - description: "RAM limits for huge pages of the specified init container\ + \ with a size of 1Gi. The suffix `Mi` or `Gi`\n specifies Mebibytes\ + \ or Gibibytes, respectively.\n" + displayName: Init Containers Huge Pages Hugepages-1 Gi + path: initContainers.hugePages.hugepages-1Gi + - description: "CPU(s) (cores) requests for every resource's Pod that reference\ + \ this SGInstanceProfile. The suffix `m`\n specifies millicpus (where\ + \ 1000m is equals to 1).\n\nBy default the cpu requests values in field\ + \ `.spec.requests.cpu` represent the total cpu requests assigned to\ + \ each resource's Pod that reference this SGInstanceProfile.\n The cpu\ + \ requests of the patroni container (that runs both Patroni and PostgreSQL)\ + \ is calculated by subtracting from the total cpu requests the cpu requests\ + \ of other containers that are present in the Pod.\n To change this\ + \ behavior and having the cpu requests values in field `.spec.requests.cpu`\ + \ to represent the cpu requests of the patroni container and the total\ + \ cpu requests\n calculated by adding the cpu requests of all the containers\ + \ (including the patroni container) you may set one or more of the following\ + \ fields to `true`\n (depending on the resource's Pods you need this\ + \ behaviour to be changed):\n \n* `SGCluster.spec.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.coordinator.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.shards.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.shards.ovewrites.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGDistributedLogs.spec.resources.disableResourcesRequestsSplitFromTotal`\n" + displayName: Requests Cpu + path: requests.cpu + - description: "RAM requests for every resource's Pod that reference this\ + \ SGInstanceProfile. The suffix `Mi` or `Gi`\n specifies Mebibytes\ + \ or Gibibytes, respectively.\n\nBy default the memory requests values\ + \ in field `.spec.requests.memory` represent the total memory requests\ + \ assigned to each resource's Pod that reference this SGInstanceProfile.\n\ + \ The memory requests of the patroni container (that runs both Patroni\ + \ and PostgreSQL) is calculated by subtracting from the total memory\ + \ requests the memory requests of other containers that are present\ + \ in the Pod.\n To change this behavior and having the memory requests\ + \ values in field `.spec.requests.memory` to represent the memory requests\ + \ of the patroni container and the total memory requests\n calculated\ + \ by adding the memory requests of all the containers (including the\ + \ patroni container) you may set one or more of the following fields\ + \ to `true`\n (depending on the resource's Pods you need this behaviour\ + \ to be changed):\n \n* `SGCluster.spec.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.coordinator.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.shards.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.shards.ovewrites.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGDistributedLogs.spec.resources.disableResourcesRequestsSplitFromTotal`\n" + displayName: Requests Memory + path: requests.memory + - description: "CPU(s) (cores) requests for the specified container. The\ + \ suffix `m`\n specifies millicpus (where 1000m is equals to 1).\n" + displayName: Requests Containers Cpu + path: requests.containers.cpu + - description: "RAM requests for the specified container. The suffix `Mi`\ + \ or `Gi`\n specifies Mebibytes or Gibibytes, respectively.\n" + displayName: Requests Containers Memory + path: requests.containers.memory + - description: "CPU(s) (cores) requests for the specified init container.\ + \ The suffix\n `m` specifies millicpus (where 1000m is equals to 1).\n" + displayName: Requests Init Containers Cpu + path: requests.initContainers.cpu + - description: "RAM requests for the specified init container. The suffix\ + \ `Mi`\n or `Gi` specifies Mebibytes or Gibibytes, respectively.\n" + displayName: Requests Init Containers Memory + path: requests.initContainers.memory + version: v1 + - description: Handle to an existing Object Storage (e.g. S3), used to store + backups + displayName: StackGres Object Storage + kind: SGObjectStorage + name: sgobjectstorages.stackgres.io + specDescriptors: + - description: "Determine the type of object storage used for storing the\ + \ base backups and WAL segments.\n Possible values:\n * `s3`:\ + \ Amazon Web Services S3 (Simple Storage Service).\n * `s3Compatible`:\ + \ non-AWS services that implement a compatibility API with AWS S3.\n\ + \ * `gcs`: Google Cloud Storage.\n * `azureBlob`: Microsoft\ + \ Azure Blob Storage.\n" + displayName: Type + path: type + - description: 'AWS S3 bucket name. + + ' + displayName: S3 Bucket + path: s3.bucket + - description: 'The AWS S3 region. The Region may be detected using s3:GetBucketLocation, + but if you wish to avoid giving permissions to this API call or forbid + it from the applicable IAM policy, you must then specify this property. + + ' + displayName: S3 Region + path: s3.region + - description: 'The [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) + to use for the backup object storage. By default, the `STANDARD` storage + class is used. Other supported values include `STANDARD_IA` for Infrequent + Access and `REDUCED_REDUNDANCY`. + + ' + displayName: S3 Storage Class + path: s3.storageClass + - description: 'AWS [access key ID](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). + For example, `AKIAIOSFODNN7EXAMPLE`. + + ' + displayName: S3 Aws Credentials Secret Key Selectors Access Key Id + path: s3.awsCredentials.secretKeySelectors.accessKeyId + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: S3 Aws Credentials Secret Key Selectors Access Key Id Key + path: s3.awsCredentials.secretKeySelectors.accessKeyId.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: S3 Aws Credentials Secret Key Selectors Access Key Id Name + path: s3.awsCredentials.secretKeySelectors.accessKeyId.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: 'AWS [secret access key](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). + For example, `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`. + + ' + displayName: S3 Aws Credentials Secret Key Selectors Secret Access Key + path: s3.awsCredentials.secretKeySelectors.secretAccessKey + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: S3 Aws Credentials Secret Key Selectors Secret Access Key + Key + path: s3.awsCredentials.secretKeySelectors.secretAccessKey.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: S3 Aws Credentials Secret Key Selectors Secret Access Key + Name + path: s3.awsCredentials.secretKeySelectors.secretAccessKey.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: 'Bucket name. + + ' + displayName: S3 Compatible Bucket + path: s3Compatible.bucket + - description: 'Enable path-style addressing (i.e. `http://s3.amazonaws.com/BUCKET/KEY`) + when connecting to an S3-compatible service that lacks support for sub-domain + style bucket URLs (i.e. `http://BUCKET.s3.amazonaws.com/KEY`). + + + Defaults to false. + + ' + displayName: S3 Compatible Enable Path Style Addressing + path: s3Compatible.enablePathStyleAddressing + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Overrides the default url to connect to an S3-compatible + service. + + For example: `http://s3-like-service:9000`. + + ' + displayName: S3 Compatible Endpoint + path: s3Compatible.endpoint + - description: 'The AWS S3 region. The Region may be detected using s3:GetBucketLocation, + but if you wish to avoid giving permissions to this API call or forbid + it from the applicable IAM policy, you must then specify this property. + + ' + displayName: S3 Compatible Region + path: s3Compatible.region + - description: 'The [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) + to use for the backup object storage. By default, the `STANDARD` storage + class is used. Other supported values include `STANDARD_IA` for Infrequent + Access and `REDUCED_REDUNDANCY`. + + ' + displayName: S3 Compatible Storage Class + path: s3Compatible.storageClass + - description: 'AWS [access key ID](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). + For example, `AKIAIOSFODNN7EXAMPLE`. + + ' + displayName: S3 Compatible Aws Credentials Secret Key Selectors Access + Key Id + path: s3Compatible.awsCredentials.secretKeySelectors.accessKeyId + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: S3 Compatible Aws Credentials Secret Key Selectors Access + Key Id Key + path: s3Compatible.awsCredentials.secretKeySelectors.accessKeyId.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: S3 Compatible Aws Credentials Secret Key Selectors Access + Key Id Name + path: s3Compatible.awsCredentials.secretKeySelectors.accessKeyId.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: 'AWS [secret access key](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). + For example, `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`. + + ' + displayName: S3 Compatible Aws Credentials Secret Key Selectors Secret + Access Key + path: s3Compatible.awsCredentials.secretKeySelectors.secretAccessKey + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: S3 Compatible Aws Credentials Secret Key Selectors Secret + Access Key Key + path: s3Compatible.awsCredentials.secretKeySelectors.secretAccessKey.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: S3 Compatible Aws Credentials Secret Key Selectors Secret + Access Key Name + path: s3Compatible.awsCredentials.secretKeySelectors.secretAccessKey.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: S3 Compatible Aws Credentials Secret Key Selectors Ca Certificate + Key + path: s3Compatible.awsCredentials.secretKeySelectors.caCertificate.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: S3 Compatible Aws Credentials Secret Key Selectors Ca Certificate + Name + path: s3Compatible.awsCredentials.secretKeySelectors.caCertificate.name + - description: 'GCS bucket name. + + ' + displayName: Gcs Bucket + path: gcs.bucket + - description: 'If true, the credentials will be fetched from the GCE/GKE + metadata service and the field `secretKeySelectors` have to be set to + null or omitted. + + + This is useful when running StackGres inside a GKE cluster using [Workload + Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity). + + ' + displayName: Gcs Gcp Credentials Fetch Credentials From Metadata Service + path: gcs.gcpCredentials.fetchCredentialsFromMetadataService + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'A service account key from GCP. In JSON format, as downloaded + from the GCP Console. + + ' + displayName: Gcs Gcp Credentials Secret Key Selectors Service Account + JSON + path: gcs.gcpCredentials.secretKeySelectors.serviceAccountJSON + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: Gcs Gcp Credentials Secret Key Selectors Service Account + JSON Key + path: gcs.gcpCredentials.secretKeySelectors.serviceAccountJSON.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: Gcs Gcp Credentials Secret Key Selectors Service Account + JSON Name + path: gcs.gcpCredentials.secretKeySelectors.serviceAccountJSON.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: 'Azure Blob Storage bucket name. + + ' + displayName: Azure Blob Bucket + path: azureBlob.bucket + - description: 'The [Storage Account](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=/azure/storage/blobs/toc.json) + that contains the Blob bucket to be used. + + ' + displayName: Azure Blob Azure Credentials Secret Key Selectors Storage + Account + path: azureBlob.azureCredentials.secretKeySelectors.storageAccount + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: Azure Blob Azure Credentials Secret Key Selectors Storage + Account Key + path: azureBlob.azureCredentials.secretKeySelectors.storageAccount.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: Azure Blob Azure Credentials Secret Key Selectors Storage + Account Name + path: azureBlob.azureCredentials.secretKeySelectors.storageAccount.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: 'The [storage account access key](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal). + + ' + displayName: Azure Blob Azure Credentials Secret Key Selectors Access + Key + path: azureBlob.azureCredentials.secretKeySelectors.accessKey + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: 'The key of the secret to select from. Must be a valid secret + key. + + ' + displayName: Azure Blob Azure Credentials Secret Key Selectors Access + Key Key + path: azureBlob.azureCredentials.secretKeySelectors.accessKey.key + - description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + displayName: Azure Blob Azure Credentials Secret Key Selectors Access + Key Name + path: azureBlob.azureCredentials.secretKeySelectors.accessKey.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + version: v1beta1 + - description: Strongly validated customized Postgres configuration (postgresql.conf) + displayName: StackGres Postgres Configuration + kind: SGPostgresConfig + name: sgpgconfigs.stackgres.io + specDescriptors: + - description: 'The **major** Postgres version the configuration is for. + Postgres major versions contain one number starting with version 10 + (`10`, `11`, `12`, etc), and two numbers separated by a dot for previous + versions (`9.6`, `9.5`, etc). + + + Note that Postgres maintains full compatibility across minor versions, + and hence a configuration for a given major version will work for any + minor version of that same major version. + + + Check [StackGres component versions](https://stackgres.io/doc/latest/intro/versions) + to see the Postgres versions supported by this version of StackGres. + + ' + displayName: Postgres Version + path: postgresVersion + - displayName: Postgresql Conf + path: postgresql\.conf + statusDescriptors: + - displayName: Default Parameters + path: defaultParameters + version: v1 + - description: Customized PgBouncer (connection pooler) configuration + displayName: StackGres Connection Pooling Configuration + kind: SGPoolingConfig + name: sgpoolconfigs.stackgres.io + statusDescriptors: + - displayName: Pg Bouncer Default Parameters + path: pgBouncer.defaultParameters + version: v1 + - description: Managed SQL Scripts, used for initial SQL commands or migrations + displayName: StackGres Script + kind: SGScript + name: sgscripts.stackgres.io + specDescriptors: + - description: 'If `true` the versions will be managed by the operator automatically. + The user will still be able to update them if needed. `true` by default. + + ' + displayName: Managed Versions + path: managedVersions + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If `true`, when any script entry fail will not prevent subsequent + script entries from being executed. `false` by default. + + ' + displayName: Continue On Error + path: continueOnError + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Name of the script. Must be unique across this SGScript. + + ' + displayName: Scripts Name + path: scripts.name + - description: 'The id is immutable and must be unique across all the script + entries. It is replaced by the operator and is used to identify the + script for the whole life of the `SGScript` object. + + ' + displayName: Scripts Id + path: scripts.id + - description: 'Version of the script. It will allow to identify if this + script entry has been changed. + + ' + displayName: Scripts Version + path: scripts.version + - description: 'Database where the script is executed. Defaults to the `postgres` + database, if not specified. + + ' + displayName: Scripts Database + path: scripts.database + - description: 'User that will execute the script. Defaults to the `postgres` + user. + + ' + displayName: Scripts User + path: scripts.user + - description: 'Wrap the script in a transaction using the specified transaction + mode: + + + * `read-committed`: The script will be wrapped in a transaction using + [READ COMMITTED](https://www.postgresql.org/docs/current/transaction-iso.html#XACT-READ-COMMITTED) + isolation level. + + * `repeatable-read`: The script will be wrapped in a transaction using + [REPEATABLE READ](https://www.postgresql.org/docs/current/transaction-iso.html#XACT-REPEATABLE-READ) + isolation level. + + * `serializable`: The script will be wrapped in a transaction using + [SERIALIZABLE](https://www.postgresql.org/docs/current/transaction-iso.html#XACT-SERIALIZABLE) + isolation level. + + + If not set the script entry will not be wrapped in a transaction + + ' + displayName: Scripts Wrap In Transaction + path: scripts.wrapInTransaction + - description: "When set to `true` the script entry execution will include\ + \ storing the status of the execution of this\n script entry in the\ + \ table `managed_sql.status` that will be created in the specified `database`.\ + \ This\n will avoid an operation that fails partially to be unrecoverable\ + \ requiring the intervention from the user\n if user in conjunction\ + \ with `retryOnError`.\n\nIf set to `true` then `wrapInTransaction`\ + \ field must be set.\n\nThis is `false` by default.\n" + displayName: Scripts Store Status In Database + path: scripts.storeStatusInDatabase + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "If not set or set to `false` the script entry will not be\ + \ retried if it fails.\n\nWhen set to `true` the script execution will\ + \ be retried with an exponential backoff of 5 minutes,\n starting from\ + \ 10 seconds and a standard deviation of 10 seconds.\n\nThis is `false`\ + \ by default.\n" + displayName: Scripts Retry On Error + path: scripts.retryOnError + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Raw SQL script to execute. This field is mutually exclusive + with `scriptFrom` field. + + ' + displayName: Scripts Script + path: scripts.script + - description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the SQL script to execute. This field is mutually exclusive + with `configMapKeyRef` field. + + ' + displayName: Scripts Script From Secret Key Ref + path: scripts.scriptFrom.secretKeyRef + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Scripts Script From Secret Key Ref Name + path: scripts.scriptFrom.secretKeyRef.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Scripts Script From Secret Key Ref Key + path: scripts.scriptFrom.secretKeyRef.key + - description: 'A [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) + reference that contains the SQL script to execute. This field is mutually + exclusive with `secretKeyRef` field. + + ' + displayName: Scripts Script From Config Map Key Ref + path: scripts.scriptFrom.configMapKeyRef + x-descriptors: + - urn:alm:descriptor:io.kubernetes:ConfigMap + - description: 'The name of the ConfigMap that contains the SQL script to + execute. + + ' + displayName: Scripts Script From Config Map Key Ref Name + path: scripts.scriptFrom.configMapKeyRef.name + - description: 'The key name within the ConfigMap that contains the SQL + script to execute. + + ' + displayName: Scripts Script From Config Map Key Ref Key + path: scripts.scriptFrom.configMapKeyRef.key + statusDescriptors: + - description: 'The id that identifies a script entry. + + ' + displayName: Scripts Id + path: scripts.id + - description: 'The hash of a ConfigMap or Secret referenced with the associated + script entry. + + ' + displayName: Scripts Hash + path: scripts.hash + version: v1 + - kind: SGShardedBackup + name: sgshardedbackups.stackgres.io + version: v1 + - description: Manages Postgres sharded clusters (two or more SGClusters) + displayName: StackGres Sharded Cluster + kind: SGShardedCluster + name: sgshardedclusters.stackgres.io + specDescriptors: + - description: "The profile allow to change in a convenient place a set\ + \ of configuration defaults that affect how the cluster is generated.\n\ + \nAll those defaults can be overwritten by setting the correspoinding\ + \ fields.\n\nAvailable profiles are:\n\n* `production`:\n\n Prevents\ + \ two Pods from running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `false` by default).\n Sets both limits and requests using `SGInstanceProfile`\ + \ for `patroni` container that runs both Patroni and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced `SGInstanceProfile`\ + \ for sidecar containers other than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `testing`:\n\n Allows two Pods to running\ + \ in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Sets both limits and requests using `SGInstanceProfile`\ + \ for `patroni` container that runs both Patroni and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced `SGInstanceProfile`\ + \ for sidecar containers other than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `development`:\n\n Allows two Pods from\ + \ running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Unset both limits and requests for `patroni`\ + \ container that runs both Patroni and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `true` by default).\n Unsets requests for sidecar containers other\ + \ than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `true` by default).\n\n**Changing this field may require a restart.**\n" + displayName: Profile + path: profile + - description: 'The sharding technology that will be used for the sharded + cluster. + + + Currently the only possible value for this field is `citus`. + + ' + displayName: Type + path: type + - description: 'The database name that will be created and used across all + node and where "partitioned" (distributed) tables will live in. + + ' + displayName: Database + path: database + - description: 'Postgres version used on the cluster. It is either of: + + * The string ''latest'', which automatically sets the latest major.minor + Postgres version. + + * A major version, like ''14'' or ''13'', which sets that major version + and the latest minor version. + + * A specific major.minor version, like ''14.4''. + + ' + displayName: Postgres Version + path: postgres.version + - description: 'Postgres flavor used on the cluster. It is either of: + + * `babelfish` will use the [Babelfish for Postgres](https://babelfish-for-postgresql.github.io/babelfish-for-postgresql/). + + + If not specified then the vanilla Postgres will be used for the cluster. + + + **This field can only be set on creation.** + + ' + displayName: Postgres Flavor + path: postgres.flavor + - description: The name of the extension to deploy. + displayName: Postgres Extensions Name + path: postgres.extensions.name + - description: The id of the publisher of the extension to deploy. If not + specified `com.ongres` will be used by default. + displayName: Postgres Extensions Publisher + path: postgres.extensions.publisher + - description: The version of the extension to deploy. If not specified + version of `stable` channel will be used by default. + displayName: Postgres Extensions Version + path: postgres.extensions.version + - description: 'The repository base URL from where to obtain the extension + to deploy. + + + **This section is filled by the operator.** + + ' + displayName: Postgres Extensions Repository + path: postgres.extensions.repository + - description: 'Allow to enable SSL for connections to Postgres. By default + is `true`. + + + If `true` certificate and private key will be auto-generated unless + fields `certificateSecretKeySelector` and `privateKeySecretKeySelector` + are specified. + + ' + displayName: Postgres Ssl Enabled + path: postgres.ssl.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Secret key selector for the certificate or certificate chain + used for SSL connections. + + ' + displayName: Postgres Ssl Certificate Secret Key Selector + path: postgres.ssl.certificateSecretKeySelector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: 'The name of Secret that contains the certificate or certificate + chain for SSL connections + + ' + displayName: Postgres Ssl Certificate Secret Key Selector Name + path: postgres.ssl.certificateSecretKeySelector.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: 'The key of Secret that contains the certificate or certificate + chain for SSL connections + + ' + displayName: Postgres Ssl Certificate Secret Key Selector Key + path: postgres.ssl.certificateSecretKeySelector.key + - description: 'Secret key selector for the private key used for SSL connections. + + ' + displayName: Postgres Ssl Private Key Secret Key Selector + path: postgres.ssl.privateKeySecretKeySelector + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - description: 'The name of Secret that contains the private key for SSL + connections + + ' + displayName: Postgres Ssl Private Key Secret Key Selector Name + path: postgres.ssl.privateKeySecretKeySelector.name + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: 'The key of Secret that contains the private key for SSL + connections + + ' + displayName: Postgres Ssl Private Key Secret Key Selector Key + path: postgres.ssl.privateKeySecretKeySelector.key + - description: "The replication mode applied to the whole cluster.\nPossible\ + \ values are:\n* `async` (default)\n* `sync`\n* `strict-sync`\n* `sync-all`\n\ + * `strict-sync-all`\n\n**async**\n\nWhen in asynchronous mode the cluster\ + \ is allowed to lose some committed transactions.\n When the primary\ + \ server fails or becomes unavailable for any other reason a sufficiently\ + \ healthy standby\n will automatically be promoted to primary. Any\ + \ transactions that have not been replicated to that standby\n remain\ + \ in a \"forked timeline\" on the primary, and are effectively unrecoverable\ + \ (the data is still there,\n but recovering it requires a manual recovery\ + \ effort by data recovery specialists).\n\n**sync**\n\nWhen in synchronous\ + \ mode a standby will not be promoted unless it is certain that the\ + \ standby contains all\n transactions that may have returned a successful\ + \ commit status to client (clients can change the behavior\n per transaction\ + \ using PostgreSQL’s `synchronous_commit` setting. Transactions with\ + \ `synchronous_commit`\n values of `off` and `local` may be lost on\ + \ fail over, but will not be blocked by replication delays). This\n\ + \ means that the system may be unavailable for writes even though some\ + \ servers are available. System\n administrators can still use manual\ + \ failover commands to promote a standby even if it results in transaction\n\ + \ loss.\n\nSynchronous mode does not guarantee multi node durability\ + \ of commits under all circumstances. When no suitable\n standby is\ + \ available, primary server will still accept writes, but does not guarantee\ + \ their replication. When\n the primary fails in this mode no standby\ + \ will be promoted. When the host that used to be the primary comes\n\ + \ back it will get promoted automatically, unless system administrator\ + \ performed a manual failover. This behavior\n makes synchronous mode\ + \ usable with 2 node clusters.\n\nWhen synchronous mode is used and\ + \ a standby crashes, commits will block until the primary is switched\ + \ to standalone\n mode. Manually shutting down or restarting a standby\ + \ will not cause a commit service interruption. Standby will\n signal\ + \ the primary to release itself from synchronous standby duties before\ + \ PostgreSQL shutdown is initiated.\n\n**strict-sync**\n\nWhen it is\ + \ absolutely necessary to guarantee that each write is stored durably\ + \ on at least two nodes, use the strict\n synchronous mode. This mode\ + \ prevents synchronous replication to be switched off on the primary\ + \ when no synchronous\n standby candidates are available. As a downside,\ + \ the primary will not be available for writes (unless the Postgres\n\ + \ transaction explicitly turns off `synchronous_mode` parameter), blocking\ + \ all client write requests until at least one\n synchronous replica\ + \ comes up.\n\n**Note**: Because of the way synchronous replication\ + \ is implemented in PostgreSQL it is still possible to lose\n transactions\ + \ even when using strict synchronous mode. If the PostgreSQL backend\ + \ is cancelled while waiting to acknowledge\n replication (as a result\ + \ of packet cancellation due to client timeout or backend failure) transaction\ + \ changes become\n visible for other backends. Such changes are not\ + \ yet replicated and may be lost in case of standby promotion.\n\n**sync-all**\n\ + \nThe same as `sync` but `syncInstances` is ignored and the number of\ + \ synchronous instances is equals to the total number\n of instances\ + \ less one.\n\n**strict-sync-all**\n\nThe same as `strict-sync` but\ + \ `syncInstances` is ignored and the number of synchronous instances\ + \ is equals to the total number\n of instances less one.\n" + displayName: Replication Mode + path: replication.mode + - description: "Number of synchronous standby instances. Must be less than\ + \ the total number of instances. It is set to 1 by default.\n Only\ + \ setteable if mode is `sync` or `strict-sync`.\n" + displayName: Replication Sync Instances + path: replication.syncInstances + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podCount + - description: Specify if the service should be created or not. + displayName: Postgres Services Coordinator Any Enabled + path: postgresServices.coordinator.any.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'type determines how the Service is exposed. Defaults to + ClusterIP. Valid + + options are ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + + a cluster-internal IP address for load-balancing to endpoints. + + "NodePort" builds on ClusterIP and allocates a port on every node. + + "LoadBalancer" builds on NodePort and creates + + an external load-balancer (if supported in the current cloud). + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + + ' + displayName: Postgres Services Coordinator Any Type + path: postgresServices.coordinator.any.type + - description: allocateLoadBalancerNodePorts defines if NodePorts will be + automatically allocated for services with type LoadBalancer. Default + is "true". It may be set to "false" if the cluster load-balancer does + not rely on NodePorts. If the caller requests specific NodePorts (by + specifying a value), those requests will be respected, regardless of + this field. This field may only be set for services with type LoadBalancer + and will be cleared if the type is changed to any other type. + displayName: Postgres Services Coordinator Any Allocate Load Balancer + Node Ports + path: postgresServices.coordinator.any.allocateLoadBalancerNodePorts + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Postgres Services Coordinator Any External I Ps + path: postgresServices.coordinator.any.externalIPs + - description: 'externalTrafficPolicy describes how nodes distribute service + traffic they receive on one of the Service''s "externally-facing" addresses + (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the + proxy will configure the service in a way that assumes that external + load balancers will take care of balancing the service traffic between + nodes, and so each node will deliver traffic only to the node-local + endpoints of the service, without masquerading the client source IP. + (Traffic mistakenly sent to a node with no endpoints will be dropped.) + The default value, "Cluster", uses the standard behavior of routing + to all endpoints evenly (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer IP from within + the cluster will always get "Cluster" semantics, but clients sending + to a NodePort from within the cluster may need to take traffic policy + into account when picking a node. + + + ' + displayName: Postgres Services Coordinator Any External Traffic Policy + path: postgresServices.coordinator.any.externalTrafficPolicy + - description: healthCheckNodePort specifies the healthcheck nodePort for + the service. This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, a value will + be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). This + field cannot be updated once set. + displayName: Postgres Services Coordinator Any Health Check Node Port + path: postgresServices.coordinator.any.healthCheckNodePort + - description: InternalTrafficPolicy describes how nodes distribute service + traffic they receive on the ClusterIP. If set to "Local", the proxy + will assume that pods only want to talk to endpoints of the service + on the same node as the pod, dropping the traffic if there are no local + endpoints. The default value, "Cluster", uses the standard behavior + of routing to all endpoints evenly (possibly modified by topology and + other features). + displayName: Postgres Services Coordinator Any Internal Traffic Policy + path: postgresServices.coordinator.any.internalTrafficPolicy + - displayName: Postgres Services Coordinator Any Ip Families + path: postgresServices.coordinator.any.ipFamilies + - description: IPFamilyPolicy represents the dual-stack-ness requested or + required by this Service. If there is no value provided, then this field + will be set to SingleStack. Services can be "SingleStack" (a single + IP family), "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). + The ipFamilies and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to type ExternalName. + displayName: Postgres Services Coordinator Any Ip Family Policy + path: postgresServices.coordinator.any.ipFamilyPolicy + - description: loadBalancerClass is the class of the load balancer implementation + this Service belongs to. If specified, the value of this field must + be a label-style identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. + If not set, the default load balancer implementation is used, today + this is typically done through the cloud provider integration, but should + apply for any default implementation. If set, it is assumed that a load + balancer implementation is watching for Services with a matching class. + Any default load balancer implementation (e.g. cloud providers) should + ignore Services that set this field. This field can only be set when + creating or updating a Service to type 'LoadBalancer'. Once set, it + can not be changed. This field will be wiped when a service is updated + to a non 'LoadBalancer' type. + displayName: Postgres Services Coordinator Any Load Balancer Class + path: postgresServices.coordinator.any.loadBalancerClass + - description: 'Only applies to Service Type: LoadBalancer. This feature + depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. This field will + be ignored if the cloud-provider does not support the feature. Deprecated: + This field was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, users are + encouraged to use implementation-specific annotations when available. + This field may be removed in a future API version.' + displayName: Postgres Services Coordinator Any Load Balancer IP + path: postgresServices.coordinator.any.loadBalancerIP + - displayName: Postgres Services Coordinator Any Load Balancer Source Ranges + path: postgresServices.coordinator.any.loadBalancerSourceRanges + - description: 'Supports "ClientIP" and "None". Used to maintain session + affinity. Enable client IP based session affinity. Must be ClientIP + or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + + + ' + displayName: Postgres Services Coordinator Any Session Affinity + path: postgresServices.coordinator.any.sessionAffinity + - description: timeoutSeconds specifies the seconds of ClientIP type session + sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + displayName: Postgres Services Coordinator Any Session Affinity Config + Client IP Timeout Seconds + path: postgresServices.coordinator.any.sessionAffinityConfig.clientIP.timeoutSeconds + - description: Specify if the service should be created or not. + displayName: Postgres Services Coordinator Primary Enabled + path: postgresServices.coordinator.primary.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'type determines how the Service is exposed. Defaults to + ClusterIP. Valid + + options are ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + + a cluster-internal IP address for load-balancing to endpoints. + + "NodePort" builds on ClusterIP and allocates a port on every node. + + "LoadBalancer" builds on NodePort and creates + + an external load-balancer (if supported in the current cloud). + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + + ' + displayName: Postgres Services Coordinator Primary Type + path: postgresServices.coordinator.primary.type + - description: allocateLoadBalancerNodePorts defines if NodePorts will be + automatically allocated for services with type LoadBalancer. Default + is "true". It may be set to "false" if the cluster load-balancer does + not rely on NodePorts. If the caller requests specific NodePorts (by + specifying a value), those requests will be respected, regardless of + this field. This field may only be set for services with type LoadBalancer + and will be cleared if the type is changed to any other type. + displayName: Postgres Services Coordinator Primary Allocate Load Balancer + Node Ports + path: postgresServices.coordinator.primary.allocateLoadBalancerNodePorts + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Postgres Services Coordinator Primary External I Ps + path: postgresServices.coordinator.primary.externalIPs + - description: 'externalTrafficPolicy describes how nodes distribute service + traffic they receive on one of the Service''s "externally-facing" addresses + (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the + proxy will configure the service in a way that assumes that external + load balancers will take care of balancing the service traffic between + nodes, and so each node will deliver traffic only to the node-local + endpoints of the service, without masquerading the client source IP. + (Traffic mistakenly sent to a node with no endpoints will be dropped.) + The default value, "Cluster", uses the standard behavior of routing + to all endpoints evenly (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer IP from within + the cluster will always get "Cluster" semantics, but clients sending + to a NodePort from within the cluster may need to take traffic policy + into account when picking a node. + + + ' + displayName: Postgres Services Coordinator Primary External Traffic Policy + path: postgresServices.coordinator.primary.externalTrafficPolicy + - description: healthCheckNodePort specifies the healthcheck nodePort for + the service. This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, a value will + be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). This + field cannot be updated once set. + displayName: Postgres Services Coordinator Primary Health Check Node Port + path: postgresServices.coordinator.primary.healthCheckNodePort + - description: InternalTrafficPolicy describes how nodes distribute service + traffic they receive on the ClusterIP. If set to "Local", the proxy + will assume that pods only want to talk to endpoints of the service + on the same node as the pod, dropping the traffic if there are no local + endpoints. The default value, "Cluster", uses the standard behavior + of routing to all endpoints evenly (possibly modified by topology and + other features). + displayName: Postgres Services Coordinator Primary Internal Traffic Policy + path: postgresServices.coordinator.primary.internalTrafficPolicy + - displayName: Postgres Services Coordinator Primary Ip Families + path: postgresServices.coordinator.primary.ipFamilies + - description: IPFamilyPolicy represents the dual-stack-ness requested or + required by this Service. If there is no value provided, then this field + will be set to SingleStack. Services can be "SingleStack" (a single + IP family), "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). + The ipFamilies and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to type ExternalName. + displayName: Postgres Services Coordinator Primary Ip Family Policy + path: postgresServices.coordinator.primary.ipFamilyPolicy + - description: loadBalancerClass is the class of the load balancer implementation + this Service belongs to. If specified, the value of this field must + be a label-style identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. + If not set, the default load balancer implementation is used, today + this is typically done through the cloud provider integration, but should + apply for any default implementation. If set, it is assumed that a load + balancer implementation is watching for Services with a matching class. + Any default load balancer implementation (e.g. cloud providers) should + ignore Services that set this field. This field can only be set when + creating or updating a Service to type 'LoadBalancer'. Once set, it + can not be changed. This field will be wiped when a service is updated + to a non 'LoadBalancer' type. + displayName: Postgres Services Coordinator Primary Load Balancer Class + path: postgresServices.coordinator.primary.loadBalancerClass + - description: 'Only applies to Service Type: LoadBalancer. This feature + depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. This field will + be ignored if the cloud-provider does not support the feature. Deprecated: + This field was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, users are + encouraged to use implementation-specific annotations when available. + This field may be removed in a future API version.' + displayName: Postgres Services Coordinator Primary Load Balancer IP + path: postgresServices.coordinator.primary.loadBalancerIP + - displayName: Postgres Services Coordinator Primary Load Balancer Source + Ranges + path: postgresServices.coordinator.primary.loadBalancerSourceRanges + - description: 'Supports "ClientIP" and "None". Used to maintain session + affinity. Enable client IP based session affinity. Must be ClientIP + or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + + + ' + displayName: Postgres Services Coordinator Primary Session Affinity + path: postgresServices.coordinator.primary.sessionAffinity + - description: timeoutSeconds specifies the seconds of ClientIP type session + sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + displayName: Postgres Services Coordinator Primary Session Affinity Config + Client IP Timeout Seconds + path: postgresServices.coordinator.primary.sessionAffinityConfig.clientIP.timeoutSeconds + - description: The application protocol for this port. This field follows + standard Kubernetes label syntax. Un-prefixed names are reserved for + IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + displayName: Postgres Services Coordinator Custom Ports App Protocol + path: postgresServices.coordinator.customPorts.appProtocol + - description: The name of this port within the service. This must be a + DNS_LABEL. All ports within a ServiceSpec must have unique names. When + considering the endpoints for a Service, this must match the 'name' + field in the EndpointPort. Optional if only one ServicePort is defined + on this service. + displayName: Postgres Services Coordinator Custom Ports Name + path: postgresServices.coordinator.customPorts.name + - description: 'The port on each node on which this service is exposed when + type is NodePort or LoadBalancer. Usually assigned by the system. If + a value is specified, in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified when creating + a Service which does not need it, creation will fail. This field will + be wiped when updating a Service to no longer need it (e.g. changing + type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + displayName: Postgres Services Coordinator Custom Ports Node Port + path: postgresServices.coordinator.customPorts.nodePort + - description: The port that will be exposed by this service. + displayName: Postgres Services Coordinator Custom Ports Port + path: postgresServices.coordinator.customPorts.port + - description: The IP protocol for this port. Supports "TCP", "UDP", and + "SCTP". Default is TCP. + displayName: Postgres Services Coordinator Custom Ports Protocol + path: postgresServices.coordinator.customPorts.protocol + - description: "IntOrString is a type that can hold an int32 or a string.\ + \ When\n used in JSON or YAML marshalling and unmarshalling, it produces\n\ + \ or consumes the inner type. This allows you to have, for example,\n\ + \ a JSON field that can accept a name or number.\n\nThe name will be\ + \ prefixed with the string `custom-` so that the target port that can\ + \ be\n referenced will be only those defined under .spec.pods.customContainers[].ports\ + \ sections\n were names are also prepended with the same prefix.\n" + displayName: Postgres Services Coordinator Custom Ports Target Port + path: postgresServices.coordinator.customPorts.targetPort + - description: Specify if the service should be created or not. + displayName: Postgres Services Shards Primaries Enabled + path: postgresServices.shards.primaries.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'type determines how the Service is exposed. Defaults to + ClusterIP. Valid + + options are ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates + + a cluster-internal IP address for load-balancing to endpoints. + + "NodePort" builds on ClusterIP and allocates a port on every node. + + "LoadBalancer" builds on NodePort and creates + + an external load-balancer (if supported in the current cloud). + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + + ' + displayName: Postgres Services Shards Primaries Type + path: postgresServices.shards.primaries.type + - description: allocateLoadBalancerNodePorts defines if NodePorts will be + automatically allocated for services with type LoadBalancer. Default + is "true". It may be set to "false" if the cluster load-balancer does + not rely on NodePorts. If the caller requests specific NodePorts (by + specifying a value), those requests will be respected, regardless of + this field. This field may only be set for services with type LoadBalancer + and will be cleared if the type is changed to any other type. + displayName: Postgres Services Shards Primaries Allocate Load Balancer + Node Ports + path: postgresServices.shards.primaries.allocateLoadBalancerNodePorts + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Postgres Services Shards Primaries External I Ps + path: postgresServices.shards.primaries.externalIPs + - description: 'externalTrafficPolicy describes how nodes distribute service + traffic they receive on one of the Service''s "externally-facing" addresses + (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the + proxy will configure the service in a way that assumes that external + load balancers will take care of balancing the service traffic between + nodes, and so each node will deliver traffic only to the node-local + endpoints of the service, without masquerading the client source IP. + (Traffic mistakenly sent to a node with no endpoints will be dropped.) + The default value, "Cluster", uses the standard behavior of routing + to all endpoints evenly (possibly modified by topology and other features). + Note that traffic sent to an External IP or LoadBalancer IP from within + the cluster will always get "Cluster" semantics, but clients sending + to a NodePort from within the cluster may need to take traffic policy + into account when picking a node. + + + ' + displayName: Postgres Services Shards Primaries External Traffic Policy + path: postgresServices.shards.primaries.externalTrafficPolicy + - description: healthCheckNodePort specifies the healthcheck nodePort for + the service. This only applies when type is set to LoadBalancer and + externalTrafficPolicy is set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, a value will + be automatically allocated. External systems (e.g. load-balancers) + can use this port to determine if a given node holds endpoints for this + service or not. If this field is specified when creating a Service + which does not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing type). This + field cannot be updated once set. + displayName: Postgres Services Shards Primaries Health Check Node Port + path: postgresServices.shards.primaries.healthCheckNodePort + - description: InternalTrafficPolicy describes how nodes distribute service + traffic they receive on the ClusterIP. If set to "Local", the proxy + will assume that pods only want to talk to endpoints of the service + on the same node as the pod, dropping the traffic if there are no local + endpoints. The default value, "Cluster", uses the standard behavior + of routing to all endpoints evenly (possibly modified by topology and + other features). + displayName: Postgres Services Shards Primaries Internal Traffic Policy + path: postgresServices.shards.primaries.internalTrafficPolicy + - displayName: Postgres Services Shards Primaries Ip Families + path: postgresServices.shards.primaries.ipFamilies + - description: IPFamilyPolicy represents the dual-stack-ness requested or + required by this Service. If there is no value provided, then this field + will be set to SingleStack. Services can be "SingleStack" (a single + IP family), "PreferDualStack" (two IP families on dual-stack configured + clusters or a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise fail). + The ipFamilies and clusterIPs fields depend on the value of this field. + This field will be wiped when updating a service to type ExternalName. + displayName: Postgres Services Shards Primaries Ip Family Policy + path: postgresServices.shards.primaries.ipFamilyPolicy + - description: loadBalancerClass is the class of the load balancer implementation + this Service belongs to. If specified, the value of this field must + be a label-style identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are reserved for end-users. + This field can only be set when the Service type is 'LoadBalancer'. + If not set, the default load balancer implementation is used, today + this is typically done through the cloud provider integration, but should + apply for any default implementation. If set, it is assumed that a load + balancer implementation is watching for Services with a matching class. + Any default load balancer implementation (e.g. cloud providers) should + ignore Services that set this field. This field can only be set when + creating or updating a Service to type 'LoadBalancer'. Once set, it + can not be changed. This field will be wiped when a service is updated + to a non 'LoadBalancer' type. + displayName: Postgres Services Shards Primaries Load Balancer Class + path: postgresServices.shards.primaries.loadBalancerClass + - description: 'Only applies to Service Type: LoadBalancer. This feature + depends on whether the underlying cloud-provider supports specifying + the loadBalancerIP when a load balancer is created. This field will + be ignored if the cloud-provider does not support the feature. Deprecated: + This field was under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, users are + encouraged to use implementation-specific annotations when available. + This field may be removed in a future API version.' + displayName: Postgres Services Shards Primaries Load Balancer IP + path: postgresServices.shards.primaries.loadBalancerIP + - displayName: Postgres Services Shards Primaries Load Balancer Source Ranges + path: postgresServices.shards.primaries.loadBalancerSourceRanges + - description: 'Supports "ClientIP" and "None". Used to maintain session + affinity. Enable client IP based session affinity. Must be ClientIP + or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + + + ' + displayName: Postgres Services Shards Primaries Session Affinity + path: postgresServices.shards.primaries.sessionAffinity + - description: timeoutSeconds specifies the seconds of ClientIP type session + sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + displayName: Postgres Services Shards Primaries Session Affinity Config + Client IP Timeout Seconds + path: postgresServices.shards.primaries.sessionAffinityConfig.clientIP.timeoutSeconds + - description: The application protocol for this port. This field follows + standard Kubernetes label syntax. Un-prefixed names are reserved for + IANA standard service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol. + displayName: Postgres Services Shards Custom Ports App Protocol + path: postgresServices.shards.customPorts.appProtocol + - description: The name of this port within the service. This must be a + DNS_LABEL. All ports within a ServiceSpec must have unique names. When + considering the endpoints for a Service, this must match the 'name' + field in the EndpointPort. Optional if only one ServicePort is defined + on this service. + displayName: Postgres Services Shards Custom Ports Name + path: postgresServices.shards.customPorts.name + - description: 'The port on each node on which this service is exposed when + type is NodePort or LoadBalancer. Usually assigned by the system. If + a value is specified, in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port will be allocated + if this Service requires one. If this field is specified when creating + a Service which does not need it, creation will fail. This field will + be wiped when updating a Service to no longer need it (e.g. changing + type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + displayName: Postgres Services Shards Custom Ports Node Port + path: postgresServices.shards.customPorts.nodePort + - description: The port that will be exposed by this service. + displayName: Postgres Services Shards Custom Ports Port + path: postgresServices.shards.customPorts.port + - description: The IP protocol for this port. Supports "TCP", "UDP", and + "SCTP". Default is TCP. + displayName: Postgres Services Shards Custom Ports Protocol + path: postgresServices.shards.customPorts.protocol + - description: "IntOrString is a type that can hold an int32 or a string.\ + \ When\n used in JSON or YAML marshalling and unmarshalling, it produces\n\ + \ or consumes the inner type. This allows you to have, for example,\n\ + \ a JSON field that can accept a name or number.\n\nThe name will be\ + \ prefixed with the string `custom-` so that the target port that can\ + \ be\n referenced will be only those defined under .spec.pods.customContainers[].ports\ + \ sections\n were names are also prepended with the same prefix.\n" + displayName: Postgres Services Shards Custom Ports Target Port + path: postgresServices.shards.customPorts.targetPort + - description: 'Specifies the backup compression algorithm. Possible options + are: lz4, lzma, brotli. The default method is `lz4`. LZ4 is the fastest + method, but compression ratio is the worst. LZMA is way slower, but + it compresses backups about 6 times better than LZ4. Brotli is a good + trade-off between speed and compression ratio, being about 3 times better + than LZ4. + + ' + displayName: Configurations Backups Compression + path: configurations.backups.compression + - description: 'Continuous Archiving backups are composed of periodic *base + backups* and all the WAL segments produced in between those base backups + for the coordinator and each shard. This parameter specifies at what + time and with what frequency to start performing a new base backup. + + + Use cron syntax (`m h dom mon dow`) for this parameter, i.e., 5 values + separated by spaces: + + * `m`: minute, 0 to 59. + + * `h`: hour, 0 to 23. + + * `dom`: day of month, 1 to 31 (recommended not to set it higher than + 28). + + * `mon`: month, 1 to 12. + + * `dow`: day of week, 0 to 7 (0 and 7 both represent Sunday). + + + Also ranges of values (`start-end`), the symbol `*` (meaning `first-last`) + or even `*/N`, where `N` is a number, meaning ""every `N`, may be used. + All times are UTC. It is recommended to avoid 00:00 as base backup time, + to avoid overlapping with any other external operations happening at + this time. + + + If not set, full backups are never performed automatically. + + ' + displayName: Configurations Backups Cron Schedule + path: configurations.backups.cronSchedule + - description: 'Maximum storage upload bandwidth used when storing a backup. + In bytes (per second). + + ' + displayName: Configurations Backups Performance Max Network Bandwidth + path: configurations.backups.performance.maxNetworkBandwidth + - description: 'Maximum disk read I/O when performing a backup. In bytes + (per second). + + ' + displayName: Configurations Backups Performance Max Disk Bandwidth + path: configurations.backups.performance.maxDiskBandwidth + - description: 'Backup storage may use several concurrent streams to store + the data. This parameter configures the number of parallel streams to + use to reading from disk. By default, it''s set to 1. + + ' + displayName: Configurations Backups Performance Upload Disk Concurrency + path: configurations.backups.performance.uploadDiskConcurrency + - description: 'Backup storage may use several concurrent streams to store + the data. This parameter configures the number of parallel streams to + use. By default, it''s set to 16. + + ' + displayName: Configurations Backups Performance Upload Concurrency + path: configurations.backups.performance.uploadConcurrency + - description: 'Backup storage may use several concurrent streams to read + the data. This parameter configures the number of parallel streams to + use. By default, it''s set to the minimum between the number of file + to read and 10. + + ' + displayName: Configurations Backups Performance Download Concurrency + path: configurations.backups.performance.downloadConcurrency + - description: 'When an automatic retention policy is defined to delete + old base backups, this parameter specifies the number of base backups + to keep, in a sliding window. + + + Consequently, the time range covered by backups is `periodicity*retention`, + where `periodicity` is the separation between backups as specified by + the `cronSchedule` property. + + + Default is 5. + + ' + displayName: Configurations Backups Retention + path: configurations.backups.retention + - description: 'Name of the [SGObjectStorage](https://stackgres.io/doc/latest/reference/crd/sgobjectstorage) + to use for the cluster. It defines the location in which the the backups + will be stored. + + ' + displayName: Configurations Backups SGObjectStorage + path: configurations.backups.sgObjectStorage + - displayName: Configurations Backups Paths + path: configurations.backups.paths + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Patroni Rest Api Password Name + path: configurations.credentials.patroni.restApiPassword.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Patroni Rest Api Password Key + path: configurations.credentials.patroni.restApiPassword.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Superuser Username Name + path: configurations.credentials.users.superuser.username.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Superuser Username Key + path: configurations.credentials.users.superuser.username.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Superuser Password Name + path: configurations.credentials.users.superuser.password.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Superuser Password Key + path: configurations.credentials.users.superuser.password.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Replication Username Name + path: configurations.credentials.users.replication.username.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Replication Username Key + path: configurations.credentials.users.replication.username.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Replication Password Name + path: configurations.credentials.users.replication.password.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Replication Password Key + path: configurations.credentials.users.replication.password.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Authenticator Username Name + path: configurations.credentials.users.authenticator.username.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Authenticator Username Key + path: configurations.credentials.users.authenticator.username.key + - description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + displayName: Configurations Credentials Users Authenticator Password Name + path: configurations.credentials.users.authenticator.password.name + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Configurations Credentials Users Authenticator Password Key + path: configurations.credentials.users.authenticator.password.key + - description: It's the reference of custom provider name. If not specified, + then the default value will be `stackgres` + displayName: Configurations Binding Provider + path: configurations.binding.provider + - description: Allow to specify the database name. If not specified, then + the default value is `postgres` + displayName: Configurations Binding Database + path: configurations.binding.database + - description: Allow to specify the username. If not specified, then the + superuser username will be used. + displayName: Configurations Binding Username + path: configurations.binding.username + - description: The name of the Secret + displayName: Configurations Binding Password Name + path: configurations.binding.password.name + - description: The key of the Secret + displayName: Configurations Binding Password Key + path: configurations.binding.password.key + - displayName: Metadata Annotations All Resources + path: metadata.annotations.allResources + - displayName: Metadata Annotations Cluster Pods + path: metadata.annotations.clusterPods + - displayName: Metadata Annotations Services + path: metadata.annotations.services + - displayName: Metadata Annotations Primary Service + path: metadata.annotations.primaryService + - displayName: Metadata Annotations Replicas Service + path: metadata.annotations.replicasService + - displayName: Metadata Labels Cluster Pods + path: metadata.labels.clusterPods + - displayName: Metadata Labels Services + path: metadata.labels.services + - description: "Number of StackGres instances for the cluster. Each instance\ + \ contains one Postgres server.\n Out of all of the Postgres servers,\ + \ one is elected as the primary, the rest remain as read-only replicas.\n" + displayName: Coordinator Instances + path: coordinator.instances + - description: 'Name of the [SGInstanceProfile](https://stackgres.io/doc/latest/reference/crd/sginstanceprofile/). + + + A SGInstanceProfile defines CPU and memory limits. Must exist before + creating a cluster. + + + When no profile is set, a default (1 core, 2 GiB RAM) one is used. + + + **Changing this field may require a restart.** + + ' + displayName: Coordinator SGInstanceProfile + path: coordinator.sgInstanceProfile + - description: If true, when any entry of any `SGScript` fail will not prevent + subsequent `SGScript` from being executed. By default is `false`. + displayName: Coordinator Managed Sql Continue On SG Script Error + path: coordinator.managedSql.continueOnSGScriptError + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The id is immutable and must be unique across all the `SGScript` + entries. It is replaced by the operator and is used to identify the + `SGScript` entry. + displayName: Coordinator Managed Sql Scripts Id + path: coordinator.managedSql.scripts.id + - description: A reference to an `SGScript` + displayName: Coordinator Managed Sql Scripts SGScript + path: coordinator.managedSql.scripts.sgScript + - description: 'Size of the PersistentVolume set for each instance of the + cluster. This size is specified either in Mebibytes, Gibibytes or Tebibytes + (multiples of 2^20, 2^30 or 2^40, respectively). + + ' + displayName: Coordinator Pods Persistent Volume Size + path: coordinator.pods.persistentVolume.size + - description: 'Name of an existing StorageClass in the Kubernetes cluster, + used to create the PersistentVolumes for the instances of the cluster. + + ' + displayName: Coordinator Pods Persistent Volume Storage Class + path: coordinator.pods.persistentVolume.storageClass + - description: 'If set to `true`, avoids creating a connection pooling (using + [PgBouncer](https://www.pgbouncer.org/)) sidecar. + + + **Changing this field may require a restart.** + + ' + displayName: Coordinator Pods Disable Connection Pooling + path: coordinator.pods.disableConnectionPooling + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If set to `true`, avoids creating the Prometheus exporter + sidecar. Recommended when there''s no intention to use Prometheus for + monitoring. + + ' + displayName: Coordinator Pods Disable Metrics Exporter + path: coordinator.pods.disableMetricsExporter + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If set to `true`, avoids creating the `postgres-util` sidecar. + This sidecar contains usual Postgres administration utilities *that + are not present in the main (`patroni`) container*, like `psql`. Only + disable if you know what you are doing. + + + **Changing this field may require a restart.** + + ' + displayName: Coordinator Pods Disable Postgres Util + path: coordinator.pods.disablePostgresUtil + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'When enabled resource limits for containers other than the + patroni container wil be set just like for patroni contianer as specified + in the SGInstanceProfile. + + + **Changing this field may require a restart.** + + ' + displayName: Coordinator Pods Resources Enable Cluster Limits Requirements + path: coordinator.pods.resources.enableClusterLimitsRequirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "When set to `true` the resources requests values in fields\ + \ `SGInstanceProfile.spec.requests.cpu` and `SGInstanceProfile.spec.requests.memory`\ + \ will represent the resources\n requests of the patroni container and\ + \ the total resources requests calculated by adding the resources requests\ + \ of all the containers (including the patroni container).\n\n**Changing\ + \ this field may require a restart.**\n" + displayName: Coordinator Pods Resources Disable Resources Requests Split + From Total + path: coordinator.pods.resources.disableResourcesRequestsSplitFromTotal + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Coordinator Pods Scheduling Node Selector + path: coordinator.pods.scheduling.nodeSelector + - description: 'The pod this Toleration is attached to tolerates any taint + that matches the triple using the matching operator + + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + displayName: Coordinator Pods Scheduling Tolerations + path: coordinator.pods.scheduling.tolerations + - description: 'Node affinity is a group of node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + displayName: Coordinator Pods Scheduling Node Affinity + path: coordinator.pods.scheduling.nodeAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:nodeAffinity + - description: 'Priority indicates the importance of a Pod relative to other + Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the pending Pod possible. + + ' + displayName: Coordinator Pods Scheduling Priority Class Name + path: coordinator.pods.scheduling.priorityClassName + - description: 'Pod affinity is a group of inter pod affinity scheduling + rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + displayName: Coordinator Pods Scheduling Pod Affinity + path: coordinator.pods.scheduling.podAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAffinity + - description: 'Pod anti affinity is a group of inter pod anti affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + displayName: Coordinator Pods Scheduling Pod Anti Affinity + path: coordinator.pods.scheduling.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: 'TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#topologyspreadconstraint-v1-core + + ' + displayName: Coordinator Pods Scheduling Topology Spread Constraints + path: coordinator.pods.scheduling.topologySpreadConstraints + - description: The label key that the selector applies to. + displayName: Coordinator Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Key + path: coordinator.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Coordinator Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Operator + path: coordinator.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.operator + - displayName: Coordinator Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Values + path: coordinator.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Coordinator Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Fields Key + path: coordinator.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Coordinator Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Fields Operator + path: coordinator.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.operator + - displayName: Coordinator Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Fields Values + path: coordinator.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.values + - description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + displayName: Coordinator Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Weight + path: coordinator.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: The label key that the selector applies to. + displayName: Coordinator Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Key + path: coordinator.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Coordinator Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Operator + path: coordinator.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.operator + - displayName: Coordinator Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Values + path: coordinator.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Coordinator Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Key + path: coordinator.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Coordinator Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Operator + path: coordinator.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.operator + - displayName: Coordinator Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Values + path: coordinator.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.values + - description: 'Node affinity is a group of node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + displayName: Coordinator Pods Scheduling Backup Tolerations + path: coordinator.pods.scheduling.backup.tolerations + - description: 'Node affinity is a group of node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + displayName: Coordinator Pods Scheduling Backup Node Affinity + path: coordinator.pods.scheduling.backup.nodeAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:nodeAffinity + - description: 'Priority indicates the importance of a Pod relative to other + Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the pending Pod possible. + + ' + displayName: Coordinator Pods Scheduling Backup Priority Class Name + path: coordinator.pods.scheduling.backup.priorityClassName + - description: 'Pod affinity is a group of inter pod affinity scheduling + rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + displayName: Coordinator Pods Scheduling Backup Pod Affinity + path: coordinator.pods.scheduling.backup.podAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAffinity + - description: 'Pod anti affinity is a group of inter pod anti affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + displayName: Coordinator Pods Scheduling Backup Pod Anti Affinity + path: coordinator.pods.scheduling.backup.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: "managementPolicy controls how pods are created during initial\ + \ scale up, when replacing pods\n on nodes, or when scaling down. The\ + \ default policy is `OrderedReady`, where pods are created\n in increasing\ + \ order (pod-0, then pod-1, etc) and the controller will wait until\ + \ each pod is\n ready before continuing. When scaling down, the pods\ + \ are removed in the opposite order.\n The alternative policy is `Parallel`\ + \ which will create pods in parallel to match the desired\n scale without\ + \ waiting, and on scale down will delete all pods at once.\n" + displayName: Coordinator Pods Management Policy + path: coordinator.pods.managementPolicy + - description: 'Name of the [SGPostgresConfig](https://stackgres.io/doc/latest/reference/crd/sgpgconfig) + used for the cluster. It must exist. When not set, a default Postgres + config, for the major version selected, is used. + + + **Changing this field may require a restart.** + + ' + displayName: Coordinator Configurations SGPostgresConfig + path: coordinator.configurations.sgPostgresConfig + - description: 'Name of the [SGPoolingConfig](https://stackgres.io/doc/latest/reference/crd/sgpoolconfig) + used for this cluster. Each pod contains a sidecar with a connection + pooler (currently: [PgBouncer](https://www.pgbouncer.org/)). The connection + pooler is implemented as a sidecar. + + + If not set, a default configuration will be used. Disabling connection + pooling altogether is possible if the disableConnectionPooling property + of the pods object is set to true. + + + **Changing this field may require a restart.** + + ' + displayName: Coordinator Configurations SGPoolingConfig + path: coordinator.configurations.sgPoolingConfig + - description: 'The replication mode applied to the whole cluster. + + Possible values are: + + * `async` (default) + + * `sync` + + * `strict-sync` + + * `sync-all` + + * `strict-sync-all` + + + **async** + + + When in asynchronous mode the cluster is allowed to lose some committed + transactions. + + When the primary server fails or becomes unavailable for any other reason + a sufficiently healthy standby + + will automatically be promoted to primary. Any transactions that have + not been replicated to that standby + + remain in a "forked timeline" on the primary, and are effectively unrecoverable + (the data is still there, + + but recovering it requires a manual recovery effort by data recovery + specialists). + + + **sync** + + + When in synchronous mode a standby will not be promoted unless it is + certain that the standby contains all + + transactions that may have returned a successful commit status to client + (clients can change the behavior + + per transaction using PostgreSQL’s `synchronous_commit` setting. Transactions + with `synchronous_commit` + + values of `off` and `local` may be lost on fail over, but will not be + blocked by replication delays). This + + means that the system may be unavailable for writes even though some + servers are available. System + + administrators can still use manual failover commands to promote a standby + even if it results in transaction + + loss. + + + Synchronous mode does not guarantee multi node durability of commits + under all circumstances. When no suitable + + standby is available, primary server will still accept writes, but does + not guarantee their replication. When + + the primary fails in this mode no standby will be promoted. When the + host that used to be the primary comes + + back it will get promoted automatically, unless system administrator + performed a manual failover. This behavior + + makes synchronous mode usable with 2 node clusters. + + + When synchronous mode is used and a standby crashes, commits will block + until the primary is switched to standalone + + mode. Manually shutting down or restarting a standby will not cause + a commit service interruption. Standby will + + signal the primary to release itself from synchronous standby duties + before PostgreSQL shutdown is initiated. + + + **strict-sync** + + + When it is absolutely necessary to guarantee that each write is stored + durably on at least two nodes, use the strict + + synchronous mode. This mode prevents synchronous replication to be switched + off on the primary when no synchronous + + standby candidates are available. As a downside, the primary will not + be available for writes (unless the Postgres + + transaction explicitly turns off `synchronous_mode` parameter), blocking + all client write requests until at least one + + synchronous replica comes up. + + + **Note**: Because of the way synchronous replication is implemented + in PostgreSQL it is still possible to lose + + transactions even when using strict synchronous mode. If the PostgreSQL + backend is cancelled while waiting to acknowledge + + replication (as a result of packet cancellation due to client timeout + or backend failure) transaction changes become + + visible for other backends. Such changes are not yet replicated and + may be lost in case of standby promotion. + + + **sync-all** + + + The same as `sync` but `syncInstances` is ignored and the number of + synchronous instances is equals to the total number + + of instances less one. + + + **strict-sync-all** + + + The same as `strict-sync` but `syncInstances` is ignored and the number + of synchronous instances is equals to the total number + + of instances less one. + + ' + displayName: Coordinator Replication Mode + path: coordinator.replication.mode + - description: "Number of synchronous standby instances. Must be less than\ + \ the total number of instances. It is set to 1 by default.\n Only\ + \ setteable if mode is `sync` or `strict-sync`.\n" + displayName: Coordinator Replication Sync Instances + path: coordinator.replication.syncInstances + - displayName: Coordinator Metadata Annotations All Resources + path: coordinator.metadata.annotations.allResources + - displayName: Coordinator Metadata Annotations Cluster Pods + path: coordinator.metadata.annotations.clusterPods + - displayName: Coordinator Metadata Annotations Services + path: coordinator.metadata.annotations.services + - displayName: Coordinator Metadata Annotations Primary Service + path: coordinator.metadata.annotations.primaryService + - displayName: Coordinator Metadata Annotations Replicas Service + path: coordinator.metadata.annotations.replicasService + - displayName: Coordinator Metadata Labels Cluster Pods + path: coordinator.metadata.labels.clusterPods + - displayName: Coordinator Metadata Labels Services + path: coordinator.metadata.labels.services + - description: 'Number of shard''s StackGres clusters + + ' + displayName: Shards Clusters + path: shards.clusters + - description: "Number of StackGres instances per shard's StackGres cluster.\ + \ Each instance contains one Postgres server.\n Out of all of the Postgres\ + \ servers, one is elected as the primary, the rest remain as read-only\ + \ replicas.\n" + displayName: Shards Instances Per Cluster + path: shards.instancesPerCluster + - description: 'Name of the [SGInstanceProfile](https://stackgres.io/doc/latest/reference/crd/sginstanceprofile/). + + + A SGInstanceProfile defines CPU and memory limits. Must exist before + creating a cluster. + + + When no profile is set, a default (1 core, 2 GiB RAM) one is used. + + + **Changing this field may require a restart.** + + ' + displayName: Shards SGInstanceProfile + path: shards.sgInstanceProfile + - description: If true, when any entry of any `SGScript` fail will not prevent + subsequent `SGScript` from being executed. By default is `false`. + displayName: Shards Managed Sql Continue On SG Script Error + path: shards.managedSql.continueOnSGScriptError + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The id is immutable and must be unique across all the `SGScript` + entries. It is replaced by the operator and is used to identify the + `SGScript` entry. + displayName: Shards Managed Sql Scripts Id + path: shards.managedSql.scripts.id + - description: A reference to an `SGScript` + displayName: Shards Managed Sql Scripts SGScript + path: shards.managedSql.scripts.sgScript + - description: 'Size of the PersistentVolume set for each instance of the + cluster. This size is specified either in Mebibytes, Gibibytes or Tebibytes + (multiples of 2^20, 2^30 or 2^40, respectively). + + ' + displayName: Shards Pods Persistent Volume Size + path: shards.pods.persistentVolume.size + - description: 'Name of an existing StorageClass in the Kubernetes cluster, + used to create the PersistentVolumes for the instances of the cluster. + + ' + displayName: Shards Pods Persistent Volume Storage Class + path: shards.pods.persistentVolume.storageClass + - description: 'If set to `true`, avoids creating a connection pooling (using + [PgBouncer](https://www.pgbouncer.org/)) sidecar. + + + **Changing this field may require a restart.** + + ' + displayName: Shards Pods Disable Connection Pooling + path: shards.pods.disableConnectionPooling + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If set to `true`, avoids creating the Prometheus exporter + sidecar. Recommended when there''s no intention to use Prometheus for + monitoring. + + + **Changing this field may require a restart.** + + ' + displayName: Shards Pods Disable Metrics Exporter + path: shards.pods.disableMetricsExporter + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If set to `true`, avoids creating the `postgres-util` sidecar. + This sidecar contains usual Postgres administration utilities *that + are not present in the main (`patroni`) container*, like `psql`. Only + disable if you know what you are doing. + + + **Changing this field may require a restart.** + + ' + displayName: Shards Pods Disable Postgres Util + path: shards.pods.disablePostgresUtil + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'When enabled resource limits for containers other than the + patroni container wil be set just like for patroni contianer as specified + in the SGInstanceProfile. + + + **Changing this field may require a restart.** + + ' + displayName: Shards Pods Resources Enable Cluster Limits Requirements + path: shards.pods.resources.enableClusterLimitsRequirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "When set to `true` the resources requests values in fields\ + \ `SGInstanceProfile.spec.requests.cpu` and `SGInstanceProfile.spec.requests.memory`\ + \ will represent the resources\n requests of the patroni container and\ + \ the total resources requests calculated by adding the resources requests\ + \ of all the containers (including the patroni container).\n\n**Changing\ + \ this field may require a restart.**\n" + displayName: Shards Pods Resources Disable Resources Requests Split From + Total + path: shards.pods.resources.disableResourcesRequestsSplitFromTotal + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Shards Pods Scheduling Node Selector + path: shards.pods.scheduling.nodeSelector + - description: 'The pod this Toleration is attached to tolerates any taint + that matches the triple using the matching operator + + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + displayName: Shards Pods Scheduling Tolerations + path: shards.pods.scheduling.tolerations + - description: 'Node affinity is a group of node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + displayName: Shards Pods Scheduling Node Affinity + path: shards.pods.scheduling.nodeAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:nodeAffinity + - description: 'Priority indicates the importance of a Pod relative to other + Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the pending Pod possible. + + ' + displayName: Shards Pods Scheduling Priority Class Name + path: shards.pods.scheduling.priorityClassName + - description: 'Pod affinity is a group of inter pod affinity scheduling + rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + displayName: Shards Pods Scheduling Pod Affinity + path: shards.pods.scheduling.podAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAffinity + - description: 'Pod anti affinity is a group of inter pod anti affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + displayName: Shards Pods Scheduling Pod Anti Affinity + path: shards.pods.scheduling.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: 'TopologySpreadConstraint specifies how to spread matching + pods among the given topology. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#topologyspreadconstraint-v1-core + + ' + displayName: Shards Pods Scheduling Topology Spread Constraints + path: shards.pods.scheduling.topologySpreadConstraints + - description: The label key that the selector applies to. + displayName: Shards Pods Scheduling Backup Node Selector Preferred During + Scheduling Ignored During Execution Preference Match Expressions Key + path: shards.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Pods Scheduling Backup Node Selector Preferred During + Scheduling Ignored During Execution Preference Match Expressions Operator + path: shards.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.operator + - displayName: Shards Pods Scheduling Backup Node Selector Preferred During + Scheduling Ignored During Execution Preference Match Expressions Values + path: shards.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Shards Pods Scheduling Backup Node Selector Preferred During + Scheduling Ignored During Execution Preference Match Fields Key + path: shards.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Pods Scheduling Backup Node Selector Preferred During + Scheduling Ignored During Execution Preference Match Fields Operator + path: shards.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.operator + - displayName: Shards Pods Scheduling Backup Node Selector Preferred During + Scheduling Ignored During Execution Preference Match Fields Values + path: shards.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.values + - description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + displayName: Shards Pods Scheduling Backup Node Selector Preferred During + Scheduling Ignored During Execution Weight + path: shards.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: The label key that the selector applies to. + displayName: Shards Pods Scheduling Backup Node Selector Required During + Scheduling Ignored During Execution Node Selector Terms Match Expressions + Key + path: shards.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Pods Scheduling Backup Node Selector Required During + Scheduling Ignored During Execution Node Selector Terms Match Expressions + Operator + path: shards.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.operator + - displayName: Shards Pods Scheduling Backup Node Selector Required During + Scheduling Ignored During Execution Node Selector Terms Match Expressions + Values + path: shards.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Shards Pods Scheduling Backup Node Selector Required During + Scheduling Ignored During Execution Node Selector Terms Match Fields + Key + path: shards.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Pods Scheduling Backup Node Selector Required During + Scheduling Ignored During Execution Node Selector Terms Match Fields + Operator + path: shards.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.operator + - displayName: Shards Pods Scheduling Backup Node Selector Required During + Scheduling Ignored During Execution Node Selector Terms Match Fields + Values + path: shards.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.values + - description: 'Node affinity is a group of node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + displayName: Shards Pods Scheduling Backup Tolerations + path: shards.pods.scheduling.backup.tolerations + - description: 'Node affinity is a group of node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + displayName: Shards Pods Scheduling Backup Node Affinity + path: shards.pods.scheduling.backup.nodeAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:nodeAffinity + - description: 'Priority indicates the importance of a Pod relative to other + Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the pending Pod possible. + + ' + displayName: Shards Pods Scheduling Backup Priority Class Name + path: shards.pods.scheduling.backup.priorityClassName + - description: 'Pod affinity is a group of inter pod affinity scheduling + rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + displayName: Shards Pods Scheduling Backup Pod Affinity + path: shards.pods.scheduling.backup.podAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAffinity + - description: 'Pod anti affinity is a group of inter pod anti affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + displayName: Shards Pods Scheduling Backup Pod Anti Affinity + path: shards.pods.scheduling.backup.podAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podAntiAffinity + - description: "managementPolicy controls how pods are created during initial\ + \ scale up, when replacing pods\n on nodes, or when scaling down. The\ + \ default policy is `OrderedReady`, where pods are created\n in increasing\ + \ order (pod-0, then pod-1, etc) and the controller will wait until\ + \ each pod is\n ready before continuing. When scaling down, the pods\ + \ are removed in the opposite order.\n The alternative policy is `Parallel`\ + \ which will create pods in parallel to match the desired\n scale without\ + \ waiting, and on scale down will delete all pods at once.\n" + displayName: Shards Pods Management Policy + path: shards.pods.managementPolicy + - description: 'Name of the [SGPostgresConfig](https://stackgres.io/doc/latest/reference/crd/sgpgconfig) + used for the cluster. It must exist. When not set, a default Postgres + config, for the major version selected, is used. + + + **Changing this field may require a restart.** + + ' + displayName: Shards Configurations SGPostgresConfig + path: shards.configurations.sgPostgresConfig + - description: 'Name of the [SGPoolingConfig](https://stackgres.io/doc/latest/reference/crd/sgpoolconfig) + used for this cluster. Each pod contains a sidecar with a connection + pooler (currently: [PgBouncer](https://www.pgbouncer.org/)). The connection + pooler is implemented as a sidecar. + + + If not set, a default configuration will be used. Disabling connection + pooling altogether is possible if the disableConnectionPooling property + of the pods object is set to true. + + + **Changing this field may require a restart.** + + ' + displayName: Shards Configurations SGPoolingConfig + path: shards.configurations.sgPoolingConfig + - description: "The replication mode applied to the whole cluster.\nPossible\ + \ values are:\n* `async` (default)\n* `sync`\n* `strict-sync`\n* `sync-all`\n\ + * `strict-sync-all`\n\n**async**\n\nWhen in asynchronous mode the cluster\ + \ is allowed to lose some committed transactions.\n When the primary\ + \ server fails or becomes unavailable for any other reason a sufficiently\ + \ healthy standby\n will automatically be promoted to primary. Any\ + \ transactions that have not been replicated to that standby\n remain\ + \ in a \"forked timeline\" on the primary, and are effectively unrecoverable\ + \ (the data is still there,\n but recovering it requires a manual recovery\ + \ effort by data recovery specialists).\n\n**sync**\n\nWhen in synchronous\ + \ mode a standby will not be promoted unless it is certain that the\ + \ standby contains all\n transactions that may have returned a successful\ + \ commit status to client (clients can change the behavior\n per transaction\ + \ using PostgreSQL’s `synchronous_commit` setting. Transactions with\ + \ `synchronous_commit`\n values of `off` and `local` may be lost on\ + \ fail over, but will not be blocked by replication delays). This\n\ + \ means that the system may be unavailable for writes even though some\ + \ servers are available. System\n administrators can still use manual\ + \ failover commands to promote a standby even if it results in transaction\n\ + \ loss.\n\nSynchronous mode does not guarantee multi node durability\ + \ of commits under all circumstances. When no suitable\n standby is\ + \ available, primary server will still accept writes, but does not guarantee\ + \ their replication. When\n the primary fails in this mode no standby\ + \ will be promoted. When the host that used to be the primary comes\n\ + \ back it will get promoted automatically, unless system administrator\ + \ performed a manual failover. This behavior\n makes synchronous mode\ + \ usable with 2 node clusters.\n\nWhen synchronous mode is used and\ + \ a standby crashes, commits will block until the primary is switched\ + \ to standalone\n mode. Manually shutting down or restarting a standby\ + \ will not cause a commit service interruption. Standby will\n signal\ + \ the primary to release itself from synchronous standby duties before\ + \ PostgreSQL shutdown is initiated.\n\n**strict-sync**\n\nWhen it is\ + \ absolutely necessary to guarantee that each write is stored durably\ + \ on at least two nodes, use the strict\n synchronous mode. This mode\ + \ prevents synchronous replication to be switched off on the primary\ + \ when no synchronous\n standby candidates are available. As a downside,\ + \ the primary will not be available for writes (unless the Postgres\n\ + \ transaction explicitly turns off `synchronous_mode` parameter), blocking\ + \ all client write requests until at least one\n synchronous replica\ + \ comes up.\n\n**Note**: Because of the way synchronous replication\ + \ is implemented in PostgreSQL it is still possible to lose\n transactions\ + \ even when using strict synchronous mode. If the PostgreSQL backend\ + \ is cancelled while waiting to acknowledge\n replication (as a result\ + \ of packet cancellation due to client timeout or backend failure) transaction\ + \ changes become\n visible for other backends. Such changes are not\ + \ yet replicated and may be lost in case of standby promotion.\n\n**sync-all**\n\ + \nThe same as `sync` but `syncInstances` is ignored and the number of\ + \ synchronous instances is equals to the total number\n of instances\ + \ less one.\n\n**strict-sync-all**\n\nThe same as `strict-sync` but\ + \ `syncInstances` is ignored and the number of synchronous instances\ + \ is equals to the total number\n of instances less one.\n" + displayName: Shards Replication Mode + path: shards.replication.mode + - description: "Number of synchronous standby instances. Must be less than\ + \ the total number of instances. It is set to 1 by default.\n Only\ + \ setteable if mode is `sync` or `strict-sync`.\n" + displayName: Shards Replication Sync Instances + path: shards.replication.syncInstances + - displayName: Shards Metadata Annotations All Resources + path: shards.metadata.annotations.allResources + - displayName: Shards Metadata Annotations Cluster Pods + path: shards.metadata.annotations.clusterPods + - displayName: Shards Metadata Annotations Services + path: shards.metadata.annotations.services + - displayName: Shards Metadata Annotations Primary Service + path: shards.metadata.annotations.primaryService + - displayName: Shards Metadata Annotations Replicas Service + path: shards.metadata.annotations.replicasService + - displayName: Shards Metadata Labels Cluster Pods + path: shards.metadata.labels.clusterPods + - displayName: Shards Metadata Labels Services + path: shards.metadata.labels.services + - description: 'Identifier of the shard StackGres cluster to override (starting + from 0) + + ' + displayName: Shards Overrides Index + path: shards.overrides.index + - description: "Number of StackGres instances per shard's StackGres cluster.\ + \ Each instance contains one Postgres server.\n Out of all of the Postgres\ + \ servers, one is elected as the primary, the rest remain as read-only\ + \ replicas.\n" + displayName: Shards Overrides Instances Per Cluster + path: shards.overrides.instancesPerCluster + - description: 'Name of the [SGInstanceProfile](https://stackgres.io/doc/latest/04-postgres-cluster-management/03-resource-profiles/). + A SGInstanceProfile defines CPU and memory limits. Must exist before + creating a cluster. When no profile is set, a default (currently: 1 + core, 2 GiB RAM) one is used. + + ' + displayName: Shards Overrides SGInstanceProfile + path: shards.overrides.sgInstanceProfile + - description: If true, when any entry of any `SGScript` fail will not prevent + subsequent `SGScript` from being executed. By default is `false`. + displayName: Shards Overrides Managed Sql Continue On SG Script Error + path: shards.overrides.managedSql.continueOnSGScriptError + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The id is immutable and must be unique across all the `SGScript` + entries. It is replaced by the operator and is used to identify the + `SGScript` entry. + displayName: Shards Overrides Managed Sql Scripts Id + path: shards.overrides.managedSql.scripts.id + - description: A reference to an `SGScript` + displayName: Shards Overrides Managed Sql Scripts SGScript + path: shards.overrides.managedSql.scripts.sgScript + - description: 'Size of the PersistentVolume set for each instance of the + cluster. This size is specified either in Mebibytes, Gibibytes or Tebibytes + (multiples of 2^20, 2^30 or 2^40, respectively). + + ' + displayName: Shards Overrides Pods Persistent Volume Size + path: shards.overrides.pods.persistentVolume.size + - description: 'Name of an existing StorageClass in the Kubernetes cluster, + used to create the PersistentVolumes for the instances of the cluster. + + ' + displayName: Shards Overrides Pods Persistent Volume Storage Class + path: shards.overrides.pods.persistentVolume.storageClass + - description: 'If set to `true`, avoids creating a connection pooling (using + [PgBouncer](https://www.pgbouncer.org/)) sidecar. + + + **Changing this field may require a restart.** + + ' + displayName: Shards Overrides Pods Disable Connection Pooling + path: shards.overrides.pods.disableConnectionPooling + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: If set to `true`, avoids creating the Prometheus exporter + sidecar. Recommended when there's no intention to use Prometheus for + monitoring. + displayName: Shards Overrides Pods Disable Metrics Exporter + path: shards.overrides.pods.disableMetricsExporter + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'If set to `true`, avoids creating the `postgres-util` sidecar. + This sidecar contains usual Postgres administration utilities *that + are not present in the main (`patroni`) container*, like `psql`. Only + disable if you know what you are doing. + + + **Changing this field may require a restart.** + + ' + displayName: Shards Overrides Pods Disable Postgres Util + path: shards.overrides.pods.disablePostgresUtil + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'When enabled resource limits for containers other than the + patroni container wil be set just like for patroni contianer as specified + in the SGInstanceProfile. + + + **Changing this field may require a restart.** + + ' + displayName: Shards Overrides Pods Resources Enable Cluster Limits Requirements + path: shards.overrides.pods.resources.enableClusterLimitsRequirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "When set to `true` the resources requests values in fields\ + \ `SGInstanceProfile.spec.requests.cpu` and `SGInstanceProfile.spec.requests.memory`\ + \ will represent the resources\n requests of the patroni container and\ + \ the total resources requests calculated by adding the resources requests\ + \ of all the containers (including the patroni container).\n\n**Changing\ + \ this field may require a restart.**\n" + displayName: Shards Overrides Pods Resources Disable Resources Requests + Split From Total + path: shards.overrides.pods.resources.disableResourcesRequestsSplitFromTotal + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Shards Overrides Pods Scheduling Node Selector + path: shards.overrides.pods.scheduling.nodeSelector + - description: 'Effect indicates the taint effect to match. Empty means + match all taint effects. When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + + + ' + displayName: Shards Overrides Pods Scheduling Tolerations Effect + path: shards.overrides.pods.scheduling.tolerations.effect + - description: Key is the taint key that the toleration applies to. Empty + means match all taint keys. If the key is empty, operator must be Exists; + this combination means to match all values and all keys. + displayName: Shards Overrides Pods Scheduling Tolerations Key + path: shards.overrides.pods.scheduling.tolerations.key + - description: 'Operator represents a key''s relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate all taints of a particular + category. + + + ' + displayName: Shards Overrides Pods Scheduling Tolerations Operator + path: shards.overrides.pods.scheduling.tolerations.operator + - description: TolerationSeconds represents the period of time the toleration + (which must be of effect NoExecute, otherwise this field is ignored) + tolerates the taint. By default, it is not set, which means tolerate + the taint forever (do not evict). Zero and negative values will be treated + as 0 (evict immediately) by the system. + displayName: Shards Overrides Pods Scheduling Tolerations Toleration Seconds + path: shards.overrides.pods.scheduling.tolerations.tolerationSeconds + - description: Value is the taint value the toleration matches to. If the + operator is Exists, the value should be empty, otherwise just a regular + string. + displayName: Shards Overrides Pods Scheduling Tolerations Value + path: shards.overrides.pods.scheduling.tolerations.value + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Key + path: shards.overrides.pods.scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Operator + path: shards.overrides.pods.scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Values + path: shards.overrides.pods.scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Fields Key + path: shards.overrides.pods.scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Fields Operator + path: shards.overrides.pods.scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.operator + - displayName: Shards Overrides Pods Scheduling Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Fields Values + path: shards.overrides.pods.scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.values + - description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + displayName: Shards Overrides Pods Scheduling Node Affinity Preferred + During Scheduling Ignored During Execution Weight + path: shards.overrides.pods.scheduling.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Node Affinity Required During + Scheduling Ignored During Execution Node Selector Terms Match Expressions + Key + path: shards.overrides.pods.scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Node Affinity Required During + Scheduling Ignored During Execution Node Selector Terms Match Expressions + Operator + path: shards.overrides.pods.scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Node Affinity Required During + Scheduling Ignored During Execution Node Selector Terms Match Expressions + Values + path: shards.overrides.pods.scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Node Affinity Required During + Scheduling Ignored During Execution Node Selector Terms Match Fields + Key + path: shards.overrides.pods.scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Node Affinity Required During + Scheduling Ignored During Execution Node Selector Terms Match Fields + Operator + path: shards.overrides.pods.scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.operator + - displayName: Shards Overrides Pods Scheduling Node Affinity Required During + Scheduling Ignored During Execution Node Selector Terms Match Fields + Values + path: shards.overrides.pods.scheduling.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.values + - description: 'Priority indicates the importance of a Pod relative to other + Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the pending Pod possible. + + ' + displayName: Shards Overrides Pods Scheduling Priority Class Name + path: shards.overrides.pods.scheduling.priorityClassName + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Pod Affinity Preferred During + Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Expressions Key + path: shards.overrides.pods.scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Pod Affinity Preferred During + Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Expressions Operator + path: shards.overrides.pods.scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Pod Affinity Preferred During + Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Expressions Values + path: shards.overrides.pods.scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Pod Affinity Preferred During + Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Labels + path: shards.overrides.pods.scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Pod Affinity Preferred During + Scheduling Ignored During Execution Pod Affinity Term Namespace Selector + Match Expressions Key + path: shards.overrides.pods.scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Pod Affinity Preferred During + Scheduling Ignored During Execution Pod Affinity Term Namespace Selector + Match Expressions Operator + path: shards.overrides.pods.scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Pod Affinity Preferred During + Scheduling Ignored During Execution Pod Affinity Term Namespace Selector + Match Expressions Values + path: shards.overrides.pods.scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Pod Affinity Preferred During + Scheduling Ignored During Execution Pod Affinity Term Namespace Selector + Match Labels + path: shards.overrides.pods.scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchLabels + - displayName: Shards Overrides Pods Scheduling Pod Affinity Preferred During + Scheduling Ignored During Execution Pod Affinity Term Namespaces + path: shards.overrides.pods.scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Shards Overrides Pods Scheduling Pod Affinity Preferred During + Scheduling Ignored During Execution Pod Affinity Term Topology Key + path: shards.overrides.pods.scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.topologyKey + - description: weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + displayName: Shards Overrides Pods Scheduling Pod Affinity Preferred During + Scheduling Ignored During Execution Weight + path: shards.overrides.pods.scheduling.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Pod Affinity Required During + Scheduling Ignored During Execution Label Selector Match Expressions + Key + path: shards.overrides.pods.scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Pod Affinity Required During + Scheduling Ignored During Execution Label Selector Match Expressions + Operator + path: shards.overrides.pods.scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Pod Affinity Required During + Scheduling Ignored During Execution Label Selector Match Expressions + Values + path: shards.overrides.pods.scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Pod Affinity Required During + Scheduling Ignored During Execution Label Selector Match Labels + path: shards.overrides.pods.scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Pod Affinity Required During + Scheduling Ignored During Execution Namespace Selector Match Expressions + Key + path: shards.overrides.pods.scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Pod Affinity Required During + Scheduling Ignored During Execution Namespace Selector Match Expressions + Operator + path: shards.overrides.pods.scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Pod Affinity Required During + Scheduling Ignored During Execution Namespace Selector Match Expressions + Values + path: shards.overrides.pods.scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Pod Affinity Required During + Scheduling Ignored During Execution Namespace Selector Match Labels + path: shards.overrides.pods.scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchLabels + - displayName: Shards Overrides Pods Scheduling Pod Affinity Required During + Scheduling Ignored During Execution Namespaces + path: shards.overrides.pods.scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Shards Overrides Pods Scheduling Pod Affinity Required During + Scheduling Ignored During Execution Topology Key + path: shards.overrides.pods.scheduling.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.topologyKey + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Expressions Key + path: shards.overrides.pods.scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Expressions Operator + path: shards.overrides.pods.scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Expressions Values + path: shards.overrides.pods.scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Labels + path: shards.overrides.pods.scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Namespace + Selector Match Expressions Key + path: shards.overrides.pods.scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Namespace + Selector Match Expressions Operator + path: shards.overrides.pods.scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Namespace + Selector Match Expressions Values + path: shards.overrides.pods.scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Namespace + Selector Match Labels + path: shards.overrides.pods.scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchLabels + - displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Namespaces + path: shards.overrides.pods.scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Topology + Key + path: shards.overrides.pods.scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.topologyKey + - description: weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Preferred + During Scheduling Ignored During Execution Weight + path: shards.overrides.pods.scheduling.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Required + During Scheduling Ignored During Execution Label Selector Match Expressions + Key + path: shards.overrides.pods.scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Required + During Scheduling Ignored During Execution Label Selector Match Expressions + Operator + path: shards.overrides.pods.scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Required + During Scheduling Ignored During Execution Label Selector Match Expressions + Values + path: shards.overrides.pods.scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Required + During Scheduling Ignored During Execution Label Selector Match Labels + path: shards.overrides.pods.scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Required + During Scheduling Ignored During Execution Namespace Selector Match + Expressions Key + path: shards.overrides.pods.scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Required + During Scheduling Ignored During Execution Namespace Selector Match + Expressions Operator + path: shards.overrides.pods.scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Required + During Scheduling Ignored During Execution Namespace Selector Match + Expressions Values + path: shards.overrides.pods.scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Required + During Scheduling Ignored During Execution Namespace Selector Match + Labels + path: shards.overrides.pods.scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchLabels + - displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Required + During Scheduling Ignored During Execution Namespaces + path: shards.overrides.pods.scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Shards Overrides Pods Scheduling Pod Anti Affinity Required + During Scheduling Ignored During Execution Topology Key + path: shards.overrides.pods.scheduling.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.topologyKey + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Topology Spread Constraints + Label Selector Match Expressions Key + path: shards.overrides.pods.scheduling.topologySpreadConstraints.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Topology Spread Constraints + Label Selector Match Expressions Operator + path: shards.overrides.pods.scheduling.topologySpreadConstraints.labelSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Topology Spread Constraints + Label Selector Match Expressions Values + path: shards.overrides.pods.scheduling.topologySpreadConstraints.labelSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Topology Spread Constraints + Label Selector Match Labels + path: shards.overrides.pods.scheduling.topologySpreadConstraints.labelSelector.matchLabels + - displayName: Shards Overrides Pods Scheduling Topology Spread Constraints + Match Label Keys + path: shards.overrides.pods.scheduling.topologySpreadConstraints.matchLabelKeys + - description: 'MaxSkew describes the degree to which pods may be unevenly + distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum + permitted difference between the number of matching pods in the target + topology and the global minimum. The global minimum is the minimum number + of matching pods in an eligible domain or zero if the number of eligible + domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector spread as 2/2/1: In + this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P + P | P | - if MaxSkew is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the + ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is + 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that satisfy it. + It''s a required field. Default value is 1 and 0 is not allowed.' + displayName: Shards Overrides Pods Scheduling Topology Spread Constraints + Max Skew + path: shards.overrides.pods.scheduling.topologySpreadConstraints.maxSkew + - description: 'MinDomains indicates a minimum number of eligible domains. + When the number of eligible domains with matching topology keys is less + than minDomains, Pod Topology Spread treats "global minimum" as 0, and + then the calculation of Skew is performed. And when the number of eligible + domains with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when the number + of eligible domains is less than minDomains, scheduler won''t schedule + more than maxSkew Pods to those domains. If value is nil, the constraint + behaves as if MinDomains is equal to 1. Valid values are integers greater + than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is + set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 + | zone2 | zone3 | | P P | P P | P P | The number of domains is + less than 5(MinDomains), so "global minimum" is treated as 0. In this + situation, new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled to any + of the three zones, it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default).' + displayName: Shards Overrides Pods Scheduling Topology Spread Constraints + Min Domains + path: shards.overrides.pods.scheduling.topologySpreadConstraints.minDomains + - description: 'NodeAffinityPolicy indicates how we will treat Pod''s nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options are: - Honor: only + nodes matching nodeAffinity/nodeSelector are included in the calculations. + - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included + in the calculations. + + + If this value is nil, the behavior is equivalent to the Honor policy. + This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag.' + displayName: Shards Overrides Pods Scheduling Topology Spread Constraints + Node Affinity Policy + path: shards.overrides.pods.scheduling.topologySpreadConstraints.nodeAffinityPolicy + - description: 'NodeTaintsPolicy indicates how we will treat node taints + when calculating pod topology spread skew. Options are: - Honor: nodes + without taints, along with tainted nodes for which the incoming pod + has a toleration, are included. - Ignore: node taints are ignored. All + nodes are included. + + + If this value is nil, the behavior is equivalent to the Ignore policy. + This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag.' + displayName: Shards Overrides Pods Scheduling Topology Spread Constraints + Node Taints Policy + path: shards.overrides.pods.scheduling.topologySpreadConstraints.nodeTaintsPolicy + - description: TopologyKey is the key of node labels. Nodes that have a + label with this key and identical values are considered to be in the + same topology. We consider each as a "bucket", and try + to put balanced number of pods into each bucket. We define a domain + as a particular instance of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's a required field. + displayName: Shards Overrides Pods Scheduling Topology Spread Constraints + Topology Key + path: shards.overrides.pods.scheduling.topologySpreadConstraints.topologyKey + - description: "WhenUnsatisfiable indicates how to deal with a pod if it\ + \ doesn't satisfy the spread constraint. - DoNotSchedule (default) tells\ + \ the scheduler not to schedule it. - ScheduleAnyway tells the scheduler\ + \ to schedule the pod in any location,\n but giving higher precedence\ + \ to topologies that would help reduce the\n skew.\nA constraint is\ + \ considered \"Unsatisfiable\" for an incoming pod if and only if every\ + \ possible node assignment for that pod would violate \"MaxSkew\" on\ + \ some topology. For example, in a 3-zone cluster, MaxSkew is set to\ + \ 1, and pods with the same labelSelector spread as 3/1/1: | zone1 |\ + \ zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is\ + \ set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3)\ + \ to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies\ + \ MaxSkew(1). In other words, the cluster can still be imbalanced, but\ + \ scheduler won't make it *more* imbalanced. It's a required field.\n\ + \n" + displayName: Shards Overrides Pods Scheduling Topology Spread Constraints + When Unsatisfiable + path: shards.overrides.pods.scheduling.topologySpreadConstraints.whenUnsatisfiable + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Key + path: shards.overrides.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Operator + path: shards.overrides.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Values + path: shards.overrides.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Fields Key + path: shards.overrides.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Fields Operator + path: shards.overrides.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.operator + - displayName: Shards Overrides Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Preference Match Fields Values + path: shards.overrides.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.values + - description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + displayName: Shards Overrides Pods Scheduling Backup Node Selector Preferred + During Scheduling Ignored During Execution Weight + path: shards.overrides.pods.scheduling.backup.nodeSelector.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Key + path: shards.overrides.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Operator + path: shards.overrides.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Values + path: shards.overrides.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Key + path: shards.overrides.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Operator + path: shards.overrides.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.operator + - displayName: Shards Overrides Pods Scheduling Backup Node Selector Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Values + path: shards.overrides.pods.scheduling.backup.nodeSelector.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.values + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Tolerations Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Key + path: shards.overrides.pods.scheduling.backup.tolerations.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Tolerations Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Operator + path: shards.overrides.pods.scheduling.backup.tolerations.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Tolerations Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Values + path: shards.overrides.pods.scheduling.backup.tolerations.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Tolerations Preferred + During Scheduling Ignored During Execution Preference Match Fields Key + path: shards.overrides.pods.scheduling.backup.tolerations.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Tolerations Preferred + During Scheduling Ignored During Execution Preference Match Fields Operator + path: shards.overrides.pods.scheduling.backup.tolerations.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.operator + - displayName: Shards Overrides Pods Scheduling Backup Tolerations Preferred + During Scheduling Ignored During Execution Preference Match Fields Values + path: shards.overrides.pods.scheduling.backup.tolerations.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.values + - description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + displayName: Shards Overrides Pods Scheduling Backup Tolerations Preferred + During Scheduling Ignored During Execution Weight + path: shards.overrides.pods.scheduling.backup.tolerations.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Tolerations Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Key + path: shards.overrides.pods.scheduling.backup.tolerations.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Tolerations Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Operator + path: shards.overrides.pods.scheduling.backup.tolerations.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Tolerations Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Values + path: shards.overrides.pods.scheduling.backup.tolerations.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Tolerations Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Key + path: shards.overrides.pods.scheduling.backup.tolerations.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Tolerations Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Operator + path: shards.overrides.pods.scheduling.backup.tolerations.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.operator + - displayName: Shards Overrides Pods Scheduling Backup Tolerations Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Values + path: shards.overrides.pods.scheduling.backup.tolerations.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.values + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Key + path: shards.overrides.pods.scheduling.backup.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Operator + path: shards.overrides.pods.scheduling.backup.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Expressions + Values + path: shards.overrides.pods.scheduling.backup.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Fields Key + path: shards.overrides.pods.scheduling.backup.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Fields Operator + path: shards.overrides.pods.scheduling.backup.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.operator + - displayName: Shards Overrides Pods Scheduling Backup Node Affinity Preferred + During Scheduling Ignored During Execution Preference Match Fields Values + path: shards.overrides.pods.scheduling.backup.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.preference.matchFields.values + - description: Weight associated with matching the corresponding nodeSelectorTerm, + in the range 1-100. + displayName: Shards Overrides Pods Scheduling Backup Node Affinity Preferred + During Scheduling Ignored During Execution Weight + path: shards.overrides.pods.scheduling.backup.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Node Affinity Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Key + path: shards.overrides.pods.scheduling.backup.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Node Affinity Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Operator + path: shards.overrides.pods.scheduling.backup.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Node Affinity Required + During Scheduling Ignored During Execution Node Selector Terms Match + Expressions Values + path: shards.overrides.pods.scheduling.backup.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions.values + - description: The label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Node Affinity Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Key + path: shards.overrides.pods.scheduling.backup.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.key + - description: 'Represents a key''s relationship to a set of values. Valid + operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + + + ' + displayName: Shards Overrides Pods Scheduling Backup Node Affinity Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Operator + path: shards.overrides.pods.scheduling.backup.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.operator + - displayName: Shards Overrides Pods Scheduling Backup Node Affinity Required + During Scheduling Ignored During Execution Node Selector Terms Match + Fields Values + path: shards.overrides.pods.scheduling.backup.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchFields.values + - description: 'Priority indicates the importance of a Pod relative to other + Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the pending Pod possible. + + ' + displayName: Shards Overrides Pods Scheduling Backup Priority Class Name + path: shards.overrides.pods.scheduling.backup.priorityClassName + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Expressions Key + path: shards.overrides.pods.scheduling.backup.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Expressions Operator + path: shards.overrides.pods.scheduling.backup.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Expressions Values + path: shards.overrides.pods.scheduling.backup.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Label Selector + Match Labels + path: shards.overrides.pods.scheduling.backup.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Namespace + Selector Match Expressions Key + path: shards.overrides.pods.scheduling.backup.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Namespace + Selector Match Expressions Operator + path: shards.overrides.pods.scheduling.backup.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Namespace + Selector Match Expressions Values + path: shards.overrides.pods.scheduling.backup.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Namespace + Selector Match Labels + path: shards.overrides.pods.scheduling.backup.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchLabels + - displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Namespaces + path: shards.overrides.pods.scheduling.backup.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Preferred + During Scheduling Ignored During Execution Pod Affinity Term Topology + Key + path: shards.overrides.pods.scheduling.backup.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.topologyKey + - description: weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Preferred + During Scheduling Ignored During Execution Weight + path: shards.overrides.pods.scheduling.backup.podAffinity.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Required + During Scheduling Ignored During Execution Label Selector Match Expressions + Key + path: shards.overrides.pods.scheduling.backup.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Required + During Scheduling Ignored During Execution Label Selector Match Expressions + Operator + path: shards.overrides.pods.scheduling.backup.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Required + During Scheduling Ignored During Execution Label Selector Match Expressions + Values + path: shards.overrides.pods.scheduling.backup.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Required + During Scheduling Ignored During Execution Label Selector Match Labels + path: shards.overrides.pods.scheduling.backup.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Required + During Scheduling Ignored During Execution Namespace Selector Match + Expressions Key + path: shards.overrides.pods.scheduling.backup.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Required + During Scheduling Ignored During Execution Namespace Selector Match + Expressions Operator + path: shards.overrides.pods.scheduling.backup.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Required + During Scheduling Ignored During Execution Namespace Selector Match + Expressions Values + path: shards.overrides.pods.scheduling.backup.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Required + During Scheduling Ignored During Execution Namespace Selector Match + Labels + path: shards.overrides.pods.scheduling.backup.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchLabels + - displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Required + During Scheduling Ignored During Execution Namespaces + path: shards.overrides.pods.scheduling.backup.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Shards Overrides Pods Scheduling Backup Pod Affinity Required + During Scheduling Ignored During Execution Topology Key + path: shards.overrides.pods.scheduling.backup.podAffinity.requiredDuringSchedulingIgnoredDuringExecution.topologyKey + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Preferred During Scheduling Ignored During Execution Pod Affinity Term + Label Selector Match Expressions Key + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Preferred During Scheduling Ignored During Execution Pod Affinity Term + Label Selector Match Expressions Operator + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Preferred During Scheduling Ignored During Execution Pod Affinity Term + Label Selector Match Expressions Values + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Preferred During Scheduling Ignored During Execution Pod Affinity Term + Label Selector Match Labels + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Preferred During Scheduling Ignored During Execution Pod Affinity Term + Namespace Selector Match Expressions Key + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Preferred During Scheduling Ignored During Execution Pod Affinity Term + Namespace Selector Match Expressions Operator + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Preferred During Scheduling Ignored During Execution Pod Affinity Term + Namespace Selector Match Expressions Values + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Preferred During Scheduling Ignored During Execution Pod Affinity Term + Namespace Selector Match Labels + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaceSelector.matchLabels + - displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Preferred During Scheduling Ignored During Execution Pod Affinity Term + Namespaces + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Preferred During Scheduling Ignored During Execution Pod Affinity Term + Topology Key + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.podAffinityTerm.topologyKey + - description: weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Preferred During Scheduling Ignored During Execution Weight + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution.weight + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Required During Scheduling Ignored During Execution Label Selector Match + Expressions Key + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Required During Scheduling Ignored During Execution Label Selector Match + Expressions Operator + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Required During Scheduling Ignored During Execution Label Selector Match + Expressions Values + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Required During Scheduling Ignored During Execution Label Selector Match + Labels + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.labelSelector.matchLabels + - description: key is the label key that the selector applies to. + displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Required During Scheduling Ignored During Execution Namespace Selector + Match Expressions Key + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.key + - description: operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Required During Scheduling Ignored During Execution Namespace Selector + Match Expressions Operator + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.operator + - displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Required During Scheduling Ignored During Execution Namespace Selector + Match Expressions Values + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchExpressions.values + - displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Required During Scheduling Ignored During Execution Namespace Selector + Match Labels + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaceSelector.matchLabels + - displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Required During Scheduling Ignored During Execution Namespaces + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.namespaces + - description: This pod should be co-located (affinity) or not co-located + (anti-affinity) with the pods matching the labelSelector in the specified + namespaces, where co-located is defined as running on a node whose value + of the label with key topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey is not allowed. + displayName: Shards Overrides Pods Scheduling Backup Pod Anti Affinity + Required During Scheduling Ignored During Execution Topology Key + path: shards.overrides.pods.scheduling.backup.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution.topologyKey + - description: "managementPolicy controls how pods are created during initial\ + \ scale up, when replacing pods\n on nodes, or when scaling down. The\ + \ default policy is `OrderedReady`, where pods are created\n in increasing\ + \ order (pod-0, then pod-1, etc) and the controller will wait until\ + \ each pod is\n ready before continuing. When scaling down, the pods\ + \ are removed in the opposite order.\n The alternative policy is `Parallel`\ + \ which will create pods in parallel to match the desired\n scale without\ + \ waiting, and on scale down will delete all pods at once.\n" + displayName: Shards Overrides Pods Management Policy + path: shards.overrides.pods.managementPolicy + - description: "Volumes name. Must be a DNS_LABEL and unique within the\ + \ pod.\n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\n\ + \nThe name will be prefixed with the string `custom-` so that when referencing\ + \ them in the\n customInitContainers or customContainers sections the\ + \ name used have to be prepended with\n the same prefix.\n" + displayName: Shards Overrides Pods Custom Volumes Name + path: shards.overrides.pods.customVolumes.name + - description: 'Optional: mode bits used to set permissions on created files + by default. Must be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' + displayName: Shards Overrides Pods Custom Volumes Config Map Default Mode + path: shards.overrides.pods.customVolumes.configMap.defaultMode + - description: The key to project. + displayName: Shards Overrides Pods Custom Volumes Config Map Key + path: shards.overrides.pods.customVolumes.configMap.key + - description: 'Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options that affect + the file mode, like fsGroup, and the result can be other mode bits set.' + displayName: Shards Overrides Pods Custom Volumes Config Map Mode + path: shards.overrides.pods.customVolumes.configMap.mode + - description: The relative path of the file to map the key to. May not + be an absolute path. May not contain the path element '..'. May not + start with the string '..'. + displayName: Shards Overrides Pods Custom Volumes Config Map Path + path: shards.overrides.pods.customVolumes.configMap.path + - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + displayName: Shards Overrides Pods Custom Volumes Config Map Name + path: shards.overrides.pods.customVolumes.configMap.name + - description: Specify whether the ConfigMap or its keys must be defined + displayName: Shards Overrides Pods Custom Volumes Config Map Optional + path: shards.overrides.pods.customVolumes.configMap.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Optional: mode bits to use on created files by default. + Must be a Optional: mode bits used to set permissions on created files + by default. Must be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' + displayName: Shards Overrides Pods Custom Volumes Downward API Default + Mode + path: shards.overrides.pods.customVolumes.downwardAPI.defaultMode + - description: Version of the schema the FieldPath is written in terms of, + defaults to "v1". + displayName: Shards Overrides Pods Custom Volumes Downward API Field Ref + Api Version + path: shards.overrides.pods.customVolumes.downwardAPI.fieldRef.apiVersion + - description: Path of the field to select in the specified API version. + displayName: Shards Overrides Pods Custom Volumes Downward API Field Ref + Field Path + path: shards.overrides.pods.customVolumes.downwardAPI.fieldRef.fieldPath + - description: 'Optional: mode bits used to set permissions on this file, + must be an octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options that affect + the file mode, like fsGroup, and the result can be other mode bits set.' + displayName: Shards Overrides Pods Custom Volumes Downward API Mode + path: shards.overrides.pods.customVolumes.downwardAPI.mode + - description: 'Required: Path is the relative path name of the file to + be created. Must not be absolute or contain the ''..'' path. Must be + utf-8 encoded. The first item of the relative path must not start with + ''..''' + displayName: Shards Overrides Pods Custom Volumes Downward API Path + path: shards.overrides.pods.customVolumes.downwardAPI.path + - description: 'Container name: required for volumes, optional for env vars' + displayName: Shards Overrides Pods Custom Volumes Downward API Resource + Field Ref Container Name + path: shards.overrides.pods.customVolumes.downwardAPI.resourceFieldRef.containerName + - description: "Quantity is a fixed-point representation of a number. It\ + \ provides convenient marshaling/unmarshaling in JSON and YAML, in addition\ + \ to String() and AsInt64() accessors.\n\nThe serialization format is:\n\ + \n ::= \n (Note that \ + \ may be empty, from the \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::= | \ + \ ::= | . | . | .\ + \ ::= \"+\" | \"-\" ::= \ + \ | ::= | \ + \ | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ + \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future\ + \ if we require larger or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type of suffix it had,\ + \ and will use the same type again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa) such that:\n a. No precision is\ + \ lost\n b. No fractional digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe sign will be omitted unless\ + \ the number is negative.\n\nExamples:\n 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the\ + \ quantity will NEVER be internally represented by a floating point\ + \ number. That is the whole point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended to make it difficult to\ + \ use these numbers without writing some sort of special handling code\ + \ in the hopes that that will cause implementors to also use a fixed\ + \ point implementation." + displayName: Shards Overrides Pods Custom Volumes Downward API Resource + Field Ref Divisor + path: shards.overrides.pods.customVolumes.downwardAPI.resourceFieldRef.divisor + - description: 'Required: resource to select' + displayName: Shards Overrides Pods Custom Volumes Downward API Resource + Field Ref Resource + path: shards.overrides.pods.customVolumes.downwardAPI.resourceFieldRef.resource + - description: 'What type of storage medium should back this directory. + The default is "" which means to use the node''s default medium. Must + be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + displayName: Shards Overrides Pods Custom Volumes Empty Dir Medium + path: shards.overrides.pods.customVolumes.emptyDir.medium + - description: "Quantity is a fixed-point representation of a number. It\ + \ provides convenient marshaling/unmarshaling in JSON and YAML, in addition\ + \ to String() and AsInt64() accessors.\n\nThe serialization format is:\n\ + \n ::= \n (Note that \ + \ may be empty, from the \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::= | \ + \ ::= | . | . | .\ + \ ::= \"+\" | \"-\" ::= \ + \ | ::= | \ + \ | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ + \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future\ + \ if we require larger or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type of suffix it had,\ + \ and will use the same type again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa) such that:\n a. No precision is\ + \ lost\n b. No fractional digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe sign will be omitted unless\ + \ the number is negative.\n\nExamples:\n 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the\ + \ quantity will NEVER be internally represented by a floating point\ + \ number. That is the whole point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended to make it difficult to\ + \ use these numbers without writing some sort of special handling code\ + \ in the hopes that that will cause implementors to also use a fixed\ + \ point implementation." + displayName: Shards Overrides Pods Custom Volumes Empty Dir Size Limit + path: shards.overrides.pods.customVolumes.emptyDir.sizeLimit + - description: Target directory name. Must not contain or start with '..'. If + '.' is supplied, the volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository in the subdirectory + with the given name. + displayName: Shards Overrides Pods Custom Volumes Git Repo Directory + path: shards.overrides.pods.customVolumes.gitRepo.directory + - description: Repository URL + displayName: Shards Overrides Pods Custom Volumes Git Repo Repository + path: shards.overrides.pods.customVolumes.gitRepo.repository + - description: Commit hash for the specified revision. + displayName: Shards Overrides Pods Custom Volumes Git Repo Revision + path: shards.overrides.pods.customVolumes.gitRepo.revision + - description: 'EndpointsName is the endpoint name that details Glusterfs + topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + displayName: Shards Overrides Pods Custom Volumes Glusterfs Endpoints + path: shards.overrides.pods.customVolumes.glusterfs.endpoints + - description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + displayName: Shards Overrides Pods Custom Volumes Glusterfs Path + path: shards.overrides.pods.customVolumes.glusterfs.path + - description: 'ReadOnly here will force the Glusterfs volume to be mounted + with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + displayName: Shards Overrides Pods Custom Volumes Glusterfs Read Only + path: shards.overrides.pods.customVolumes.glusterfs.readOnly + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Path of the directory on the host. If the path is a symlink, + it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + displayName: Shards Overrides Pods Custom Volumes Host Path Path + path: shards.overrides.pods.customVolumes.hostPath.path + - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + displayName: Shards Overrides Pods Custom Volumes Host Path Type + path: shards.overrides.pods.customVolumes.hostPath.type + - description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + displayName: Shards Overrides Pods Custom Volumes Nfs Path + path: shards.overrides.pods.customVolumes.nfs.path + - description: 'ReadOnly here will force the NFS export to be mounted with + read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + displayName: Shards Overrides Pods Custom Volumes Nfs Read Only + path: shards.overrides.pods.customVolumes.nfs.readOnly + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + displayName: Shards Overrides Pods Custom Volumes Nfs Server + path: shards.overrides.pods.customVolumes.nfs.server + - description: Mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. Directories within the path are not affected + by this setting. This might be in conflict with other options that affect + the file mode, like fsGroup, and the result can be other mode bits set. + displayName: Shards Overrides Pods Custom Volumes Projected Default Mode + path: shards.overrides.pods.customVolumes.projected.defaultMode + - description: The key to project. + displayName: Shards Overrides Pods Custom Volumes Projected Sources Config + Map Key + path: shards.overrides.pods.customVolumes.projected.sources.configMap.key + - description: 'Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options that affect + the file mode, like fsGroup, and the result can be other mode bits set.' + displayName: Shards Overrides Pods Custom Volumes Projected Sources Config + Map Mode + path: shards.overrides.pods.customVolumes.projected.sources.configMap.mode + - description: The relative path of the file to map the key to. May not + be an absolute path. May not contain the path element '..'. May not + start with the string '..'. + displayName: Shards Overrides Pods Custom Volumes Projected Sources Config + Map Path + path: shards.overrides.pods.customVolumes.projected.sources.configMap.path + - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + displayName: Shards Overrides Pods Custom Volumes Projected Sources Config + Map Name + path: shards.overrides.pods.customVolumes.projected.sources.configMap.name + - description: Specify whether the ConfigMap or its keys must be defined + displayName: Shards Overrides Pods Custom Volumes Projected Sources Config + Map Optional + path: shards.overrides.pods.customVolumes.projected.sources.configMap.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Version of the schema the FieldPath is written in terms of, + defaults to "v1". + displayName: Shards Overrides Pods Custom Volumes Projected Sources Downward + API Field Ref Api Version + path: shards.overrides.pods.customVolumes.projected.sources.downwardAPI.fieldRef.apiVersion + - description: Path of the field to select in the specified API version. + displayName: Shards Overrides Pods Custom Volumes Projected Sources Downward + API Field Ref Field Path + path: shards.overrides.pods.customVolumes.projected.sources.downwardAPI.fieldRef.fieldPath + - description: 'Optional: mode bits used to set permissions on this file, + must be an octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options that affect + the file mode, like fsGroup, and the result can be other mode bits set.' + displayName: Shards Overrides Pods Custom Volumes Projected Sources Downward + API Mode + path: shards.overrides.pods.customVolumes.projected.sources.downwardAPI.mode + - description: 'Required: Path is the relative path name of the file to + be created. Must not be absolute or contain the ''..'' path. Must be + utf-8 encoded. The first item of the relative path must not start with + ''..''' + displayName: Shards Overrides Pods Custom Volumes Projected Sources Downward + API Path + path: shards.overrides.pods.customVolumes.projected.sources.downwardAPI.path + - description: 'Container name: required for volumes, optional for env vars' + displayName: Shards Overrides Pods Custom Volumes Projected Sources Downward + API Resource Field Ref Container Name + path: shards.overrides.pods.customVolumes.projected.sources.downwardAPI.resourceFieldRef.containerName + - description: "Quantity is a fixed-point representation of a number. It\ + \ provides convenient marshaling/unmarshaling in JSON and YAML, in addition\ + \ to String() and AsInt64() accessors.\n\nThe serialization format is:\n\ + \n ::= \n (Note that \ + \ may be empty, from the \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::= | \ + \ ::= | . | . | .\ + \ ::= \"+\" | \"-\" ::= \ + \ | ::= | \ + \ | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ + \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future\ + \ if we require larger or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type of suffix it had,\ + \ and will use the same type again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa) such that:\n a. No precision is\ + \ lost\n b. No fractional digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe sign will be omitted unless\ + \ the number is negative.\n\nExamples:\n 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the\ + \ quantity will NEVER be internally represented by a floating point\ + \ number. That is the whole point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended to make it difficult to\ + \ use these numbers without writing some sort of special handling code\ + \ in the hopes that that will cause implementors to also use a fixed\ + \ point implementation." + displayName: Shards Overrides Pods Custom Volumes Projected Sources Downward + API Resource Field Ref Divisor + path: shards.overrides.pods.customVolumes.projected.sources.downwardAPI.resourceFieldRef.divisor + - description: 'Required: resource to select' + displayName: Shards Overrides Pods Custom Volumes Projected Sources Downward + API Resource Field Ref Resource + path: shards.overrides.pods.customVolumes.projected.sources.downwardAPI.resourceFieldRef.resource + - description: The key to project. + displayName: Shards Overrides Pods Custom Volumes Projected Sources Secret + Key + path: shards.overrides.pods.customVolumes.projected.sources.secret.key + - description: 'Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options that affect + the file mode, like fsGroup, and the result can be other mode bits set.' + displayName: Shards Overrides Pods Custom Volumes Projected Sources Secret + Mode + path: shards.overrides.pods.customVolumes.projected.sources.secret.mode + - description: The relative path of the file to map the key to. May not + be an absolute path. May not contain the path element '..'. May not + start with the string '..'. + displayName: Shards Overrides Pods Custom Volumes Projected Sources Secret + Path + path: shards.overrides.pods.customVolumes.projected.sources.secret.path + - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + displayName: Shards Overrides Pods Custom Volumes Projected Sources Secret + Name + path: shards.overrides.pods.customVolumes.projected.sources.secret.name + - description: Specify whether the Secret or its key must be defined + displayName: Shards Overrides Pods Custom Volumes Projected Sources Secret + Optional + path: shards.overrides.pods.customVolumes.projected.sources.secret.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Audience is the intended audience of the token. A recipient + of a token must identify itself with an identifier specified in the + audience of the token, and otherwise should reject the token. The audience + defaults to the identifier of the apiserver. + displayName: Shards Overrides Pods Custom Volumes Projected Sources Service + Account Token Audience + path: shards.overrides.pods.customVolumes.projected.sources.serviceAccountToken.audience + - description: ExpirationSeconds is the requested duration of validity of + the service account token. As the token approaches expiration, the kubelet + volume plugin will proactively rotate the service account token. The + kubelet will start trying to rotate the token if the token is older + than 80 percent of its time to live or if the token is older than 24 + hours.Defaults to 1 hour and must be at least 10 minutes. + displayName: Shards Overrides Pods Custom Volumes Projected Sources Service + Account Token Expiration Seconds + path: shards.overrides.pods.customVolumes.projected.sources.serviceAccountToken.expirationSeconds + - description: Path is the path relative to the mount point of the file + to project the token into. + displayName: Shards Overrides Pods Custom Volumes Projected Sources Service + Account Token Path + path: shards.overrides.pods.customVolumes.projected.sources.serviceAccountToken.path + - description: 'Optional: mode bits used to set permissions on created files + by default. Must be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, and the + result can be other mode bits set.' + displayName: Shards Overrides Pods Custom Volumes Secret Default Mode + path: shards.overrides.pods.customVolumes.secret.defaultMode + - description: The key to project. + displayName: Shards Overrides Pods Custom Volumes Secret Key + path: shards.overrides.pods.customVolumes.secret.key + - description: 'Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, JSON requires + decimal values for mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other options that affect + the file mode, like fsGroup, and the result can be other mode bits set.' + displayName: Shards Overrides Pods Custom Volumes Secret Mode + path: shards.overrides.pods.customVolumes.secret.mode + - description: The relative path of the file to map the key to. May not + be an absolute path. May not contain the path element '..'. May not + start with the string '..'. + displayName: Shards Overrides Pods Custom Volumes Secret Path + path: shards.overrides.pods.customVolumes.secret.path + - description: Specify whether the Secret or its keys must be defined + displayName: Shards Overrides Pods Custom Volumes Secret Optional + path: shards.overrides.pods.customVolumes.secret.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Name of the secret in the pod''s namespace to use. More + info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + displayName: Shards Overrides Pods Custom Volumes Secret Secret Name + path: shards.overrides.pods.customVolumes.secret.secretName + - displayName: Shards Overrides Pods Custom Init Containers Args + path: shards.overrides.pods.customInitContainers.args + - displayName: Shards Overrides Pods Custom Init Containers Command + path: shards.overrides.pods.customInitContainers.command + - description: Name of the environment variable. Must be a C_IDENTIFIER. + displayName: Shards Overrides Pods Custom Init Containers Env Name + path: shards.overrides.pods.customInitContainers.env.name + - description: 'Variable references $(VAR_NAME) are expanded using the previously + defined environment variables in the container and any service environment + variables. If a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or not. Defaults + to "".' + displayName: Shards Overrides Pods Custom Init Containers Env Value + path: shards.overrides.pods.customInitContainers.env.value + - description: The key to select. + displayName: Shards Overrides Pods Custom Init Containers Env Value From + Config Map Key Ref Key + path: shards.overrides.pods.customInitContainers.env.valueFrom.configMapKeyRef.key + - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + displayName: Shards Overrides Pods Custom Init Containers Env Value From + Config Map Key Ref Name + path: shards.overrides.pods.customInitContainers.env.valueFrom.configMapKeyRef.name + - description: Specify whether the ConfigMap or its key must be defined + displayName: Shards Overrides Pods Custom Init Containers Env Value From + Config Map Key Ref Optional + path: shards.overrides.pods.customInitContainers.env.valueFrom.configMapKeyRef.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Version of the schema the FieldPath is written in terms of, + defaults to "v1". + displayName: Shards Overrides Pods Custom Init Containers Env Value From + Field Ref Api Version + path: shards.overrides.pods.customInitContainers.env.valueFrom.fieldRef.apiVersion + - description: Path of the field to select in the specified API version. + displayName: Shards Overrides Pods Custom Init Containers Env Value From + Field Ref Field Path + path: shards.overrides.pods.customInitContainers.env.valueFrom.fieldRef.fieldPath + - description: 'Container name: required for volumes, optional for env vars' + displayName: Shards Overrides Pods Custom Init Containers Env Value From + Resource Field Ref Container Name + path: shards.overrides.pods.customInitContainers.env.valueFrom.resourceFieldRef.containerName + - description: "Quantity is a fixed-point representation of a number. It\ + \ provides convenient marshaling/unmarshaling in JSON and YAML, in addition\ + \ to String() and AsInt64() accessors.\n\nThe serialization format is:\n\ + \n ::= \n (Note that \ + \ may be empty, from the \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::= | \ + \ ::= | . | . | .\ + \ ::= \"+\" | \"-\" ::= \ + \ | ::= | \ + \ | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ + \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future\ + \ if we require larger or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type of suffix it had,\ + \ and will use the same type again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa) such that:\n a. No precision is\ + \ lost\n b. No fractional digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe sign will be omitted unless\ + \ the number is negative.\n\nExamples:\n 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the\ + \ quantity will NEVER be internally represented by a floating point\ + \ number. That is the whole point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended to make it difficult to\ + \ use these numbers without writing some sort of special handling code\ + \ in the hopes that that will cause implementors to also use a fixed\ + \ point implementation." + displayName: Shards Overrides Pods Custom Init Containers Env Value From + Resource Field Ref Divisor + path: shards.overrides.pods.customInitContainers.env.valueFrom.resourceFieldRef.divisor + - description: 'Required: resource to select' + displayName: Shards Overrides Pods Custom Init Containers Env Value From + Resource Field Ref Resource + path: shards.overrides.pods.customInitContainers.env.valueFrom.resourceFieldRef.resource + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Shards Overrides Pods Custom Init Containers Env Value From + Secret Key Ref Key + path: shards.overrides.pods.customInitContainers.env.valueFrom.secretKeyRef.key + - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + displayName: Shards Overrides Pods Custom Init Containers Env Value From + Secret Key Ref Name + path: shards.overrides.pods.customInitContainers.env.valueFrom.secretKeyRef.name + - description: Specify whether the Secret or its key must be defined + displayName: Shards Overrides Pods Custom Init Containers Env Value From + Secret Key Ref Optional + path: shards.overrides.pods.customInitContainers.env.valueFrom.secretKeyRef.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + displayName: Shards Overrides Pods Custom Init Containers Env From Config + Map Ref Name + path: shards.overrides.pods.customInitContainers.envFrom.configMapRef.name + - description: Specify whether the ConfigMap must be defined + displayName: Shards Overrides Pods Custom Init Containers Env From Config + Map Ref Optional + path: shards.overrides.pods.customInitContainers.envFrom.configMapRef.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: An optional identifier to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + displayName: Shards Overrides Pods Custom Init Containers Env From Prefix + path: shards.overrides.pods.customInitContainers.envFrom.prefix + - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + displayName: Shards Overrides Pods Custom Init Containers Env From Secret + Ref Name + path: shards.overrides.pods.customInitContainers.envFrom.secretRef.name + - description: Specify whether the Secret must be defined + displayName: Shards Overrides Pods Custom Init Containers Env From Secret + Ref Optional + path: shards.overrides.pods.customInitContainers.envFrom.secretRef.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default + or override container images in workload controllers like Deployments + and StatefulSets.' + displayName: Shards Overrides Pods Custom Init Containers Image + path: shards.overrides.pods.customInitContainers.image + - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + displayName: Shards Overrides Pods Custom Init Containers Image Pull Policy + path: shards.overrides.pods.customInitContainers.imagePullPolicy + - displayName: Shards Overrides Pods Custom Init Containers Lifecycle Post + Start Exec Command + path: shards.overrides.pods.customInitContainers.lifecycle.postStart.exec.command + - description: Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Post + Start Http Get Host + path: shards.overrides.pods.customInitContainers.lifecycle.postStart.httpGet.host + - description: The header field name + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Post + Start Http Get Http Headers Name + path: shards.overrides.pods.customInitContainers.lifecycle.postStart.httpGet.httpHeaders.name + - description: The header field value + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Post + Start Http Get Http Headers Value + path: shards.overrides.pods.customInitContainers.lifecycle.postStart.httpGet.httpHeaders.value + - description: Path to access on the HTTP server. + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Post + Start Http Get Path + path: shards.overrides.pods.customInitContainers.lifecycle.postStart.httpGet.path + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Post + Start Http Get Port + path: shards.overrides.pods.customInitContainers.lifecycle.postStart.httpGet.port + - description: Scheme to use for connecting to the host. Defaults to HTTP. + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Post + Start Http Get Scheme + path: shards.overrides.pods.customInitContainers.lifecycle.postStart.httpGet.scheme + - description: 'Optional: Host name to connect to, defaults to the pod IP.' + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Post + Start Tcp Socket Host + path: shards.overrides.pods.customInitContainers.lifecycle.postStart.tcpSocket.host + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Post + Start Tcp Socket Port + path: shards.overrides.pods.customInitContainers.lifecycle.postStart.tcpSocket.port + - displayName: Shards Overrides Pods Custom Init Containers Lifecycle Pre + Stop Exec Command + path: shards.overrides.pods.customInitContainers.lifecycle.preStop.exec.command + - description: Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Pre + Stop Http Get Host + path: shards.overrides.pods.customInitContainers.lifecycle.preStop.httpGet.host + - description: The header field name + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Pre + Stop Http Get Http Headers Name + path: shards.overrides.pods.customInitContainers.lifecycle.preStop.httpGet.httpHeaders.name + - description: The header field value + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Pre + Stop Http Get Http Headers Value + path: shards.overrides.pods.customInitContainers.lifecycle.preStop.httpGet.httpHeaders.value + - description: Path to access on the HTTP server. + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Pre + Stop Http Get Path + path: shards.overrides.pods.customInitContainers.lifecycle.preStop.httpGet.path + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Pre + Stop Http Get Port + path: shards.overrides.pods.customInitContainers.lifecycle.preStop.httpGet.port + - description: Scheme to use for connecting to the host. Defaults to HTTP. + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Pre + Stop Http Get Scheme + path: shards.overrides.pods.customInitContainers.lifecycle.preStop.httpGet.scheme + - description: 'Optional: Host name to connect to, defaults to the pod IP.' + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Pre + Stop Tcp Socket Host + path: shards.overrides.pods.customInitContainers.lifecycle.preStop.tcpSocket.host + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Init Containers Lifecycle Pre + Stop Tcp Socket Port + path: shards.overrides.pods.customInitContainers.lifecycle.preStop.tcpSocket.port + - displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Exec Command + path: shards.overrides.pods.customInitContainers.livenessProbe.exec.command + - description: Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum value is 1. + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Failure Threshold + path: shards.overrides.pods.customInitContainers.livenessProbe.failureThreshold + - description: Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Http Get Host + path: shards.overrides.pods.customInitContainers.livenessProbe.httpGet.host + - description: The header field name + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Http Get Http Headers Name + path: shards.overrides.pods.customInitContainers.livenessProbe.httpGet.httpHeaders.name + - description: The header field value + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Http Get Http Headers Value + path: shards.overrides.pods.customInitContainers.livenessProbe.httpGet.httpHeaders.value + - description: Path to access on the HTTP server. + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Http Get Path + path: shards.overrides.pods.customInitContainers.livenessProbe.httpGet.path + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Http Get Port + path: shards.overrides.pods.customInitContainers.livenessProbe.httpGet.port + - description: Scheme to use for connecting to the host. Defaults to HTTP. + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Http Get Scheme + path: shards.overrides.pods.customInitContainers.livenessProbe.httpGet.scheme + - description: 'Number of seconds after the container has started before + liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Initial Delay Seconds + path: shards.overrides.pods.customInitContainers.livenessProbe.initialDelaySeconds + - description: How often (in seconds) to perform the probe. Default to 10 + seconds. Minimum value is 1. + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Period Seconds + path: shards.overrides.pods.customInitContainers.livenessProbe.periodSeconds + - description: Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Success Threshold + path: shards.overrides.pods.customInitContainers.livenessProbe.successThreshold + - description: 'Optional: Host name to connect to, defaults to the pod IP.' + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Tcp Socket Host + path: shards.overrides.pods.customInitContainers.livenessProbe.tcpSocket.host + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Tcp Socket Port + path: shards.overrides.pods.customInitContainers.livenessProbe.tcpSocket.port + - description: Optional duration in seconds the pod needs to terminate gracefully + upon probe failure. The grace period is the duration in seconds after + the processes running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill signal. Set + this value longer than the expected cleanup time for your process. If + this value is nil, the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature gate. Minimum + value is 1. spec.terminationGracePeriodSeconds is used if unset. + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Termination Grace Period Seconds + path: shards.overrides.pods.customInitContainers.livenessProbe.terminationGracePeriodSeconds + - description: 'Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Init Containers Liveness Probe + Timeout Seconds + path: shards.overrides.pods.customInitContainers.livenessProbe.timeoutSeconds + - description: "Name of the container specified as a DNS_LABEL. Each\n container\ + \ in a pod must have a unique name (DNS_LABEL). Cannot\n be updated.\n\ + \nThe name will be prefixed with the string `custom-` so that when referencing\ + \ it\n in the .spec.containers section of SGInstanceProfile the name\ + \ used have to be\n prepended with the same prefix.\n" + displayName: Shards Overrides Pods Custom Init Containers Name + path: shards.overrides.pods.customInitContainers.name + - description: Number of port to expose on the pod's IP address. This must + be a valid port number, 0 < x < 65536. + displayName: Shards Overrides Pods Custom Init Containers Ports Container + Port + path: shards.overrides.pods.customInitContainers.ports.containerPort + - description: What host IP to bind the external port to. + displayName: Shards Overrides Pods Custom Init Containers Ports Host IP + path: shards.overrides.pods.customInitContainers.ports.hostIP + - description: Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers do not need this. + displayName: Shards Overrides Pods Custom Init Containers Ports Host Port + path: shards.overrides.pods.customInitContainers.ports.hostPort + - description: If specified, this must be an IANA_SVC_NAME and unique within + the pod. Each named port in a pod must have a unique name. Name for + the port that can be referred to by services. + displayName: Shards Overrides Pods Custom Init Containers Ports Name + path: shards.overrides.pods.customInitContainers.ports.name + - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to + "TCP". + displayName: Shards Overrides Pods Custom Init Containers Ports Protocol + path: shards.overrides.pods.customInitContainers.ports.protocol + - displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Exec Command + path: shards.overrides.pods.customInitContainers.readinessProbe.exec.command + - description: Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum value is 1. + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Failure Threshold + path: shards.overrides.pods.customInitContainers.readinessProbe.failureThreshold + - description: Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Http Get Host + path: shards.overrides.pods.customInitContainers.readinessProbe.httpGet.host + - description: The header field name + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Http Get Http Headers Name + path: shards.overrides.pods.customInitContainers.readinessProbe.httpGet.httpHeaders.name + - description: The header field value + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Http Get Http Headers Value + path: shards.overrides.pods.customInitContainers.readinessProbe.httpGet.httpHeaders.value + - description: Path to access on the HTTP server. + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Http Get Path + path: shards.overrides.pods.customInitContainers.readinessProbe.httpGet.path + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Http Get Port + path: shards.overrides.pods.customInitContainers.readinessProbe.httpGet.port + - description: Scheme to use for connecting to the host. Defaults to HTTP. + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Http Get Scheme + path: shards.overrides.pods.customInitContainers.readinessProbe.httpGet.scheme + - description: 'Number of seconds after the container has started before + liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Initial Delay Seconds + path: shards.overrides.pods.customInitContainers.readinessProbe.initialDelaySeconds + - description: How often (in seconds) to perform the probe. Default to 10 + seconds. Minimum value is 1. + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Period Seconds + path: shards.overrides.pods.customInitContainers.readinessProbe.periodSeconds + - description: Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Success Threshold + path: shards.overrides.pods.customInitContainers.readinessProbe.successThreshold + - description: 'Optional: Host name to connect to, defaults to the pod IP.' + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Tcp Socket Host + path: shards.overrides.pods.customInitContainers.readinessProbe.tcpSocket.host + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Tcp Socket Port + path: shards.overrides.pods.customInitContainers.readinessProbe.tcpSocket.port + - description: Optional duration in seconds the pod needs to terminate gracefully + upon probe failure. The grace period is the duration in seconds after + the processes running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill signal. Set + this value longer than the expected cleanup time for your process. If + this value is nil, the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature gate. Minimum + value is 1. spec.terminationGracePeriodSeconds is used if unset. + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Termination Grace Period Seconds + path: shards.overrides.pods.customInitContainers.readinessProbe.terminationGracePeriodSeconds + - description: 'Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Init Containers Readiness Probe + Timeout Seconds + path: shards.overrides.pods.customInitContainers.readinessProbe.timeoutSeconds + - description: "Quantity is a fixed-point representation of a number. It\ + \ provides convenient marshaling/unmarshaling in JSON and YAML, in addition\ + \ to String() and AsInt64() accessors.\n\nThe serialization format is:\n\ + \n ::= \n (Note that \ + \ may be empty, from the \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::= | \ + \ ::= | . | . | .\ + \ ::= \"+\" | \"-\" ::= \ + \ | ::= | \ + \ | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ + \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future\ + \ if we require larger or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type of suffix it had,\ + \ and will use the same type again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa) such that:\n a. No precision is\ + \ lost\n b. No fractional digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe sign will be omitted unless\ + \ the number is negative.\n\nExamples:\n 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the\ + \ quantity will NEVER be internally represented by a floating point\ + \ number. That is the whole point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended to make it difficult to\ + \ use these numbers without writing some sort of special handling code\ + \ in the hopes that that will cause implementors to also use a fixed\ + \ point implementation." + displayName: Shards Overrides Pods Custom Init Containers Resources Limits + path: shards.overrides.pods.customInitContainers.resources.limits + - description: "Quantity is a fixed-point representation of a number. It\ + \ provides convenient marshaling/unmarshaling in JSON and YAML, in addition\ + \ to String() and AsInt64() accessors.\n\nThe serialization format is:\n\ + \n ::= \n (Note that \ + \ may be empty, from the \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::= | \ + \ ::= | . | . | .\ + \ ::= \"+\" | \"-\" ::= \ + \ | ::= | \ + \ | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ + \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future\ + \ if we require larger or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type of suffix it had,\ + \ and will use the same type again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa) such that:\n a. No precision is\ + \ lost\n b. No fractional digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe sign will be omitted unless\ + \ the number is negative.\n\nExamples:\n 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the\ + \ quantity will NEVER be internally represented by a floating point\ + \ number. That is the whole point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended to make it difficult to\ + \ use these numbers without writing some sort of special handling code\ + \ in the hopes that that will cause implementors to also use a fixed\ + \ point implementation." + displayName: Shards Overrides Pods Custom Init Containers Resources Requests + path: shards.overrides.pods.customInitContainers.resources.requests + - description: 'AllowPrivilegeEscalation controls whether a process can + gain more privileges than its parent process. This bool directly controls + if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + displayName: Shards Overrides Pods Custom Init Containers Security Context + Allow Privilege Escalation + path: shards.overrides.pods.customInitContainers.securityContext.allowPrivilegeEscalation + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Shards Overrides Pods Custom Init Containers Security Context + Capabilities Add + path: shards.overrides.pods.customInitContainers.securityContext.capabilities.add + - displayName: Shards Overrides Pods Custom Init Containers Security Context + Capabilities Drop + path: shards.overrides.pods.customInitContainers.securityContext.capabilities.drop + - description: Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. Defaults + to false. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Privileged + path: shards.overrides.pods.customInitContainers.securityContext.privileged + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults + for readonly paths and masked paths. This requires the ProcMountType + feature flag to be enabled. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Proc Mount + path: shards.overrides.pods.customInitContainers.securityContext.procMount + - description: Whether this container has a read-only root filesystem. Default + is false. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Read Only Root Filesystem + path: shards.overrides.pods.customInitContainers.securityContext.readOnlyRootFilesystem + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The GID to run the entrypoint of the container process. Uses + runtime default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Run As Group + path: shards.overrides.pods.customInitContainers.securityContext.runAsGroup + - description: Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that + it does not run as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be performed. May also + be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Run As Non Root + path: shards.overrides.pods.customInitContainers.securityContext.runAsNonRoot + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The UID to run the entrypoint of the container process. Defaults + to user specified in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Run As User + path: shards.overrides.pods.customInitContainers.securityContext.runAsUser + - description: Level is SELinux level label that applies to the container. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Se Linux Options Level + path: shards.overrides.pods.customInitContainers.securityContext.seLinuxOptions.level + - description: Role is a SELinux role label that applies to the container. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Se Linux Options Role + path: shards.overrides.pods.customInitContainers.securityContext.seLinuxOptions.role + - description: Type is a SELinux type label that applies to the container. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Se Linux Options Type + path: shards.overrides.pods.customInitContainers.securityContext.seLinuxOptions.type + - description: User is a SELinux user label that applies to the container. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Se Linux Options User + path: shards.overrides.pods.customInitContainers.securityContext.seLinuxOptions.user + - description: localhostProfile indicates a profile defined in a file on + the node should be used. The profile must be preconfigured on the node + to work. Must be a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type is "Localhost". + displayName: Shards Overrides Pods Custom Init Containers Security Context + Seccomp Profile Localhost Profile + path: shards.overrides.pods.customInitContainers.securityContext.seccompProfile.localhostProfile + - description: 'type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied.' + displayName: Shards Overrides Pods Custom Init Containers Security Context + Seccomp Profile Type + path: shards.overrides.pods.customInitContainers.securityContext.seccompProfile.type + - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName + field. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Windows Options Gmsa Credential Spec + path: shards.overrides.pods.customInitContainers.securityContext.windowsOptions.gmsaCredentialSpec + - description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Windows Options Gmsa Credential Spec Name + path: shards.overrides.pods.customInitContainers.securityContext.windowsOptions.gmsaCredentialSpecName + - description: HostProcess determines if a container should be run as a + 'Host Process' container. This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag will result in errors + when validating the Pod. All of a Pod's containers must have the same + effective HostProcess value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Windows Options Host Process + path: shards.overrides.pods.customInitContainers.securityContext.windowsOptions.hostProcess + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The UserName in Windows to run the entrypoint of the container + process. Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext takes + precedence. + displayName: Shards Overrides Pods Custom Init Containers Security Context + Windows Options Run As User Name + path: shards.overrides.pods.customInitContainers.securityContext.windowsOptions.runAsUserName + - displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Exec Command + path: shards.overrides.pods.customInitContainers.startupProbe.exec.command + - description: Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum value is 1. + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Failure Threshold + path: shards.overrides.pods.customInitContainers.startupProbe.failureThreshold + - description: Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Http Get Host + path: shards.overrides.pods.customInitContainers.startupProbe.httpGet.host + - description: The header field name + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Http Get Http Headers Name + path: shards.overrides.pods.customInitContainers.startupProbe.httpGet.httpHeaders.name + - description: The header field value + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Http Get Http Headers Value + path: shards.overrides.pods.customInitContainers.startupProbe.httpGet.httpHeaders.value + - description: Path to access on the HTTP server. + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Http Get Path + path: shards.overrides.pods.customInitContainers.startupProbe.httpGet.path + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Http Get Port + path: shards.overrides.pods.customInitContainers.startupProbe.httpGet.port + - description: Scheme to use for connecting to the host. Defaults to HTTP. + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Http Get Scheme + path: shards.overrides.pods.customInitContainers.startupProbe.httpGet.scheme + - description: 'Number of seconds after the container has started before + liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Initial Delay Seconds + path: shards.overrides.pods.customInitContainers.startupProbe.initialDelaySeconds + - description: How often (in seconds) to perform the probe. Default to 10 + seconds. Minimum value is 1. + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Period Seconds + path: shards.overrides.pods.customInitContainers.startupProbe.periodSeconds + - description: Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Success Threshold + path: shards.overrides.pods.customInitContainers.startupProbe.successThreshold + - description: 'Optional: Host name to connect to, defaults to the pod IP.' + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Tcp Socket Host + path: shards.overrides.pods.customInitContainers.startupProbe.tcpSocket.host + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Tcp Socket Port + path: shards.overrides.pods.customInitContainers.startupProbe.tcpSocket.port + - description: Optional duration in seconds the pod needs to terminate gracefully + upon probe failure. The grace period is the duration in seconds after + the processes running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill signal. Set + this value longer than the expected cleanup time for your process. If + this value is nil, the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature gate. Minimum + value is 1. spec.terminationGracePeriodSeconds is used if unset. + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Termination Grace Period Seconds + path: shards.overrides.pods.customInitContainers.startupProbe.terminationGracePeriodSeconds + - description: 'Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Init Containers Startup Probe + Timeout Seconds + path: shards.overrides.pods.customInitContainers.startupProbe.timeoutSeconds + - description: Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin in the + container will always result in EOF. Default is false. + displayName: Shards Overrides Pods Custom Init Containers Stdin + path: shards.overrides.pods.customInitContainers.stdin + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is true the + stdin stream will remain open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, a container + processes that reads from stdin will never receive an EOF. Default is + false + displayName: Shards Overrides Pods Custom Init Containers Stdin Once + path: shards.overrides.pods.customInitContainers.stdinOnce + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, such + as an assertion failure message. Will be truncated by the node if greater + than 4096 bytes. The total message length across all containers will + be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + displayName: Shards Overrides Pods Custom Init Containers Termination + Message Path + path: shards.overrides.pods.customInitContainers.terminationMessagePath + - description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate the + container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination message + file is empty and the container exited with an error. The log output + is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + displayName: Shards Overrides Pods Custom Init Containers Termination + Message Policy + path: shards.overrides.pods.customInitContainers.terminationMessagePolicy + - description: Whether this container should allocate a TTY for itself, + also requires 'stdin' to be true. Default is false. + displayName: Shards Overrides Pods Custom Init Containers Tty + path: shards.overrides.pods.customInitContainers.tty + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: devicePath is the path inside of the container that the device + will be mapped to. + displayName: Shards Overrides Pods Custom Init Containers Volume Devices + Device Path + path: shards.overrides.pods.customInitContainers.volumeDevices.devicePath + - description: name must match the name of a persistentVolumeClaim in the + pod + displayName: Shards Overrides Pods Custom Init Containers Volume Devices + Name + path: shards.overrides.pods.customInitContainers.volumeDevices.name + - description: Path within the container at which the volume should be mounted. Must + not contain ':'. + displayName: Shards Overrides Pods Custom Init Containers Volume Mounts + Mount Path + path: shards.overrides.pods.customInitContainers.volumeMounts.mountPath + - description: mountPropagation determines how mounts are propagated from + the host to container and the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + displayName: Shards Overrides Pods Custom Init Containers Volume Mounts + Mount Propagation + path: shards.overrides.pods.customInitContainers.volumeMounts.mountPropagation + - description: This must match the Name of a Volume. + displayName: Shards Overrides Pods Custom Init Containers Volume Mounts + Name + path: shards.overrides.pods.customInitContainers.volumeMounts.name + - description: Mounted read-only if true, read-write otherwise (false or + unspecified). Defaults to false. + displayName: Shards Overrides Pods Custom Init Containers Volume Mounts + Read Only + path: shards.overrides.pods.customInitContainers.volumeMounts.readOnly + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + displayName: Shards Overrides Pods Custom Init Containers Volume Mounts + Sub Path + path: shards.overrides.pods.customInitContainers.volumeMounts.subPath + - description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + displayName: Shards Overrides Pods Custom Init Containers Volume Mounts + Sub Path Expr + path: shards.overrides.pods.customInitContainers.volumeMounts.subPathExpr + - description: Container's working directory. If not specified, the container + runtime's default will be used, which might be configured in the container + image. Cannot be updated. + displayName: Shards Overrides Pods Custom Init Containers Working Dir + path: shards.overrides.pods.customInitContainers.workingDir + - displayName: Shards Overrides Pods Custom Containers Args + path: shards.overrides.pods.customContainers.args + - displayName: Shards Overrides Pods Custom Containers Command + path: shards.overrides.pods.customContainers.command + - description: Name of the environment variable. Must be a C_IDENTIFIER. + displayName: Shards Overrides Pods Custom Containers Env Name + path: shards.overrides.pods.customContainers.env.name + - description: 'Variable references $(VAR_NAME) are expanded using the previously + defined environment variables in the container and any service environment + variables. If a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists or not. Defaults + to "".' + displayName: Shards Overrides Pods Custom Containers Env Value + path: shards.overrides.pods.customContainers.env.value + - description: The key to select. + displayName: Shards Overrides Pods Custom Containers Env Value From Config + Map Key Ref Key + path: shards.overrides.pods.customContainers.env.valueFrom.configMapKeyRef.key + - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + displayName: Shards Overrides Pods Custom Containers Env Value From Config + Map Key Ref Name + path: shards.overrides.pods.customContainers.env.valueFrom.configMapKeyRef.name + - description: Specify whether the ConfigMap or its key must be defined + displayName: Shards Overrides Pods Custom Containers Env Value From Config + Map Key Ref Optional + path: shards.overrides.pods.customContainers.env.valueFrom.configMapKeyRef.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Version of the schema the FieldPath is written in terms of, + defaults to "v1". + displayName: Shards Overrides Pods Custom Containers Env Value From Field + Ref Api Version + path: shards.overrides.pods.customContainers.env.valueFrom.fieldRef.apiVersion + - description: Path of the field to select in the specified API version. + displayName: Shards Overrides Pods Custom Containers Env Value From Field + Ref Field Path + path: shards.overrides.pods.customContainers.env.valueFrom.fieldRef.fieldPath + - description: 'Container name: required for volumes, optional for env vars' + displayName: Shards Overrides Pods Custom Containers Env Value From Resource + Field Ref Container Name + path: shards.overrides.pods.customContainers.env.valueFrom.resourceFieldRef.containerName + - description: "Quantity is a fixed-point representation of a number. It\ + \ provides convenient marshaling/unmarshaling in JSON and YAML, in addition\ + \ to String() and AsInt64() accessors.\n\nThe serialization format is:\n\ + \n ::= \n (Note that \ + \ may be empty, from the \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::= | \ + \ ::= | . | . | .\ + \ ::= \"+\" | \"-\" ::= \ + \ | ::= | \ + \ | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ + \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future\ + \ if we require larger or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type of suffix it had,\ + \ and will use the same type again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa) such that:\n a. No precision is\ + \ lost\n b. No fractional digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe sign will be omitted unless\ + \ the number is negative.\n\nExamples:\n 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the\ + \ quantity will NEVER be internally represented by a floating point\ + \ number. That is the whole point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended to make it difficult to\ + \ use these numbers without writing some sort of special handling code\ + \ in the hopes that that will cause implementors to also use a fixed\ + \ point implementation." + displayName: Shards Overrides Pods Custom Containers Env Value From Resource + Field Ref Divisor + path: shards.overrides.pods.customContainers.env.valueFrom.resourceFieldRef.divisor + - description: 'Required: resource to select' + displayName: Shards Overrides Pods Custom Containers Env Value From Resource + Field Ref Resource + path: shards.overrides.pods.customContainers.env.valueFrom.resourceFieldRef.resource + - description: The key of the secret to select from. Must be a valid secret + key. + displayName: Shards Overrides Pods Custom Containers Env Value From Secret + Key Ref Key + path: shards.overrides.pods.customContainers.env.valueFrom.secretKeyRef.key + - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + displayName: Shards Overrides Pods Custom Containers Env Value From Secret + Key Ref Name + path: shards.overrides.pods.customContainers.env.valueFrom.secretKeyRef.name + - description: Specify whether the Secret or its key must be defined + displayName: Shards Overrides Pods Custom Containers Env Value From Secret + Key Ref Optional + path: shards.overrides.pods.customContainers.env.valueFrom.secretKeyRef.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + displayName: Shards Overrides Pods Custom Containers Env From Config Map + Ref Name + path: shards.overrides.pods.customContainers.envFrom.configMapRef.name + - description: Specify whether the ConfigMap must be defined + displayName: Shards Overrides Pods Custom Containers Env From Config Map + Ref Optional + path: shards.overrides.pods.customContainers.envFrom.configMapRef.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: An optional identifier to prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + displayName: Shards Overrides Pods Custom Containers Env From Prefix + path: shards.overrides.pods.customContainers.envFrom.prefix + - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + displayName: Shards Overrides Pods Custom Containers Env From Secret Ref + Name + path: shards.overrides.pods.customContainers.envFrom.secretRef.name + - description: Specify whether the Secret must be defined + displayName: Shards Overrides Pods Custom Containers Env From Secret Ref + Optional + path: shards.overrides.pods.customContainers.envFrom.secretRef.optional + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management to default + or override container images in workload controllers like Deployments + and StatefulSets.' + displayName: Shards Overrides Pods Custom Containers Image + path: shards.overrides.pods.customContainers.image + - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults + to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + displayName: Shards Overrides Pods Custom Containers Image Pull Policy + path: shards.overrides.pods.customContainers.imagePullPolicy + - displayName: Shards Overrides Pods Custom Containers Lifecycle Post Start + Exec Command + path: shards.overrides.pods.customContainers.lifecycle.postStart.exec.command + - description: Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + displayName: Shards Overrides Pods Custom Containers Lifecycle Post Start + Http Get Host + path: shards.overrides.pods.customContainers.lifecycle.postStart.httpGet.host + - description: The header field name + displayName: Shards Overrides Pods Custom Containers Lifecycle Post Start + Http Get Http Headers Name + path: shards.overrides.pods.customContainers.lifecycle.postStart.httpGet.httpHeaders.name + - description: The header field value + displayName: Shards Overrides Pods Custom Containers Lifecycle Post Start + Http Get Http Headers Value + path: shards.overrides.pods.customContainers.lifecycle.postStart.httpGet.httpHeaders.value + - description: Path to access on the HTTP server. + displayName: Shards Overrides Pods Custom Containers Lifecycle Post Start + Http Get Path + path: shards.overrides.pods.customContainers.lifecycle.postStart.httpGet.path + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Containers Lifecycle Post Start + Http Get Port + path: shards.overrides.pods.customContainers.lifecycle.postStart.httpGet.port + - description: Scheme to use for connecting to the host. Defaults to HTTP. + displayName: Shards Overrides Pods Custom Containers Lifecycle Post Start + Http Get Scheme + path: shards.overrides.pods.customContainers.lifecycle.postStart.httpGet.scheme + - description: 'Optional: Host name to connect to, defaults to the pod IP.' + displayName: Shards Overrides Pods Custom Containers Lifecycle Post Start + Tcp Socket Host + path: shards.overrides.pods.customContainers.lifecycle.postStart.tcpSocket.host + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Containers Lifecycle Post Start + Tcp Socket Port + path: shards.overrides.pods.customContainers.lifecycle.postStart.tcpSocket.port + - displayName: Shards Overrides Pods Custom Containers Lifecycle Pre Stop + Exec Command + path: shards.overrides.pods.customContainers.lifecycle.preStop.exec.command + - description: Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + displayName: Shards Overrides Pods Custom Containers Lifecycle Pre Stop + Http Get Host + path: shards.overrides.pods.customContainers.lifecycle.preStop.httpGet.host + - description: The header field name + displayName: Shards Overrides Pods Custom Containers Lifecycle Pre Stop + Http Get Http Headers Name + path: shards.overrides.pods.customContainers.lifecycle.preStop.httpGet.httpHeaders.name + - description: The header field value + displayName: Shards Overrides Pods Custom Containers Lifecycle Pre Stop + Http Get Http Headers Value + path: shards.overrides.pods.customContainers.lifecycle.preStop.httpGet.httpHeaders.value + - description: Path to access on the HTTP server. + displayName: Shards Overrides Pods Custom Containers Lifecycle Pre Stop + Http Get Path + path: shards.overrides.pods.customContainers.lifecycle.preStop.httpGet.path + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Containers Lifecycle Pre Stop + Http Get Port + path: shards.overrides.pods.customContainers.lifecycle.preStop.httpGet.port + - description: Scheme to use for connecting to the host. Defaults to HTTP. + displayName: Shards Overrides Pods Custom Containers Lifecycle Pre Stop + Http Get Scheme + path: shards.overrides.pods.customContainers.lifecycle.preStop.httpGet.scheme + - description: 'Optional: Host name to connect to, defaults to the pod IP.' + displayName: Shards Overrides Pods Custom Containers Lifecycle Pre Stop + Tcp Socket Host + path: shards.overrides.pods.customContainers.lifecycle.preStop.tcpSocket.host + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Containers Lifecycle Pre Stop + Tcp Socket Port + path: shards.overrides.pods.customContainers.lifecycle.preStop.tcpSocket.port + - displayName: Shards Overrides Pods Custom Containers Liveness Probe Exec + Command + path: shards.overrides.pods.customContainers.livenessProbe.exec.command + - description: Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum value is 1. + displayName: Shards Overrides Pods Custom Containers Liveness Probe Failure + Threshold + path: shards.overrides.pods.customContainers.livenessProbe.failureThreshold + - description: Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + displayName: Shards Overrides Pods Custom Containers Liveness Probe Http + Get Host + path: shards.overrides.pods.customContainers.livenessProbe.httpGet.host + - description: The header field name + displayName: Shards Overrides Pods Custom Containers Liveness Probe Http + Get Http Headers Name + path: shards.overrides.pods.customContainers.livenessProbe.httpGet.httpHeaders.name + - description: The header field value + displayName: Shards Overrides Pods Custom Containers Liveness Probe Http + Get Http Headers Value + path: shards.overrides.pods.customContainers.livenessProbe.httpGet.httpHeaders.value + - description: Path to access on the HTTP server. + displayName: Shards Overrides Pods Custom Containers Liveness Probe Http + Get Path + path: shards.overrides.pods.customContainers.livenessProbe.httpGet.path + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Containers Liveness Probe Http + Get Port + path: shards.overrides.pods.customContainers.livenessProbe.httpGet.port + - description: Scheme to use for connecting to the host. Defaults to HTTP. + displayName: Shards Overrides Pods Custom Containers Liveness Probe Http + Get Scheme + path: shards.overrides.pods.customContainers.livenessProbe.httpGet.scheme + - description: 'Number of seconds after the container has started before + liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Containers Liveness Probe Initial + Delay Seconds + path: shards.overrides.pods.customContainers.livenessProbe.initialDelaySeconds + - description: How often (in seconds) to perform the probe. Default to 10 + seconds. Minimum value is 1. + displayName: Shards Overrides Pods Custom Containers Liveness Probe Period + Seconds + path: shards.overrides.pods.customContainers.livenessProbe.periodSeconds + - description: Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + displayName: Shards Overrides Pods Custom Containers Liveness Probe Success + Threshold + path: shards.overrides.pods.customContainers.livenessProbe.successThreshold + - description: 'Optional: Host name to connect to, defaults to the pod IP.' + displayName: Shards Overrides Pods Custom Containers Liveness Probe Tcp + Socket Host + path: shards.overrides.pods.customContainers.livenessProbe.tcpSocket.host + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Containers Liveness Probe Tcp + Socket Port + path: shards.overrides.pods.customContainers.livenessProbe.tcpSocket.port + - description: Optional duration in seconds the pod needs to terminate gracefully + upon probe failure. The grace period is the duration in seconds after + the processes running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill signal. Set + this value longer than the expected cleanup time for your process. If + this value is nil, the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature gate. Minimum + value is 1. spec.terminationGracePeriodSeconds is used if unset. + displayName: Shards Overrides Pods Custom Containers Liveness Probe Termination + Grace Period Seconds + path: shards.overrides.pods.customContainers.livenessProbe.terminationGracePeriodSeconds + - description: 'Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Containers Liveness Probe Timeout + Seconds + path: shards.overrides.pods.customContainers.livenessProbe.timeoutSeconds + - description: "Name of the container specified as a DNS_LABEL. Each\n container\ + \ in a pod must have a unique name (DNS_LABEL). Cannot\n be updated.\n\ + \nThe name will be prefixed with the string `custom-` so that when referencing\ + \ it\n in the .spec.containers section of SGInstanceProfile the name\ + \ used have to be\n prepended with the same prefix.\n" + displayName: Shards Overrides Pods Custom Containers Name + path: shards.overrides.pods.customContainers.name + - description: Number of port to expose on the pod's IP address. This must + be a valid port number, 0 < x < 65536. + displayName: Shards Overrides Pods Custom Containers Ports Container Port + path: shards.overrides.pods.customContainers.ports.containerPort + - description: What host IP to bind the external port to. + displayName: Shards Overrides Pods Custom Containers Ports Host IP + path: shards.overrides.pods.customContainers.ports.hostIP + - description: Number of port to expose on the host. If specified, this + must be a valid port number, 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers do not need this. + displayName: Shards Overrides Pods Custom Containers Ports Host Port + path: shards.overrides.pods.customContainers.ports.hostPort + - description: If specified, this must be an IANA_SVC_NAME and unique within + the pod. Each named port in a pod must have a unique name. Name for + the port that can be referred to by services. + displayName: Shards Overrides Pods Custom Containers Ports Name + path: shards.overrides.pods.customContainers.ports.name + - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to + "TCP". + displayName: Shards Overrides Pods Custom Containers Ports Protocol + path: shards.overrides.pods.customContainers.ports.protocol + - displayName: Shards Overrides Pods Custom Containers Readiness Probe Exec + Command + path: shards.overrides.pods.customContainers.readinessProbe.exec.command + - description: Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum value is 1. + displayName: Shards Overrides Pods Custom Containers Readiness Probe Failure + Threshold + path: shards.overrides.pods.customContainers.readinessProbe.failureThreshold + - description: Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + displayName: Shards Overrides Pods Custom Containers Readiness Probe Http + Get Host + path: shards.overrides.pods.customContainers.readinessProbe.httpGet.host + - description: The header field name + displayName: Shards Overrides Pods Custom Containers Readiness Probe Http + Get Http Headers Name + path: shards.overrides.pods.customContainers.readinessProbe.httpGet.httpHeaders.name + - description: The header field value + displayName: Shards Overrides Pods Custom Containers Readiness Probe Http + Get Http Headers Value + path: shards.overrides.pods.customContainers.readinessProbe.httpGet.httpHeaders.value + - description: Path to access on the HTTP server. + displayName: Shards Overrides Pods Custom Containers Readiness Probe Http + Get Path + path: shards.overrides.pods.customContainers.readinessProbe.httpGet.path + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Containers Readiness Probe Http + Get Port + path: shards.overrides.pods.customContainers.readinessProbe.httpGet.port + - description: Scheme to use for connecting to the host. Defaults to HTTP. + displayName: Shards Overrides Pods Custom Containers Readiness Probe Http + Get Scheme + path: shards.overrides.pods.customContainers.readinessProbe.httpGet.scheme + - description: 'Number of seconds after the container has started before + liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Containers Readiness Probe Initial + Delay Seconds + path: shards.overrides.pods.customContainers.readinessProbe.initialDelaySeconds + - description: How often (in seconds) to perform the probe. Default to 10 + seconds. Minimum value is 1. + displayName: Shards Overrides Pods Custom Containers Readiness Probe Period + Seconds + path: shards.overrides.pods.customContainers.readinessProbe.periodSeconds + - description: Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + displayName: Shards Overrides Pods Custom Containers Readiness Probe Success + Threshold + path: shards.overrides.pods.customContainers.readinessProbe.successThreshold + - description: 'Optional: Host name to connect to, defaults to the pod IP.' + displayName: Shards Overrides Pods Custom Containers Readiness Probe Tcp + Socket Host + path: shards.overrides.pods.customContainers.readinessProbe.tcpSocket.host + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Containers Readiness Probe Tcp + Socket Port + path: shards.overrides.pods.customContainers.readinessProbe.tcpSocket.port + - description: Optional duration in seconds the pod needs to terminate gracefully + upon probe failure. The grace period is the duration in seconds after + the processes running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill signal. Set + this value longer than the expected cleanup time for your process. If + this value is nil, the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature gate. Minimum + value is 1. spec.terminationGracePeriodSeconds is used if unset. + displayName: Shards Overrides Pods Custom Containers Readiness Probe Termination + Grace Period Seconds + path: shards.overrides.pods.customContainers.readinessProbe.terminationGracePeriodSeconds + - description: 'Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Containers Readiness Probe Timeout + Seconds + path: shards.overrides.pods.customContainers.readinessProbe.timeoutSeconds + - description: "Quantity is a fixed-point representation of a number. It\ + \ provides convenient marshaling/unmarshaling in JSON and YAML, in addition\ + \ to String() and AsInt64() accessors.\n\nThe serialization format is:\n\ + \n ::= \n (Note that \ + \ may be empty, from the \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::= | \ + \ ::= | . | . | .\ + \ ::= \"+\" | \"-\" ::= \ + \ | ::= | \ + \ | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ + \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future\ + \ if we require larger or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type of suffix it had,\ + \ and will use the same type again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa) such that:\n a. No precision is\ + \ lost\n b. No fractional digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe sign will be omitted unless\ + \ the number is negative.\n\nExamples:\n 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the\ + \ quantity will NEVER be internally represented by a floating point\ + \ number. That is the whole point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended to make it difficult to\ + \ use these numbers without writing some sort of special handling code\ + \ in the hopes that that will cause implementors to also use a fixed\ + \ point implementation." + displayName: Shards Overrides Pods Custom Containers Resources Limits + path: shards.overrides.pods.customContainers.resources.limits + - description: "Quantity is a fixed-point representation of a number. It\ + \ provides convenient marshaling/unmarshaling in JSON and YAML, in addition\ + \ to String() and AsInt64() accessors.\n\nThe serialization format is:\n\ + \n ::= \n (Note that \ + \ may be empty, from the \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::= | \ + \ ::= | . | . | .\ + \ ::= \"+\" | \"-\" ::= \ + \ | ::= | \ + \ | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\ + \ (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future\ + \ if we require larger or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type of suffix it had,\ + \ and will use the same type again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa) such that:\n a. No precision is\ + \ lost\n b. No fractional digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe sign will be omitted unless\ + \ the number is negative.\n\nExamples:\n 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the\ + \ quantity will NEVER be internally represented by a floating point\ + \ number. That is the whole point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended to make it difficult to\ + \ use these numbers without writing some sort of special handling code\ + \ in the hopes that that will cause implementors to also use a fixed\ + \ point implementation." + displayName: Shards Overrides Pods Custom Containers Resources Requests + path: shards.overrides.pods.customContainers.resources.requests + - description: 'AllowPrivilegeEscalation controls whether a process can + gain more privileges than its parent process. This bool directly controls + if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' + displayName: Shards Overrides Pods Custom Containers Security Context + Allow Privilege Escalation + path: shards.overrides.pods.customContainers.securityContext.allowPrivilegeEscalation + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - displayName: Shards Overrides Pods Custom Containers Security Context + Capabilities Add + path: shards.overrides.pods.customContainers.securityContext.capabilities.add + - displayName: Shards Overrides Pods Custom Containers Security Context + Capabilities Drop + path: shards.overrides.pods.customContainers.securityContext.capabilities.drop + - description: Run container in privileged mode. Processes in privileged + containers are essentially equivalent to root on the host. Defaults + to false. + displayName: Shards Overrides Pods Custom Containers Security Context + Privileged + path: shards.overrides.pods.customContainers.securityContext.privileged + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults + for readonly paths and masked paths. This requires the ProcMountType + feature flag to be enabled. + displayName: Shards Overrides Pods Custom Containers Security Context + Proc Mount + path: shards.overrides.pods.customContainers.securityContext.procMount + - description: Whether this container has a read-only root filesystem. Default + is false. + displayName: Shards Overrides Pods Custom Containers Security Context + Read Only Root Filesystem + path: shards.overrides.pods.customContainers.securityContext.readOnlyRootFilesystem + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The GID to run the entrypoint of the container process. Uses + runtime default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, the value specified + in SecurityContext takes precedence. + displayName: Shards Overrides Pods Custom Containers Security Context + Run As Group + path: shards.overrides.pods.customContainers.securityContext.runAsGroup + - description: Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that + it does not run as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be performed. May also + be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + displayName: Shards Overrides Pods Custom Containers Security Context + Run As Non Root + path: shards.overrides.pods.customContainers.securityContext.runAsNonRoot + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The UID to run the entrypoint of the container process. Defaults + to user specified in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + displayName: Shards Overrides Pods Custom Containers Security Context + Run As User + path: shards.overrides.pods.customContainers.securityContext.runAsUser + - description: Level is SELinux level label that applies to the container. + displayName: Shards Overrides Pods Custom Containers Security Context + Se Linux Options Level + path: shards.overrides.pods.customContainers.securityContext.seLinuxOptions.level + - description: Role is a SELinux role label that applies to the container. + displayName: Shards Overrides Pods Custom Containers Security Context + Se Linux Options Role + path: shards.overrides.pods.customContainers.securityContext.seLinuxOptions.role + - description: Type is a SELinux type label that applies to the container. + displayName: Shards Overrides Pods Custom Containers Security Context + Se Linux Options Type + path: shards.overrides.pods.customContainers.securityContext.seLinuxOptions.type + - description: User is a SELinux user label that applies to the container. + displayName: Shards Overrides Pods Custom Containers Security Context + Se Linux Options User + path: shards.overrides.pods.customContainers.securityContext.seLinuxOptions.user + - description: localhostProfile indicates a profile defined in a file on + the node should be used. The profile must be preconfigured on the node + to work. Must be a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type is "Localhost". + displayName: Shards Overrides Pods Custom Containers Security Context + Seccomp Profile Localhost Profile + path: shards.overrides.pods.customContainers.securityContext.seccompProfile.localhostProfile + - description: 'type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied.' + displayName: Shards Overrides Pods Custom Containers Security Context + Seccomp Profile Type + path: shards.overrides.pods.customContainers.securityContext.seccompProfile.type + - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName + field. + displayName: Shards Overrides Pods Custom Containers Security Context + Windows Options Gmsa Credential Spec + path: shards.overrides.pods.customContainers.securityContext.windowsOptions.gmsaCredentialSpec + - description: GMSACredentialSpecName is the name of the GMSA credential + spec to use. + displayName: Shards Overrides Pods Custom Containers Security Context + Windows Options Gmsa Credential Spec Name + path: shards.overrides.pods.customContainers.securityContext.windowsOptions.gmsaCredentialSpecName + - description: HostProcess determines if a container should be run as a + 'Host Process' container. This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag will result in errors + when validating the Pod. All of a Pod's containers must have the same + effective HostProcess value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, if HostProcess + is true then HostNetwork must also be set to true. + displayName: Shards Overrides Pods Custom Containers Security Context + Windows Options Host Process + path: shards.overrides.pods.customContainers.securityContext.windowsOptions.hostProcess + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The UserName in Windows to run the entrypoint of the container + process. Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext takes + precedence. + displayName: Shards Overrides Pods Custom Containers Security Context + Windows Options Run As User Name + path: shards.overrides.pods.customContainers.securityContext.windowsOptions.runAsUserName + - displayName: Shards Overrides Pods Custom Containers Startup Probe Exec + Command + path: shards.overrides.pods.customContainers.startupProbe.exec.command + - description: Minimum consecutive failures for the probe to be considered + failed after having succeeded. Defaults to 3. Minimum value is 1. + displayName: Shards Overrides Pods Custom Containers Startup Probe Failure + Threshold + path: shards.overrides.pods.customContainers.startupProbe.failureThreshold + - description: Host name to connect to, defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + displayName: Shards Overrides Pods Custom Containers Startup Probe Http + Get Host + path: shards.overrides.pods.customContainers.startupProbe.httpGet.host + - description: The header field name + displayName: Shards Overrides Pods Custom Containers Startup Probe Http + Get Http Headers Name + path: shards.overrides.pods.customContainers.startupProbe.httpGet.httpHeaders.name + - description: The header field value + displayName: Shards Overrides Pods Custom Containers Startup Probe Http + Get Http Headers Value + path: shards.overrides.pods.customContainers.startupProbe.httpGet.httpHeaders.value + - description: Path to access on the HTTP server. + displayName: Shards Overrides Pods Custom Containers Startup Probe Http + Get Path + path: shards.overrides.pods.customContainers.startupProbe.httpGet.path + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Containers Startup Probe Http + Get Port + path: shards.overrides.pods.customContainers.startupProbe.httpGet.port + - description: Scheme to use for connecting to the host. Defaults to HTTP. + displayName: Shards Overrides Pods Custom Containers Startup Probe Http + Get Scheme + path: shards.overrides.pods.customContainers.startupProbe.httpGet.scheme + - description: 'Number of seconds after the container has started before + liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Containers Startup Probe Initial + Delay Seconds + path: shards.overrides.pods.customContainers.startupProbe.initialDelaySeconds + - description: How often (in seconds) to perform the probe. Default to 10 + seconds. Minimum value is 1. + displayName: Shards Overrides Pods Custom Containers Startup Probe Period + Seconds + path: shards.overrides.pods.customContainers.startupProbe.periodSeconds + - description: Minimum consecutive successes for the probe to be considered + successful after having failed. Defaults to 1. Must be 1 for liveness + and startup. Minimum value is 1. + displayName: Shards Overrides Pods Custom Containers Startup Probe Success + Threshold + path: shards.overrides.pods.customContainers.startupProbe.successThreshold + - description: 'Optional: Host name to connect to, defaults to the pod IP.' + displayName: Shards Overrides Pods Custom Containers Startup Probe Tcp + Socket Host + path: shards.overrides.pods.customContainers.startupProbe.tcpSocket.host + - description: IntOrString is a type that can hold an int32 or a string. When + used in JSON or YAML marshalling and unmarshalling, it produces or consumes + the inner type. This allows you to have, for example, a JSON field + that can accept a name or number. + displayName: Shards Overrides Pods Custom Containers Startup Probe Tcp + Socket Port + path: shards.overrides.pods.customContainers.startupProbe.tcpSocket.port + - description: Optional duration in seconds the pod needs to terminate gracefully + upon probe failure. The grace period is the duration in seconds after + the processes running in the pod are sent a termination signal and the + time when the processes are forcibly halted with a kill signal. Set + this value longer than the expected cleanup time for your process. If + this value is nil, the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by the pod spec. + Value must be non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature gate. Minimum + value is 1. spec.terminationGracePeriodSeconds is used if unset. + displayName: Shards Overrides Pods Custom Containers Startup Probe Termination + Grace Period Seconds + path: shards.overrides.pods.customContainers.startupProbe.terminationGracePeriodSeconds + - description: 'Number of seconds after which the probe times out. Defaults + to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + displayName: Shards Overrides Pods Custom Containers Startup Probe Timeout + Seconds + path: shards.overrides.pods.customContainers.startupProbe.timeoutSeconds + - description: Whether this container should allocate a buffer for stdin + in the container runtime. If this is not set, reads from stdin in the + container will always result in EOF. Default is false. + displayName: Shards Overrides Pods Custom Containers Stdin + path: shards.overrides.pods.customContainers.stdin + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Whether the container runtime should close the stdin channel + after it has been opened by a single attach. When stdin is true the + stdin stream will remain open across multiple attach sessions. If stdinOnce + is set to true, stdin is opened on container start, is empty until the + first client attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag is false, a container + processes that reads from stdin will never receive an EOF. Default is + false + displayName: Shards Overrides Pods Custom Containers Stdin Once + path: shards.overrides.pods.customContainers.stdinOnce + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Optional: Path at which the file to which the container''s + termination message will be written is mounted into the container''s + filesystem. Message written is intended to be brief final status, such + as an assertion failure message. Will be truncated by the node if greater + than 4096 bytes. The total message length across all containers will + be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + displayName: Shards Overrides Pods Custom Containers Termination Message + Path + path: shards.overrides.pods.customContainers.terminationMessagePath + - description: Indicate how the termination message should be populated. + File will use the contents of terminationMessagePath to populate the + container status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output if the termination message + file is empty and the container exited with an error. The log output + is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults + to File. Cannot be updated. + displayName: Shards Overrides Pods Custom Containers Termination Message + Policy + path: shards.overrides.pods.customContainers.terminationMessagePolicy + - description: Whether this container should allocate a TTY for itself, + also requires 'stdin' to be true. Default is false. + displayName: Shards Overrides Pods Custom Containers Tty + path: shards.overrides.pods.customContainers.tty + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: devicePath is the path inside of the container that the device + will be mapped to. + displayName: Shards Overrides Pods Custom Containers Volume Devices Device + Path + path: shards.overrides.pods.customContainers.volumeDevices.devicePath + - description: name must match the name of a persistentVolumeClaim in the + pod + displayName: Shards Overrides Pods Custom Containers Volume Devices Name + path: shards.overrides.pods.customContainers.volumeDevices.name + - description: Path within the container at which the volume should be mounted. Must + not contain ':'. + displayName: Shards Overrides Pods Custom Containers Volume Mounts Mount + Path + path: shards.overrides.pods.customContainers.volumeMounts.mountPath + - description: mountPropagation determines how mounts are propagated from + the host to container and the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + displayName: Shards Overrides Pods Custom Containers Volume Mounts Mount + Propagation + path: shards.overrides.pods.customContainers.volumeMounts.mountPropagation + - description: This must match the Name of a Volume. + displayName: Shards Overrides Pods Custom Containers Volume Mounts Name + path: shards.overrides.pods.customContainers.volumeMounts.name + - description: Mounted read-only if true, read-write otherwise (false or + unspecified). Defaults to false. + displayName: Shards Overrides Pods Custom Containers Volume Mounts Read + Only + path: shards.overrides.pods.customContainers.volumeMounts.readOnly + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Path within the volume from which the container's volume + should be mounted. Defaults to "" (volume's root). + displayName: Shards Overrides Pods Custom Containers Volume Mounts Sub + Path + path: shards.overrides.pods.customContainers.volumeMounts.subPath + - description: Expanded path within the volume from which the container's + volume should be mounted. Behaves similarly to SubPath but environment + variable references $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr and SubPath are mutually + exclusive. + displayName: Shards Overrides Pods Custom Containers Volume Mounts Sub + Path Expr + path: shards.overrides.pods.customContainers.volumeMounts.subPathExpr + - description: Container's working directory. If not specified, the container + runtime's default will be used, which might be configured in the container + image. Cannot be updated. + displayName: Shards Overrides Pods Custom Containers Working Dir + path: shards.overrides.pods.customContainers.workingDir + - description: 'Name of the [SGPostgresConfig](https://stackgres.io/doc/latest/reference/crd/sgpgconfig) + used for the cluster. It must exist. When not set, a default Postgres + config, for the major version selected, is used. + + ' + displayName: Shards Overrides Configurations SGPostgresConfig + path: shards.overrides.configurations.sgPostgresConfig + - description: 'Name of the [SGPoolingConfig](https://stackgres.io/doc/latest/reference/crd/sgpoolconfig) + used for this cluster. Each pod contains a sidecar with a connection + pooler (currently: [PgBouncer](https://www.pgbouncer.org/)). The connection + pooler is implemented as a sidecar. + + + If not set, a default configuration will be used. Disabling connection + pooling altogether is possible if the disableConnectionPooling property + of the pods object is set to true. + + ' + displayName: Shards Overrides Configurations SGPoolingConfig + path: shards.overrides.configurations.sgPoolingConfig + - description: "The replication mode applied to the whole cluster.\nPossible\ + \ values are:\n* `async` (default)\n* `sync`\n* `strict-sync`\n* `sync-all`\n\ + * `strict-sync-all`\n\n**async**\n\nWhen in asynchronous mode the cluster\ + \ is allowed to lose some committed transactions.\n When the primary\ + \ server fails or becomes unavailable for any other reason a sufficiently\ + \ healthy standby\n will automatically be promoted to primary. Any\ + \ transactions that have not been replicated to that standby\n remain\ + \ in a \"forked timeline\" on the primary, and are effectively unrecoverable\ + \ (the data is still there,\n but recovering it requires a manual recovery\ + \ effort by data recovery specialists).\n\n**sync**\n\nWhen in synchronous\ + \ mode a standby will not be promoted unless it is certain that the\ + \ standby contains all\n transactions that may have returned a successful\ + \ commit status to client (clients can change the behavior\n per transaction\ + \ using PostgreSQL’s `synchronous_commit` setting. Transactions with\ + \ `synchronous_commit`\n values of `off` and `local` may be lost on\ + \ fail over, but will not be blocked by replication delays). This\n\ + \ means that the system may be unavailable for writes even though some\ + \ servers are available. System\n administrators can still use manual\ + \ failover commands to promote a standby even if it results in transaction\n\ + \ loss.\n\nSynchronous mode does not guarantee multi node durability\ + \ of commits under all circumstances. When no suitable\n standby is\ + \ available, primary server will still accept writes, but does not guarantee\ + \ their replication. When\n the primary fails in this mode no standby\ + \ will be promoted. When the host that used to be the primary comes\n\ + \ back it will get promoted automatically, unless system administrator\ + \ performed a manual failover. This behavior\n makes synchronous mode\ + \ usable with 2 node clusters.\n\nWhen synchronous mode is used and\ + \ a standby crashes, commits will block until the primary is switched\ + \ to standalone\n mode. Manually shutting down or restarting a standby\ + \ will not cause a commit service interruption. Standby will\n signal\ + \ the primary to release itself from synchronous standby duties before\ + \ PostgreSQL shutdown is initiated.\n\n**strict-sync**\n\nWhen it is\ + \ absolutely necessary to guarantee that each write is stored durably\ + \ on at least two nodes, use the strict\n synchronous mode. This mode\ + \ prevents synchronous replication to be switched off on the primary\ + \ when no synchronous\n standby candidates are available. As a downside,\ + \ the primary will not be available for writes (unless the Postgres\n\ + \ transaction explicitly turns off `synchronous_mode` parameter), blocking\ + \ all client write requests until at least one\n synchronous replica\ + \ comes up.\n\n**Note**: Because of the way synchronous replication\ + \ is implemented in PostgreSQL it is still possible to lose\n transactions\ + \ even when using strict synchronous mode. If the PostgreSQL backend\ + \ is cancelled while waiting to acknowledge\n replication (as a result\ + \ of packet cancellation due to client timeout or backend failure) transaction\ + \ changes become\n visible for other backends. Such changes are not\ + \ yet replicated and may be lost in case of standby promotion.\n\n**sync-all**\n\ + \nThe same as `sync` but `syncInstances` is ignored and the number of\ + \ synchronous instances is equals to the total number\n of instances\ + \ less one.\n\n**strict-sync-all**\n\nThe same as `strict-sync` but\ + \ `syncInstances` is ignored and the number of synchronous instances\ + \ is equals to the total number\n of instances less one.\n" + displayName: Shards Overrides Replication Mode + path: shards.overrides.replication.mode + - description: "Number of synchronous standby instances. Must be less than\ + \ the total number of instances. It is set to 1 by default.\n Only\ + \ setteable if mode is `sync` or `strict-sync`.\n" + displayName: Shards Overrides Replication Sync Instances + path: shards.overrides.replication.syncInstances + - displayName: Shards Overrides Metadata Annotations All Resources + path: shards.overrides.metadata.annotations.allResources + - displayName: Shards Overrides Metadata Annotations Cluster Pods + path: shards.overrides.metadata.annotations.clusterPods + - displayName: Shards Overrides Metadata Annotations Services + path: shards.overrides.metadata.annotations.services + - displayName: Shards Overrides Metadata Annotations Primary Service + path: shards.overrides.metadata.annotations.primaryService + - displayName: Shards Overrides Metadata Annotations Replicas Service + path: shards.overrides.metadata.annotations.replicasService + - displayName: Shards Overrides Metadata Labels Cluster Pods + path: shards.overrides.metadata.labels.clusterPods + - displayName: Shards Overrides Metadata Labels Services + path: shards.overrides.metadata.labels.services + - description: 'If enabled, a ServiceMonitor is created for each Prometheus + instance found in order to collect metrics. + + ' + displayName: Prometheus Autobind + path: prometheusAutobind + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'Name of the [SGDistributedLogs](https://stackgres.io/doc/latest/reference/crd/sgdistributedlogs/) + to use for this cluster. It must exist. + + ' + displayName: SGDistributedLogs Reference + path: distributedLogs.sgDistributedLogs + - description: "Define a retention window with the syntax ` (minutes|hours|days|months)`\ + \ in which log entries are kept.\n Log entries will be removed when\ + \ they get older more than the double of the specified retention window.\n\ + \nWhen this field is changed the retention will be applied only to log\ + \ entries that are newer than the end of\n the retention window previously\ + \ specified. If no retention window was previously specified it is considered\n\ + \ to be of 7 days. This means that if previous retention window is\ + \ of `7 days` new retention configuration will\n apply after UTC timestamp\ + \ calculated with: `SELECT date_trunc('days', now() at time zone 'UTC')\ + \ - INTERVAL '7 days'`.\n" + displayName: Distributed Logs Retention + path: distributedLogs.retention + - description: 'It is a best practice, on non-containerized environments, + when running production workloads, to run each database server on a + different server (virtual or physical), i.e., not to co-locate more + than one database server per host. + + + The same best practice applies to databases on containers. By default, + StackGres will not allow to run more than one StackGres pod on a given + Kubernetes node. Set this property to true to allow more than one StackGres + pod per node. + + + This property default value may be changed depending on the value of + field `.spec.profile`. + + + This property default value may be changed depending on the value of + field `.spec.profile`. + + ' + displayName: Non Production Options Disable Cluster Pod Anti Affinity + path: nonProductionOptions.disableClusterPodAntiAffinity + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'It is a best practice, on containerized environments, when + running production workloads, to enforce container''s resources requirements. + + + The same best practice applies to databases on containers. By default, + StackGres will configure resource requirements for patroni container. + Set this property to true to prevent StackGres from setting patroni + container''s resources requirement. + + + This property default value may be changed depending on the value of + field `.spec.profile`. + + ' + displayName: Non Production Options Disable Patroni Resource Requirements + path: nonProductionOptions.disablePatroniResourceRequirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'It is a best practice, on containerized environments, when + running production workloads, to enforce container''s resources requirements. + + + By default, StackGres will configure resource requirements for all the + containers. Set this property to true to prevent StackGres from setting + container''s resources requirements (except for patroni container, see + `disablePatroniResourceRequirements`). + + + This property default value may be changed depending on the value of + field `.spec.profile`. + + ' + displayName: Non Production Options Disable Cluster Resource Requirements + path: nonProductionOptions.disableClusterResourceRequirements + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's cpu requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ cpu than it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs on the node.\n\ + \nBy default, StackGres will configure cpu requirements to have the\ + \ same limit and request for the patroni container. Set this property\ + \ to true to prevent StackGres from setting patroni container's cpu\ + \ requirements request equals to the limit\n when `.spec.requests.cpu`\ + \ is configured in the referenced `SGInstanceProfile`.\n" + displayName: Non Production Options Enable Set Patroni Cpu Requests + path: nonProductionOptions.enableSetPatroniCpuRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's cpu requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ cpu than it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs on the node.\n\ + \nBy default, StackGres will configure cpu requirements to have the\ + \ same limit and request for all the containers. Set this property to\ + \ true to prevent StackGres from setting container's cpu requirements\ + \ request equals to the limit (except for patroni container, see `enablePatroniCpuRequests`)\n\ + \ when `.spec.requests.containers..cpu` `.spec.requests.initContainers..cpu` is configured in the referenced `SGInstanceProfile`.\n" + displayName: Non Production Options Enable Set Cluster Cpu Requests + path: nonProductionOptions.enableSetClusterCpuRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's memory requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ memory than it requires.\n\nBy default, StackGres will configure memory\ + \ requirements to have the same limit and request for the patroni container.\ + \ Set this property to true to prevent StackGres from setting patroni\ + \ container's memory requirements request equals to the limit\n when\ + \ `.spec.requests.memory` is configured in the referenced `SGInstanceProfile`.\n" + displayName: Non Production Options Enable Set Patroni Memory Requests + path: nonProductionOptions.enableSetPatroniMemoryRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: "**Deprecated** this value is ignored and you can consider\ + \ it as always `true`.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's memory requirements request\ + \ to be equals to the limit allow to achieve the highest level of performance.\ + \ Doing so, reduces the chances of leaving\n the workload with less\ + \ memory than it requires.\n\nBy default, StackGres will configure memory\ + \ requirements to have the same limit and request for all the containers.\ + \ Set this property to true to prevent StackGres from setting container's\ + \ memory requirements request equals to the limit (except for patroni\ + \ container, see `enablePatroniCpuRequests`)\n when `.spec.requests.containers..memory` `.spec.requests.initContainers..memory`\ + \ is configured in the referenced `SGInstanceProfile`.\n" + displayName: Non Production Options Enable Set Cluster Memory Requests + path: nonProductionOptions.enableSetClusterMemoryRequests + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The name of the fature gate to enable. + displayName: Non Production Options Enabled Feature Gates + path: nonProductionOptions.enabledFeatureGates + - description: "When set to the name of an existing [SGShardedBackup](https://stackgres.io/doc/latest/reference/crd/sgshardedbackup),\ + \ the sharded cluster is initialized by restoring the\n backup data\ + \ to it. If not set, the sharded cluster is initialized empty. The selected\ + \ sharded backup must be in the same namespace.\n" + displayName: Initial Data Restore From Backup Name + path: initialData.restore.fromBackup.name + - description: "Specify the [recovery_target_inclusive](https://postgresqlco.nf/doc/en/param/recovery_target_timeline/)\ + \ to stop recovery just after the specified\n recovery target (true),\ + \ or just before the recovery target (false). Applies when targetLsn,\ + \ pointInTimeRecovery, or targetXid is specified. This\n setting controls\ + \ whether transactions having exactly the target WAL location (LSN),\ + \ commit time, or transaction ID, respectively, will be included\n \ + \ in the recovery. Default is true.\n" + displayName: Initial Data Restore From Backup Target Inclusive + path: initialData.restore.fromBackup.targetInclusive + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: 'An ISO 8601 date, that holds UTC date indicating at which + point-in-time the database have to be restored. + + ' + displayName: Initial Data Restore From Backup Point In Time Recovery Restore + To Timestamp + path: initialData.restore.fromBackup.pointInTimeRecovery.restoreToTimestamp + - description: 'The backup fetch process may fetch several streams in parallel. + Parallel fetching is enabled when set to a value larger than one. + + + If not specified it will be interpreted as latest. + + ' + displayName: Initial Data Restore Download Disk Concurrency + path: initialData.restore.downloadDiskConcurrency + - path: '' + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podCount + - path: '' + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:podCount + - displayName: Replicate From Instance SGCluster Reference + path: '' + - path: '' + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - path: '' + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - path: '' + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - path: '' + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - path: '' + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - path: '' + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - path: '' + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - path: '' + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - path: '' + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - path: '' + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - path: '' + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:selector:core:v1:Secret + - path: '' + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - displayName: Configurations Backups SGObjectStorage + path: '' + - displayName: Configurations Backups SGObjectStorage + path: '' + statusDescriptors: + - displayName: Conditions + path: conditions + x-descriptors: + - urn:alm:descriptor:io.kubernetes.conditions + - description: Last time the condition transitioned from one status to another. + displayName: Conditions Last Transition Time + path: conditions.lastTransitionTime + - description: A human readable message indicating details about the transition. + displayName: Conditions Message + path: conditions.message + - description: The reason for the condition's last transition. + displayName: Conditions Reason + path: conditions.reason + - description: Status of the condition, one of True, False, Unknown. + displayName: Conditions Status + path: conditions.status + - description: Type of deployment condition. + displayName: Conditions Type + path: conditions.type + - description: The name of the cluster. + displayName: Cluster Statuses Name + path: clusterStatuses.name + - description: Indicates if the cluster requires restart + displayName: Cluster Statuses Pending Restart + path: clusterStatuses.pendingRestart + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: The name of the extension to install. + displayName: To Install Postgres Extensions Name + path: toInstallPostgresExtensions.name + - description: The id of the publisher of the extension to install. + displayName: To Install Postgres Extensions Publisher + path: toInstallPostgresExtensions.publisher + - description: The version of the extension to install. + displayName: To Install Postgres Extensions Version + path: toInstallPostgresExtensions.version + - description: The repository base URL from where the extension will be + installed from. + displayName: To Install Postgres Extensions Repository + path: toInstallPostgresExtensions.repository + - description: The postgres major version of the extension to install. + displayName: To Install Postgres Extensions Postgres Version + path: toInstallPostgresExtensions.postgresVersion + - description: The build version of the extension to install. + displayName: To Install Postgres Extensions Build + path: toInstallPostgresExtensions.build + - description: The extra mount of the installed extension. + displayName: To Install Postgres Extensions Extra Mounts + path: toInstallPostgresExtensions.extraMounts + - description: The name of the Secret as specified in [Service Binding spec + for provisioned service](https://servicebinding.io/spec/core/1.0.0/#provisioned-service). + displayName: Binding Name + path: binding.name + - description: 'One of the SGBackups that compose the SGShardedBackup used + to restore the sharded cluster. + + ' + displayName: SGBackups + path: sgBackups + version: v1alpha1 + - kind: SGShardedDbOps + name: sgshardeddbops.stackgres.io + version: v1 + description: ' + + [StackGres](https://stackgres.io) is the **Stack** required for enterprise production + Post**Gres**. A fully-featured platform to run Postgres on Kubernetes. Fully Open + Source, StackGres supports both a declarative approach suitable for GitOps workflows + and a complete Web Console for the best user experience. + + + Built by [OnGres](https://ongres.com) ("**On** Post**Gres**"), StackGres requires + little to no prior Postgres experience. StackGres can perform fully automated + deployments; fully automated database operations ("Day 2 operations") and comes + with advanced database tuning by default. Yet remaining highly customizable for + Postgres expert DBAs. + + + [StackGres features](https://stackgres.io/features/) include, among others: + + + * **High Availability with automated failover**. StackGres relies on [Patroni](https://github.com/zalando/patroni), + and its built-in and fully automatic. + + * **Integrated connection pooling**. Built-in, by default, like it should be for + production workloads. + + * **Automatic backups with lifecycle policies**. Backup your clusters automatically + to any object store. Apply retention policies. Restoration supports PITR. + + * **Advanced replication modes**, including async, sync and group replication. + It also supports cascading replication and standby clusters on separate Kubernetes + clusters for disaster recovery. + + * **More than 150 Postgres extensions**. The Postgres platform with [the largest + number of extensions in the world](https://stackgres.io/extensions/). With new + extensions added continuously. + + * **Observability**. Fully integrated with the Prometheus stack. Includes pre-defined, + Postgres-specific dashboards and alerts. + + * **Fully-featured Web Console**. Perform any operation from the Web Console. + Supports SSO, fine-grained RBAC and a REST API. + + * **Distributed Logs**. StackGres developed a mechanism to ship logs from all + pods to a central log server, managed by StackGres, that store logs in Postgres. + Query your logs with SQL or from the Web Console! + + * **Automated Day 2 Operations**. Minor and major version upgrades, container + upgrades, controlled restart, vacuum, repack, even benchmarks! + + * **Expertly tuned by default**. From the creators of [CONF](https://postgresqlco.nf), + StackGres pre-tunes your Postgres servers with more than 40 parameters tuned by + default. + + * **100% Open Source**. No "premium version with advanced features", no production + usage restrictions. Just Open Source. + + * **[24/7 Support](https://stackgres.io/pricing/) Available from OnGres** + + + ## Installation and documentation + + + Installation: + + * For a quick test, you can follow our [quickstart](https://stackgres.io/doc/latest/demo/quickstart/). + + * [Production installations](https://stackgres.io/doc/latest/install/). + + + All the documentation is available at [stackgres.io/doc](https://stackgres.io/doc/latest/install/). + + + Join the [Slack](https://slack.stackgres.io) and/or [Discord](https://discord.stackgres.io) + Public Communities for Community support. + + ' + displayName: StackGres + icon: + - base64data: 'PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCA1MDAg + + NTAwIiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCA1MDAgNTAwIiB4bWw6c3BhY2U9 + + InByZXNlcnZlIj4KICAgIDxzd2l0Y2g+CiAgICAgICAgPGc+CiAgICAgICAgICAgIDxwYXRoIHN0 + + eWxlPSJmaWxsOiM0MmE4YzgiIGQ9Im01LjIgMjczLjcgMTEwLjcgMTI2LjhoMjY4LjJsMTEwLjct + + MTI2LjgtMTEwLjctMTI2LjhIMTE1Ljl6Ii8+CiAgICAgICAgICAgIDxwYXRoIHN0eWxlPSJmaWxs + + OiM0MjZkODgiIGQ9Ik0xMTUuOSA0MDAuNWgyNjguNHY1Ni40SDExNS45eiIvPgogICAgICAgICAg + + ICA8cGF0aCBzdHlsZT0iZmlsbDojNDI4YmI0IiBkPSJNMTE1LjkgNDU2LjggNS4yIDMzMHYtNTYu + + M2wxMTAuNyAxMjYuOHoiLz4KICAgICAgICAgICAgPHBhdGggc3R5bGU9ImZpbGw6IzE2NjU3YyIg + + ZD0iTTM4NC4xIDQ1Ni44IDQ5NC44IDMzMHYtNTYuM0wzODQuMSA0MDAuNXoiLz4KICAgICAgICAg + + ICAgPHBhdGggZD0iTTQ2NS43IDI1My40YzAtNDctOTYuNi04NS4yLTIxNS43LTg1LjJTMzQuNCAy + + MDYuMyAzNC40IDI1My40czk2LjUgODUuMiAyMTUuNiA4NS4yIDIxNS43LTM4LjIgMjE1LjctODUu + + MnoiIHN0eWxlPSJmaWxsOiMzOWI1NGEiLz4KICAgICAgICAgICAgPHBhdGggZD0iTTQ2NS43IDI1 + + My40YzAgNDctOTYuNiA4NS4yLTIxNS43IDg1LjJTMzQuNCAzMDAuNCAzNC40IDI1My40djQ2Ljlj + + MTQuOSA0MS4zIDEwNi41IDg1LjIgMjE1LjYgODUuMnMyMDAuOC00My45IDIxNS43LTg1LjJ2LTQ2 + + Ljl6IiBzdHlsZT0iZmlsbDojMDA5MjQ1Ii8+CiAgICAgICAgICAgIDxwYXRoIHN0eWxlPSJmaWxs + + OiNmMmM2M2YiIGQ9Ik0xNi4zIDE3OC42IDI1MCAzMTQuMWwyMzMuOC0xMzUuNUwyNTAgNDMuMnoi + + Lz4KICAgICAgICAgICAgPHBhdGggc3R5bGU9ImZpbGw6I2YyYjEzNiIgZD0iTTE2LjMgMTc4LjZ2 + + NTIuOEwyNTAgMzY2Ljl2LTUyLjh6Ii8+CiAgICAgICAgICAgIDxwYXRoIHN0eWxlPSJmaWxsOiNm + + MmExMzAiIGQ9Ik00ODMuOCAxNzguNiAyNTAgMzE0LjF2NTIuOGwyMzMuOC0xMzUuNXoiLz4KICAg + + ICAgICAgICAgPHBhdGggc3R5bGU9ImZpbGw6I2ZmNzEyNCIgZD0ibTY4IDIxMi40IDM2NC4xLTUz + + LTkyLjQtMTA2eiIvPgogICAgICAgICAgICA8cGF0aCBzdHlsZT0iZmlsbDojZDkzZDFiIiBkPSJt + + NjggMjEyLjQgMzY0LjEtNTN2NDcuOEw2OCAyNjAuMXoiLz4KICAgICAgICA8L2c+CiAgICA8L3N3 + + aXRjaD4KPC9zdmc+Cg== + + ' + mediatype: image/svg+xml + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - '' + - apps + - extensions + - rbac.authorization.k8s.io + - batch + resources: + - pods + - pods/exec + - pods/log + - services + - endpoints + - endpoints/restricted + - persistentvolumeclaims + - configmaps + - secrets + - deployments + - statefulsets + - serviceaccounts + - namespaces + - roles + - rolebindings + - events + - cronjobs + - persistentvolumeclaims + - jobs + verbs: + - get + - list + - watch + - update + - create + - delete + - patch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - apiGroups: + - stackgres.io + resources: + - sgclusters + - sgpgconfigs + - sginstanceprofiles + - sgpoolconfigs + - sgbackupconfigs + - sgbackups + - sgdistributedlogs + - sgdbops + - sgobjectstorages + - sgscripts + - sgshardedclusters + - sgshardedbackups + - sgshardeddbops + - sgconfigs + - sgconfigs/status + verbs: + - create + - watch + - list + - get + - update + - patch + - delete + - apiGroups: + - stackgres.io + resources: + - sgclusters/status + - sgdistributedlogs/status + verbs: + - update + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - sgconfigs.stackgres.io + - sgclusters.stackgres.io + - sginstanceprofiles.stackgres.io + - sgpgconfigs.stackgres.io + - sgpoolconfigs.stackgres.io + - sgbackups.stackgres.io + - sgbackupconfigs.stackgres.io + - sgobjectstorages.stackgres.io + - sgdbops.stackgres.io + - sgdistributedlogs.stackgres.io + - sgshardedclusters.stackgres.io + - sgshardedbackups.stackgres.io + - sgshardeddbops.stackgres.io + - sgscripts.stackgres.io + resources: + - customresourcedefinitions + verbs: + - get + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - prometheuses.monitoring.coreos.com + resources: + - customresourcedefinitions + verbs: + - get + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + - podmonitors + verbs: + - list + - get + - create + - delete + - update + - patch + - apiGroups: + - monitoring.coreos.com + resources: + - prometheus + - prometheuses + - podmonitors + verbs: + - list + - get + - apiGroups: + - operators.coreos.com + resources: + - operators + verbs: + - list + - get + - apiGroups: + - certificates.k8s.io + resourceNames: + - stackgres + - stackgres-operator + resources: + - certificatesigningrequests + verbs: + - delete + - apiGroups: + - apps + - batch + resources: + - deployments + - jobs + verbs: + - list + - delete + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - stackgres + - stackgres-operator + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - delete + - apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - stackgres + - stackgres-operator + - stackgres-restapi + - stackgres-restapi-admin + resources: + - clusterrolebindings + - clusterroles + verbs: + - delete + - apiGroups: + - '' + resourceNames: + - stackgres + - stackgres-certs + - stackgres-web-certs + - stackgres-service-certs + - stackgres-restapi + - stackgres-restapi-nginx + - stackgres-grafana-dashboard + - stackgres-operator + - stackgres-operator-certs + - stackgres-operator-web-certs + - stackgres-operator-service-certs + - stackgres-operator-grafana-dashboard + resources: + - configmap + - secret + verbs: + - delete + serviceAccountName: stackgres-operator + deployments: + - label: + app: stackgres-operator + app.kubernetes.io/component: operator + app.kubernetes.io/created-by: stackgres + app.kubernetes.io/instance: operator + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: stackgres + group: stackgres.io + name: stackgres-operator + spec: + replicas: 1 + selector: + matchLabels: + app: stackgres-operator + group: stackgres.io + strategy: {} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: operator + labels: + app: stackgres-operator + group: stackgres.io + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - env: + - name: REMOVE_OLD_OPERATOR_BUNDLE_RESOURCES + value: 'true' + - name: INSTALL_CONFIG + value: 'true' + - name: OPERATOR_CERT_FILE + value: /tmp/k8s-webhook-server/serving-certs/tls.crt + - name: OPERATOR_KEY_FILE + value: /tmp/k8s-webhook-server/serving-certs/tls.key + - name: OPERATOR_NAME + value: stackgres-operator + - name: OPERATOR_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: OPERATOR_IMAGE_VERSION + value: 1.6.0 + - name: OPERATOR_SERVICE_ACCOUNT + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.serviceAccountName + - name: OPERATOR_POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: OPERATOR_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: OPERATOR_VERSION + value: 1.6.0 + image: quay.io/stackgres/operator:1.6.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /q/health/live + port: 8080 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 60 + timeoutSeconds: 10 + name: operator + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8443 + name: https + protocol: TCP + readinessProbe: + httpGet: + path: /q/health/ready + port: 8080 + scheme: HTTP + periodSeconds: 2 + timeoutSeconds: 1 + resources: + limits: + cpu: '1' + memory: 512Mi + requests: + cpu: 10m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + serviceAccountName: stackgres-operator + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: stackgres-operator-cert + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - postgresql + - postgres + - database + - sql + - rdbms + - open source + - ongres + labels: + operatorframework.io/arch.amd64: supported + operatorframework.io/arch.arm64: supported + operatorframework.io/os.linux: supported + links: + - name: StackGres Web + url: https://stackgres.io + - name: StackGres Docs + url: https://stackgres.io/doc + maintainers: + - email: stackgres@ongres.com + name: OnGres + maturity: stable + minKubeVersion: 1.18.0 + provider: + name: OnGres + url: https://ongres.com + version: 1.6.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgbackups.stackgres.io + deploymentName: stackgres-operator + generateName: csgbackups.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgbackup + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgclusters.stackgres.io + deploymentName: stackgres-operator + generateName: csgclusters.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgcluster + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgconfigs.stackgres.io + deploymentName: stackgres-operator + generateName: csgconfigs.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgconfig + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgdbops.stackgres.io + deploymentName: stackgres-operator + generateName: csgdbops.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgdbops + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgdistributedlogs.stackgres.io + deploymentName: stackgres-operator + generateName: csgdistributedlogs.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgdistributedlogs + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sginstanceprofiles.stackgres.io + deploymentName: stackgres-operator + generateName: csginstanceprofiles.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sginstanceprofile + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgobjectstorages.stackgres.io + deploymentName: stackgres-operator + generateName: csgobjectstorages.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgobjectstorage + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgpgconfigs.stackgres.io + deploymentName: stackgres-operator + generateName: csgpgconfigs.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgpgconfig + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgpoolconfigs.stackgres.io + deploymentName: stackgres-operator + generateName: csgpoolconfigs.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgpoolconfig + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgscripts.stackgres.io + deploymentName: stackgres-operator + generateName: csgscripts.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgscript + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgshardedbackups.stackgres.io + deploymentName: stackgres-operator + generateName: csgshardedbackups.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgshardedbackup + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgshardedclusters.stackgres.io + deploymentName: stackgres-operator + generateName: csgshardedclusters.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgshardedcluster + - admissionReviewVersions: + - v1 + containerPort: 443 + conversionCRDs: + - sgshardeddbops.stackgres.io + deploymentName: stackgres-operator + generateName: csgshardeddbops.kb.io + sideEffects: None + targetPort: 8443 + type: ConversionWebhook + webhookPath: /stackgres/conversion/sgshardeddbops + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgbackup.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgbackups + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgbackup + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgbackup.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sgbackups + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgbackup + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgbackupconfig.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgbackupconfigs + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgbackupconfig + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgbackupconfig.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sgbackupconfigs + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgbackupconfig + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgcluster.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgclusters + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgcluster + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgcluster.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgclusters + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgcluster + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgdbops.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgdbops + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgdbops + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgdbops.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sgdbops + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgdbops + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgdistributedlogs.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgdistributedlogs + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgdistributedlogs + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgdistributedlogs.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sgdistributedlogs + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgdistributedlogs + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sginstanceprofile.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sginstanceprofiles + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sginstanceprofile + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sginstanceprofile.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sginstanceprofiles + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sginstanceprofile + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgobjectstorage.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgobjectstorages + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgobjectstorage + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgobjectstorage.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sgobjectstorages + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgobjectstorage + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgpgconfig.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgpgconfigs + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgpgconfig + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgpgconfig.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sgpgconfigs + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgpgconfig + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgpoolconfig.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgpoolconfigs + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgpoolconfig + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgpoolconfig.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sgpoolconfigs + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgpoolconfig + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgscripts.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgscripts + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgscript + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgscripts.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sgscripts + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgscript + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgshardedbackups.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgshardedbackups + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgshardedbackup + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgshardedbackups.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sgshardedbackups + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgshardedbackup + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgshardedclusters.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgshardedclusters + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgshardedcluster + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgshardedclusters.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sgshardedclusters + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgshardedcluster + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgshardeddbops.mutating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - sgshardeddbops + sideEffects: None + targetPort: 8443 + type: MutatingAdmissionWebhook + webhookPath: /stackgres/mutation/sgshardeddbops + - admissionReviewVersions: + - v1 + containerPort: 443 + deploymentName: stackgres-operator + failurePolicy: Fail + generateName: sgshardeddbops.validating-webhook.stackgres.io + rules: + - apiGroups: + - stackgres.io + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sgshardeddbops + sideEffects: None + targetPort: 8443 + type: ValidatingAdmissionWebhook + webhookPath: /stackgres/validation/sgshardeddbops + relatedImages: + - image: quay.io/ongres/kubectl:v1.25.14-build-6.27 + name: kubectl_1_25_14 + - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0 + name: kube-rbac-proxy_0_13_0 + - image: quay.io/stackgres/operator:1.6.0 + name: stackgres-operator + - image: quay.io/stackgres/restapi:1.6.0 + name: stackgres-restapi + - image: quay.io/stackgres/admin-ui:1.6.0 + name: stackgres-admin-ui + - image: quay.io/stackgres/jobs:1.6.0 + name: stackgres-jobs diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgbackups.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgbackups.yaml new file mode 100644 index 00000000000..e8673518c60 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgbackups.yaml @@ -0,0 +1,903 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgbackups.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGBackup + listKind: SGBackupList + plural: sgbackups + singular: sgbackup + shortNames: + - sgbkp + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - name: cluster + type: string + jsonPath: .spec.sgCluster + - name: managed + type: string + jsonPath: .spec.managedLifecycle + - name: status + type: string + jsonPath: .status.process.status + - name: pg-version + type: string + jsonPath: .status.backupInformation.postgresVersion + priority: 1 + - name: compressed-size + type: integer + format: byte + jsonPath: .status.backupInformation.size.compressed + priority: 1 + - name: timeline + type: string + jsonPath: .status.backupInformation.timeline + priority: 1 + schema: + openAPIV3Schema: + type: object + required: + - metadata + - spec + description: "A manual or automatically generated backup of an SGCluster\ + \ configured with backups.\n\nWhen a SGBackup is created a Job will perform\ + \ a full backup of the database and update the status of the SGBackup\n\ + \ with the all the information required to restore it and some stats (or\ + \ a failure message in case something unexpected\n happened).\nAfter an\ + \ SGBackup is created the same Job performs a reconciliation of the backups\ + \ by applying the retention window\n that has been configured in the SGCluster\ + \ and removing the backups with managed lifecycle and the WAL files older\n\ + \ than the ones that fit in the retention window. The reconciliation also\ + \ removes backups (excluding WAL files) that do\n not belongs to any SGBackup\ + \ (including copies). If the target storage is changed deletion of an\ + \ SGBackup backups with\n managed lifecycle and the WAL files older than\ + \ the ones that fit in the retention window and of backups that do not\n\ + \ belongs to any SGBackup will not be performed anymore on the previous\ + \ storage, only on the new target storage.\n" + properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 56 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + description: 'Name of the backup. Following [Kubernetes naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), + it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters + consisting of one or more lowercase labels separated by `.`. Where + each label is an alphanumeric (a-z, and 0-9) string, with the + `-` character allowed anywhere except the first or last character. + + + The name must be unique across all StackGres backups in the same + namespace. + + ' + spec: + type: object + properties: + sgCluster: + type: string + description: "The name of the `SGCluster` from which this backup\ + \ is/will be taken.\n\nIf this is a copy of an existing completed\ + \ backup in a different namespace\n the value must be prefixed\ + \ with the namespace of the source backup and a\n dot `.` (e.g.\ + \ `.`) or have the same value\n\ + \ if the source backup is also a copy.\n" + managedLifecycle: + type: boolean + description: "Indicate if this backup is permanent and should not\ + \ be removed by the automated\n retention policy. Default is `false`.\n" + status: + type: object + properties: + internalName: + type: string + description: 'The name of the backup. + + ' + backupPath: + type: string + description: 'The path were the backup is stored. + + ' + process: + type: object + properties: + status: + type: string + description: 'Status of the backup. + + ' + failure: + type: string + description: 'If the status is `failed` this field will contain + a message indicating the failure reason. + + ' + jobPod: + type: string + description: 'Name of the pod assigned to the backup. StackGres + utilizes internally a locking mechanism based on the pod name + of the job that creates the backup. + + ' + managedLifecycle: + type: boolean + description: 'Status (may be transient) until converging to + `spec.managedLifecycle`. + + ' + timing: + type: object + properties: + start: + type: string + description: 'Start time of backup. + + ' + end: + type: string + description: 'End time of backup. + + ' + stored: + type: string + description: 'Time at which the backup is safely stored + in the object storage. + + ' + backupInformation: + type: object + properties: + hostname: + type: string + description: 'Hostname of the instance where the backup is taken + from. + + ' + sourcePod: + type: string + description: 'Pod where the backup is taken from. + + ' + systemIdentifier: + type: string + description: 'Postgres *system identifier* of the cluster this + backup is taken from. + + ' + postgresVersion: + type: string + description: 'Postgres version of the server where the backup + is taken from. + + ' + pgData: + type: string + description: 'Data directory where the backup is taken from. + + ' + size: + type: object + properties: + uncompressed: + type: integer + format: int64 + description: 'Size (in bytes) of the uncompressed backup. + + ' + compressed: + type: integer + format: int64 + description: 'Size (in bytes) of the compressed backup. + + ' + lsn: + type: object + properties: + start: + type: string + description: 'LSN of when the backup started. + + ' + end: + type: string + description: 'LSN of when the backup finished. + + ' + startWalFile: + type: string + description: 'WAL segment file name when the backup was started. + + ' + timeline: + type: string + description: 'Backup timeline. + + ' + controlData: + type: object + description: 'An object containing data from the output of pg_controldata + on the backup. + + ' + properties: + pg_control version number: + type: string + Catalog version number: + type: string + Database system identifier: + type: string + Database cluster state: + type: string + pg_control last modified: + type: string + Latest checkpoint location: + type: string + Latest checkpoint's REDO location: + type: string + Latest checkpoint's REDO WAL file: + type: string + Latest checkpoint's TimeLineID: + type: string + Latest checkpoint's PrevTimeLineID: + type: string + Latest checkpoint's full_page_writes: + type: string + Latest checkpoint's NextXID: + type: string + Latest checkpoint's NextOID: + type: string + Latest checkpoint's NextMultiXactId: + type: string + Latest checkpoint's NextMultiOffset: + type: string + Latest checkpoint's oldestXID: + type: string + Latest checkpoint's oldestXID's DB: + type: string + Latest checkpoint's oldestActiveXID: + type: string + Latest checkpoint's oldestMultiXid: + type: string + Latest checkpoint's oldestMulti's DB: + type: string + Latest checkpoint's oldestCommitTsXid: + type: string + Latest checkpoint's newestCommitTsXid: + type: string + Time of latest checkpoint: + type: string + Fake LSN counter for unlogged rels: + type: string + Minimum recovery ending location: + type: string + Min recovery ending loc's timeline: + type: string + Backup start location: + type: string + Backup end location: + type: string + End-of-backup record required: + type: string + wal_level setting: + type: string + wal_log_hints setting: + type: string + max_connections setting: + type: string + max_worker_processes setting: + type: string + max_wal_senders setting: + type: string + max_prepared_xacts setting: + type: string + max_locks_per_xact setting: + type: string + track_commit_timestamp setting: + type: string + Maximum data alignment: + type: string + Database block size: + type: string + Blocks per segment of large relation: + type: string + WAL block size: + type: string + Bytes per WAL segment: + type: string + Maximum length of identifiers: + type: string + Maximum columns in an index: + type: string + Maximum size of a TOAST chunk: + type: string + Size of a large-object chunk: + type: string + Date/time type storage: + type: string + Float4 argument passing: + type: string + Float8 argument passing: + type: string + Data page checksum version: + type: string + Mock authentication nonce: + type: string + sgBackupConfig: + type: object + description: The name of the backup configuration used to perform + this backup. + properties: + baseBackups: + type: object + description: 'Back backups configuration. + + ' + properties: + cronSchedule: + type: string + description: 'Continuous Archiving backups are composed + of periodic *base backups* and all the WAL segments produced + in between those base backups. This parameter specifies + at what time and with what frequency to start performing + a new base backup. + + + Use cron syntax (`m h dom mon dow`) for this parameter, + i.e., 5 values separated by spaces: + + * `m`: minute, 0 to 59 + + * `h`: hour, 0 to 23 + + * `dom`: day of month, 1 to 31 (recommended not to set + it higher than 28) + + * `mon`: month, 1 to 12 + + * `dow`: day of week, 0 to 7 (0 and 7 both represent + Sunday) + + + Also ranges of values (`start-end`), the symbol `*` (meaning + `first-last`) or even `*/N`, where `N` is a number, meaning + every `N`, may be used. All times are UTC. It is recommended + to avoid 00:00 as base backup time, to avoid overlapping + with any other external operations happening at this time. + + + If not provided, full backups will be performed each day + at 05:00 UTC + + ' + retention: + type: integer + minimum: 1 + description: 'Based on this parameter, an automatic retention + policy is defined to delete old base backups. + + This parameter specifies the number of base backups to + keep, in a sliding window. + + Consequently, the time range covered by backups is `periodicity*retention`, + where `periodicity` is the separation between backups + as specified by the `cronSchedule` property. + + + Default is 5. + + ' + compression: + type: string + description: 'Select the backup compression algorithm. Possible + options are: lz4, lzma, brotli. The default method is + `lz4`. LZ4 is the fastest method, but compression ratio + is the worst. LZMA is way slower, but it compresses backups + about 6 times better than LZ4. Brotli is a good trade-off + between speed and compression ratio, being about 3 times + better than LZ4. + + ' + enum: + - lz4 + - lzma + - brotli + performance: + type: object + properties: + maxNetworkBandwitdh: + type: integer + description: '**Deprecated**: use instead maxNetworkBandwidth. + + + Maximum storage upload bandwidth to be used when storing + the backup. In bytes (per second). + + ' + maxDiskBandwitdh: + type: integer + description: '**Deprecated**: use instead maxDiskBandwidth. + + + Maximum disk read I/O when performing a backup. In + bytes (per second). + + ' + maxNetworkBandwidth: + type: integer + description: 'Maximum storage upload bandwidth to be + used when storing the backup. In bytes (per second). + + ' + maxDiskBandwidth: + type: integer + description: 'Maximum disk read I/O when performing + a backup. In bytes (per second). + + ' + uploadDiskConcurrency: + type: integer + minimum: 1 + description: 'Backup storage may use several concurrent + streams to store the data. This parameter configures + the number of parallel streams to use to reading from + disk. By default, it''s set to 1 (use one stream). + + ' + uploadConcurrency: + type: integer + minimum: 1 + description: 'Backup storage may use several concurrent + streams to store the data. This parameter configures + the number of parallel streams to use. By default, + it''s set to 1 (use one stream). + + ' + compression: + type: string + description: 'Select the backup compression algorithm. Possible + options are: lz4, lzma, brotli. The default method is `lz4`. + LZ4 is the fastest method, but compression ratio is the worst. + LZMA is way slower, but it compresses backups about 6 times + better than LZ4. Brotli is a good trade-off between speed + and compression ratio, being about 3 times better than LZ4. + + ' + enum: + - lz4 + - lzma + - brotli + storage: + type: object + description: 'Backup storage configuration. + + ' + properties: + type: + type: string + enum: + - s3 + - s3Compatible + - gcs + - azureBlob + description: 'Specifies the type of object storage used + for storing the base backups and WAL segments. + + Possible values: + + * `s3`: Amazon Web Services S3 (Simple Storage Service). + + * `s3Compatible`: non-AWS services that implement a compatibility + API with AWS S3. + + * `gcs`: Google Cloud Storage. + + * `azureBlob`: Microsoft Azure Blob Storage. + + ' + s3: + type: object + description: 'Amazon Web Services S3 configuration. + + ' + properties: + bucket: + type: string + pattern: ^[^/]+(/[^/]*)*$ + description: 'AWS S3 bucket name. + + ' + path: + type: string + pattern: ^(/[^/]*)*$ + description: 'Optional path within the S3 bucket. Note + that StackGres generates in any case a folder per + + StackGres cluster, using the `SGCluster.metadata.name`. + + ' + region: + type: string + description: 'AWS S3 region. The Region may be detected + using s3:GetBucketLocation, but to avoid giving permissions + to this API call or forbid it from the applicable + IAM policy, this property must be explicitely specified. + + ' + storageClass: + type: string + description: '[Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) + used for the backup object storage. By default, the + `STANDARD` storage class is used. Other supported + values include `STANDARD_IA` for Infrequent Access + and `REDUCED_REDUNDANCY`. + + ' + awsCredentials: + type: object + description: 'Credentials to access AWS S3 for writing + and reading. + + ' + properties: + secretKeySelectors: + type: object + description: 'Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core)s + to reference the Secrets that contain the information + about the `awsCredentials`. + + ' + properties: + accessKeyId: + type: object + description: '[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + containing the AWS Access Key ID secret. + + ' + properties: + key: + type: string + description: 'The key of the secret to select + from. Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More + information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + secretAccessKey: + type: object + description: '[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + containing the AWS Secret Access Key secret. + + ' + properties: + key: + type: string + description: 'The key of the secret to select + from. Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More + information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + required: + - accessKeyId + - secretAccessKey + required: + - secretKeySelectors + required: + - bucket + - awsCredentials + s3Compatible: + type: object + description: AWS S3-Compatible API configuration + properties: + bucket: + type: string + pattern: ^[^/]+(/[^/]*)*$ + description: 'Bucket name. + + ' + path: + type: string + pattern: ^(/[^/]*)*$ + description: 'Optional path within the S3 bucket. Note + that StackGres generates in any case a folder per + StackGres cluster, using the `SGCluster.metadata.name`. + + ' + enablePathStyleAddressing: + type: boolean + description: 'Enable path-style addressing (i.e. `http://s3.amazonaws.com/BUCKET/KEY`) + when connecting to an S3-compatible service that lacks + support for sub-domain style bucket URLs (i.e. `http://BUCKET.s3.amazonaws.com/KEY`). + Defaults to false. + + ' + endpoint: + type: string + description: 'Overrides the default url to connect to + an S3-compatible service. + + For example: `http://s3-like-service:9000`. + + ' + region: + type: string + description: 'AWS S3 region. The Region may be detected + using s3:GetBucketLocation, but to avoid giving permissions + to this API call or forbid it from the applicable + IAM policy, this property must be explicitely specified. + + ' + storageClass: + type: string + description: '[Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) + used for the backup object storage. By default, the + `STANDARD` storage class is used. Other supported + values include `STANDARD_IA` for Infrequent Access + and `REDUCED_REDUNDANCY`. + + ' + awsCredentials: + type: object + description: 'Credentials to access AWS S3 for writing + and reading. + + ' + properties: + secretKeySelectors: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + to reference the Secrets that contain the information + about the `awsCredentials`. + + ' + properties: + accessKeyId: + type: object + description: '[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + containing the AWS Access Key ID secret. + + ' + properties: + key: + type: string + description: 'The key of the secret to select + from. Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More + information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + secretAccessKey: + type: object + description: '[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + containing the AWS Secret Access Key secret. + + ' + properties: + key: + type: string + description: 'The key of the secret to select + from. Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More + information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + required: + - accessKeyId + - secretAccessKey + required: + - secretKeySelectors + required: + - bucket + - awsCredentials + gcs: + type: object + description: 'Google Cloud Storage configuration. + + ' + properties: + bucket: + type: string + pattern: ^[^/]+(/[^/]*)*$ + description: 'GCS bucket name. + + ' + path: + type: string + pattern: ^(/[^/]*)*$ + description: 'Optional path within the GCS bucket. Note + that StackGres generates in any case a folder per + StackGres cluster, using the `SGCluster.metadata.name`. + + ' + gcpCredentials: + type: object + description: 'Credentials to access GCS for writing + and reading. + + ' + properties: + fetchCredentialsFromMetadataService: + type: boolean + description: 'If true, the credentials will be fetched + from the GCE/GKE metadata service and the credentials + from `secretKeySelectors` field will not be used. + + + This is useful when running StackGres inside a + GKE cluster using [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity). + + ' + secretKeySelectors: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + to reference the Secrets that contain the information + about the Service Account to access GCS. + + ' + properties: + serviceAccountJSON: + type: object + description: 'A service account key from GCP. + In JSON format, as downloaded from the GCP + Console. + + ' + properties: + key: + type: string + description: 'The key of the secret to select + from. Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More + information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + required: + - serviceAccountJSON + required: + - bucket + - gcpCredentials + azureBlob: + type: object + description: 'Azure Blob Storage configuration. + + ' + properties: + bucket: + type: string + pattern: ^[^/]+(/[^/]*)*$ + description: 'Azure Blob Storage bucket name. + + ' + path: + type: string + pattern: ^(/[^/]*)*$ + description: 'Optional path within the Azure Blobk bucket. + Note that StackGres generates in any case a folder + per StackGres cluster, using the `SGCluster.metadata.name`. + + ' + azureCredentials: + type: object + description: 'Credentials to access Azure Blob Storage + for writing and reading. + + ' + properties: + secretKeySelectors: + type: object + description: 'Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core)s + to reference the Secrets that contain the information + about the `azureCredentials`. + + ' + properties: + storageAccount: + type: object + description: '[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + containing the name of the storage account. + + ' + properties: + key: + type: string + description: 'The key of the secret to select + from. Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More + information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + accessKey: + type: object + description: '[SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + containing the primary or secondary access + key for the storage account. + + ' + properties: + key: + type: string + description: 'The key of the secret to select + from. Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More + information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + required: + - storageAccount + - accessKey + required: + - bucket + - azureCredentials + required: + - type + required: + - storage + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgbackup + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgclusters.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgclusters.yaml new file mode 100644 index 00000000000..d57b8ca6cc8 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgclusters.yaml @@ -0,0 +1,8497 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgclusters.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGCluster + listKind: SGClusterList + plural: sgclusters + singular: sgcluster + shortNames: + - sgclu + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - name: version + type: string + jsonPath: .spec.postgres.version + - name: instances + type: integer + jsonPath: .spec.instances + - name: Profile + type: string + jsonPath: .spec.sgInstanceProfile + - name: Disk + type: string + jsonPath: .spec.pods.persistentVolume.size + - name: prometheus-autobind + type: string + jsonPath: .spec.prometheusAutobind + priority: 1 + - name: pool-config + type: string + jsonPath: .spec.configurations.sgPoolingConfig + priority: 1 + - name: postgres-config + type: string + jsonPath: .spec.configurations.sgPostgresConfig + priority: 1 + schema: + openAPIV3Schema: + type: object + required: + - metadata + - spec + properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 44 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + description: 'Name of the StackGres cluster. Following [Kubernetes + naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), + it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters + consisting of one or more lowercase labels separated by `.`. Where + each label is an alphanumeric (a-z, and 0-9) string, with the + `-` character allowed anywhere except the first or last character. + + + The name must be unique across all SGCluster, SGShardedCluster + and SGDistributedLogs in the same namespace. + + ' + spec: + type: object + description: 'Specification of the desired behavior of a StackGres cluster. + + ' + properties: + profile: + type: string + description: "The profile allow to change in a convenient place\ + \ a set of configuration defaults that affect how the cluster\ + \ is generated.\n\nAll those defaults can be overwritten by setting\ + \ the correspoinding fields.\n\nAvailable profiles are:\n\n* `production`:\n\ + \n Prevents two Pods from running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `false` by default).\n Sets both limits and requests using\ + \ `SGInstanceProfile` for `patroni` container that runs both Patroni\ + \ and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced\ + \ `SGInstanceProfile` for sidecar containers other than `patroni`\ + \ (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `testing`:\n\n Allows two Pods\ + \ to running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Sets both limits and requests using\ + \ `SGInstanceProfile` for `patroni` container that runs both Patroni\ + \ and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced\ + \ `SGInstanceProfile` for sidecar containers other than `patroni`\ + \ (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `development`:\n\n Allows two\ + \ Pods from running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Unset both limits and requests for\ + \ `patroni` container that runs both Patroni and Postgres (set\ + \ `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `true` by default).\n Unsets requests for sidecar containers\ + \ other than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `true` by default).\n\n**Changing this field may require\ + \ a restart.**\n" + default: production + postgres: + type: object + description: 'This section allows to configure Postgres features + + ' + properties: + version: + type: string + description: 'Postgres version used on the cluster. It is either + of: + + * The string ''latest'', which automatically sets the latest + major.minor Postgres version. + + * A major version, like ''14'' or ''13'', which sets that + major version and the latest minor version. + + * A specific major.minor version, like ''14.4''. + + ' + flavor: + type: string + description: "Postgres flavor used on the cluster. It is either\ + \ of:\n\n * `vanilla` will use the [Official Postgres](https://www.postgresql.org/)\n\ + \ * `babelfish` will use the [Babelfish for Postgres](https://babelfish-for-postgresql.github.io/babelfish-for-postgresql/).\n\ + \nIf not specified then the vanilla Postgres will be used\ + \ for the cluster.\n\n**This field can only be set on creation.**\n" + default: vanilla + extensions: + type: array + description: "StackGres support deploy of extensions at runtime\ + \ by simply adding an entry to this array. A deployed extension\ + \ still\nrequires the creation in a database using the [`CREATE\ + \ EXTENSION`](https://www.postgresql.org/docs/current/sql-createextension.html)\n\ + statement. After an extension is deployed correctly it will\ + \ be present until removed and the cluster restarted.\n\n\ + A cluster restart is required for:\n* Extensions that requires\ + \ to add an entry to [`shared_preload_libraries`](https://postgresqlco.nf/en/doc/param/shared_preload_libraries/)\ + \ configuration parameter.\n* Upgrading extensions that overwrite\ + \ any file that is not the extension''s control file or extension''s\ + \ script file.\n* Removing extensions. Until the cluster is\ + \ not restarted a removed extension will still be available.\n\ + * Install of extensions that require extra mount. After installed\ + \ the cluster will require to be restarted.\n\n**Example:**\n\ + \n``` yaml\napiVersion: stackgres.io/v1\nkind: SGCluster\n\ + metadata:\n name: stackgres\nspec:\n postgres:\n extensions:\n\ + \ - {name: 'timescaledb', version: '2.3.1'}\n```\n" + items: + type: object + properties: + name: + type: string + description: The name of the extension to deploy. + publisher: + type: string + description: The id of the publisher of the extension + to deploy. If not specified `com.ongres` will be used + by default. + default: com.ongres + version: + type: string + description: The version of the extension to deploy. If + not specified version of `stable` channel will be used + by default and if only a version is available that one + will be used. + repository: + type: string + description: 'The repository base URL from where to obtain + the extension to deploy. + + + **This section is filled by the operator.** + + ' + required: + - name + ssl: + type: object + description: "This section allows to use SSL when connecting\ + \ to Postgres\n\n**Example:**\n\n```yaml\napiVersion: stackgres.io/v1\n\ + kind: SGCluster\nmetadata:\n name: stackgres\nspec:\n postgres:\n\ + \ ssl:\n enabled: true\n certificateSecretKeySelector:\n\ + \ name: stackgres-secrets\n key: cert\n \ + \ privateKeySecretKeySelector:\n name: stackgres-secrets\n\ + \ key: key\n```\n" + properties: + enabled: + type: boolean + description: 'Allow to enable SSL for connections to Postgres. + By default is `false`. + + + If `true` certificate and private key will be auto-generated + unless fields `certificateSecretKeySelector` and `privateKeySecretKeySelector` + are specified. + + ' + certificateSecretKeySelector: + type: object + description: 'Secret key selector for the certificate or + certificate chain used for SSL connections. + + ' + properties: + name: + type: string + description: 'The name of Secret that contains the certificate + or certificate chain for SSL connections + + ' + key: + type: string + description: 'The key of Secret that contains the certificate + or certificate chain for SSL connections + + ' + required: + - name + - key + privateKeySecretKeySelector: + type: object + description: 'Secret key selector for the private key used + for SSL connections. + + ' + properties: + name: + type: string + description: 'The name of Secret that contains the private + key for SSL connections + + ' + key: + type: string + description: 'The key of Secret that contains the private + key for SSL connections + + ' + required: + - name + - key + required: + - version + instances: + type: integer + minimum: 1 + maximum: 16 + description: "Number of StackGres instances for the cluster. Each\ + \ instance contains one Postgres server.\n Out of all of the\ + \ Postgres servers, one is elected as the primary, the rest remain\ + \ as read-only replicas.\n" + replication: + type: object + description: "This section allows to configure Postgres replication\ + \ mode and HA roles groups.\n\nThe main replication group is implicit\ + \ and contains the total number of instances less the sum of all\n\ + \ instances in other replication groups.\n\nThe total number\ + \ of instances is always specified by `.spec.instances`.\n" + properties: + mode: + type: string + description: "The replication mode applied to the whole cluster.\n\ + Possible values are:\n* `async` (default)\n* `sync`\n* `strict-sync`\n\ + * `sync-all`\n* `strict-sync-all`\n\n**async**\n\nWhen in\ + \ asynchronous mode the cluster is allowed to lose some committed\ + \ transactions.\n When the primary server fails or becomes\ + \ unavailable for any other reason a sufficiently healthy\ + \ standby\n will automatically be promoted to primary. Any\ + \ transactions that have not been replicated to that standby\n\ + \ remain in a \"forked timeline\" on the primary, and are\ + \ effectively unrecoverable (the data is still there,\n but\ + \ recovering it requires a manual recovery effort by data\ + \ recovery specialists).\n\n**sync**\n\nWhen in synchronous\ + \ mode a standby will not be promoted unless it is certain\ + \ that the standby contains all\n transactions that may have\ + \ returned a successful commit status to client (clients can\ + \ change the behavior\n per transaction using PostgreSQL’s\ + \ `synchronous_commit` setting. Transactions with `synchronous_commit`\n\ + \ values of `off` and `local` may be lost on fail over, but\ + \ will not be blocked by replication delays). This\n means\ + \ that the system may be unavailable for writes even though\ + \ some servers are available. System\n administrators can\ + \ still use manual failover commands to promote a standby\ + \ even if it results in transaction\n loss.\n\nSynchronous\ + \ mode does not guarantee multi node durability of commits\ + \ under all circumstances. When no suitable\n standby is\ + \ available, primary server will still accept writes, but\ + \ does not guarantee their replication. When\n the primary\ + \ fails in this mode no standby will be promoted. When the\ + \ host that used to be the primary comes\n back it will get\ + \ promoted automatically, unless system administrator performed\ + \ a manual failover. This behavior\n makes synchronous mode\ + \ usable with 2 node clusters.\n\nWhen synchronous mode is\ + \ used and a standby crashes, commits will block until the\ + \ primary is switched to standalone\n mode. Manually shutting\ + \ down or restarting a standby will not cause a commit service\ + \ interruption. Standby will\n signal the primary to release\ + \ itself from synchronous standby duties before PostgreSQL\ + \ shutdown is initiated.\n\n**strict-sync**\n\nWhen it is\ + \ absolutely necessary to guarantee that each write is stored\ + \ durably on at least two nodes, use the strict\n synchronous\ + \ mode. This mode prevents synchronous replication to be switched\ + \ off on the primary when no synchronous\n standby candidates\ + \ are available. As a downside, the primary will not be available\ + \ for writes (unless the Postgres\n transaction explicitly\ + \ turns off `synchronous_mode` parameter), blocking all client\ + \ write requests until at least one\n synchronous replica\ + \ comes up.\n\n**Note**: Because of the way synchronous replication\ + \ is implemented in PostgreSQL it is still possible to lose\n\ + \ transactions even when using strict synchronous mode. If\ + \ the PostgreSQL backend is cancelled while waiting to acknowledge\n\ + \ replication (as a result of packet cancellation due to\ + \ client timeout or backend failure) transaction changes become\n\ + \ visible for other backends. Such changes are not yet replicated\ + \ and may be lost in case of standby promotion.\n\n**sync-all**\n\ + \nThe same as `sync` but `syncInstances` is ignored and the\ + \ number of synchronous instances is equals to the total number\n\ + \ of instances less one.\n\n**strict-sync-all**\n\nThe same\ + \ as `strict-sync` but `syncInstances` is ignored and the\ + \ number of synchronous instances is equals to the total number\n\ + \ of instances less one.\n" + default: async + role: + type: string + description: 'This role is applied to the instances of the implicit + replication group that is composed by `.spec.instances` number + of instances. + + Possible values are: + + * `ha-read` (default) + + * `ha` + + The primary instance will be elected among all the replication + groups that are either `ha` or `ha-read`. + + Only if the role is set to `ha-read` instances of main replication + group will be exposed via the replicas service. + + ' + default: ha-read + syncInstances: + type: integer + minimum: 1 + description: "Number of synchronous standby instances. Must\ + \ be less than the total number of instances. It is set to\ + \ 1 by default.\n Only setteable if mode is `sync` or `strict-sync`.\n" + default: 1 + groups: + type: array + description: "StackGres support replication groups where a replication\ + \ group of a specified number of instances could have different\n\ + \ replication role. The main replication group is implicit\ + \ and contains the total number of instances less the sum\ + \ of all\n instances in other replication groups.\n" + items: + type: object + properties: + name: + type: string + description: The name of the replication group. If not + set will default to the `group-`. + role: + type: string + description: 'This role is applied to the instances of + this replication group. + + Possible values are: + + * `ha-read` + + * `ha` + + * `readonly` + + * `none` + + The primary instance will be elected among all the replication + groups that are either `ha` or `ha-read`. + + Only if the role is set to `readonly` or `ha-read` instances + of such replication group will be exposed via the replicas + service. + + ' + instances: + type: integer + minimum: 1 + maximum: 16 + description: "Number of StackGres instances for this replication\ + \ group.\n\nThe total number of instance of a cluster\ + \ is always `.spec.instances`. The sum of the instances\ + \ in the replication group must be\n less than the\ + \ total number of instances.\n" + required: + - role + - instances + sgInstanceProfile: + type: string + description: 'Name of the [SGInstanceProfile](https://stackgres.io/doc/latest/reference/crd/sginstanceprofile/). + + + A SGInstanceProfile defines CPU and memory limits. Must exist + before creating a cluster. + + + When no profile is set, a default (1 core, 2 GiB RAM) one is used. + + + **Changing this field may require a restart.** + + ' + metadata: + type: object + description: Metadata information from cluster created resources. + properties: + annotations: + type: object + description: "Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)\ + \ to be passed to resources created and managed by StackGres.\n\ + \n**Example:**\n\n```yaml\napiVersion: stackgres.io/v1\nkind:\ + \ SGCluster\nmetadata:\n name: stackgres\nspec:\n metadata:\n\ + \ annotations:\n clusterPods:\n customAnnotations:\ + \ customAnnotationValue\n primaryService:\n customAnnotations:\ + \ customAnnotationValue\n replicasService:\n customAnnotations:\ + \ customAnnotationValue\n```\n" + properties: + allResources: + type: object + description: Annotations to attach to any resource created + or managed by StackGres. + additionalProperties: + type: string + clusterPods: + type: object + description: Annotations to attach to pods created or managed + by StackGres. + additionalProperties: + type: string + services: + type: object + description: Annotations to attach to all services created + or managed by StackGres. + additionalProperties: + type: string + primaryService: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + passed to the `-primary` service. + additionalProperties: + type: string + replicasService: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + passed to the `-replicas` service. + additionalProperties: + type: string + labels: + type: object + description: "Custom Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)\ + \ to be passed to resources created and managed by StackGres.\n\ + \n**Example:**\n\n```yaml\napiVersion: stackgres.io/v1\nkind:\ + \ SGCluster\nmetadata:\n name: stackgres\nspec:\n metadata:\n\ + \ labels:\n clusterPods:\n customLabel: customLabelValue\n\ + \ services:\n customLabel: customLabelValue\n\ + ```\n" + properties: + clusterPods: + type: object + description: Labels to attach to Pods created or managed + by StackGres. + additionalProperties: + type: string + services: + type: object + description: Labels to attach to Services and Endpoints + created or managed by StackGres. + additionalProperties: + type: string + postgresServices: + type: object + description: Kubernetes [services](https://kubernetes.io/docs/concepts/services-networking/service/) + created or managed by StackGres. + properties: + primary: + type: object + description: "Configure the service to the primary with the\ + \ same name as the SGCluster. A legacy service \n\nProvides\ + \ a stable connection (regardless of primary failures or switchovers)\ + \ to the read-write Postgres server of the cluster.\n\nSee\ + \ also https://kubernetes.io/docs/concepts/services-networking/service/\n" + properties: + enabled: + type: boolean + description: Specify if the service should be created or + not. + default: true + type: + type: string + enum: + - ClusterIP + - LoadBalancer + - NodePort + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid + + options are ClusterIP, NodePort, and LoadBalancer. "ClusterIP" + allocates + + a cluster-internal IP address for load-balancing to endpoints. + + "NodePort" builds on ClusterIP and allocates a port on + every node. + + "LoadBalancer" builds on NodePort and creates + + an external load-balancer (if supported in the current + cloud). + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + + ' + default: ClusterIP + customPorts: + type: array + description: "The list of custom ports that will be exposed\ + \ by the service.\n\nThe names of custom ports will be\ + \ prefixed with the string `custom-` so they do not\n\ + \ conflict with ports defined for the service.\n\nThe\ + \ names of target ports will be prefixed with the string\ + \ `custom-` so that the ports\n that can be referenced\ + \ in this section will be only those defined under\n \ + \ .spec.pods.customContainers[].ports sections were names\ + \ are also prepended with the same\n prefix.\n\n**Changing\ + \ this field may require a restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#serviceport-v1-core\n" + items: + description: "A custom port that will be exposed by the\ + \ service.\n\nThe name of the custom port will be prefixed\ + \ with the string `custom-` so it does not\n conflict\ + \ with ports defined for the service.\nm\nThe name of\ + \ target port will be prefixed with the string `custom-`\ + \ so that the port\n that can be referenced in this\ + \ section will be only those defined under\n .spec.pods.customContainers[].ports\ + \ sections were names are also prepended with the same\n\ + \ prefix.\n \nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#serviceport-v1-core\n" + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + description: "IntOrString is a type that can hold\ + \ an int32 or a string. When\n used in JSON or\ + \ YAML marshalling and unmarshalling, it produces\n\ + \ or consumes the inner type. This allows you to\ + \ have, for example,\n a JSON field that can accept\ + \ a name or number.\n\nThe name will be prefixed\ + \ with the string `custom-` so that the target port\ + \ that can be\n referenced will be only those defined\ + \ under .spec.pods.customContainers[].ports sections\n\ + \ were names are also prepended with the same prefix.\n" + format: int-or-string + type: string + required: + - port + type: object + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts + will be automatically allocated for services with type + LoadBalancer. Default is "true". It may be set to "false" + if the cluster load-balancer does not rely on NodePorts. If + the caller requests specific NodePorts (by specifying + a value), those requests will be respected, regardless + of this field. This field may only be set for services + with type LoadBalancer and will be cleared if the type + is changed to any other type. + type: boolean + externalIPs: + description: externalIPs is a list of IP addresses for which + nodes in the cluster will also accept traffic for this + service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalTrafficPolicy: + description: 'externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service''s "externally-facing" addresses (NodePorts, ExternalIPs, + and LoadBalancer IPs). If set to "Local", the proxy will + configure the service in a way that assumes that external + load balancers will take care of balancing the service + traffic between nodes, and so each node will deliver traffic + only to the node-local endpoints of the service, without + masquerading the client source IP. (Traffic mistakenly + sent to a node with no endpoints will be dropped.) The + default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by + topology and other features). Note that traffic sent to + an External IP or LoadBalancer IP from within the cluster + will always get "Cluster" semantics, but clients sending + to a NodePort from within the cluster may need to take + traffic policy into account when picking a node. + + + ' + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is set + to Local. If a value is specified, is in-range, and is + not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. + load-balancers) can use this port to determine if a given + node holds endpoints for this service or not. If this + field is specified when creating a Service which does + not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing + type). This field cannot be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy describes how nodes distribute + service traffic they receive on the ClusterIP. If set + to "Local", the proxy will assume that pods only want + to talk to endpoints of the service on the same node as + the pod, dropping the traffic if there are no local endpoints. + The default value, "Cluster", uses the standard behavior + of routing to all endpoints evenly (possibly modified + by topology and other features). + type: string + ipFamilies: + description: 'IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is usually + assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are "IPv4" and + "IPv6". This field only applies to Services of types + ClusterIP, NodePort, and LoadBalancer, and does apply + to "headless" services. This field will be wiped when + updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), "PreferDualStack" + (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend on + the value of this field. This field will be wiped when + updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If specified, + the value of this field must be a label-style identifier, + with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". + Unprefixed names are reserved for end-users. This field + can only be set when the Service type is 'LoadBalancer'. + If not set, the default load balancer implementation is + used, today this is typically done through the cloud provider + integration, but should apply for any default implementation. + If set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any default + load balancer implementation (e.g. cloud providers) should + ignore Services that set this field. This field can only + be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped + when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field was + under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific annotations + when available. This field may be removed in a future + API version.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain + session affinity. Enable client IP based session affinity. + Must be ClientIP or None. Defaults to None. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + + + ' + type: string + sessionAffinityConfig: + description: SessionAffinityConfig represents the configurations + of session affinity. + properties: + clientIP: + description: ClientIPConfig represents the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + replicas: + type: object + description: 'Configure the service to any replica with the + name as the SGCluster plus the `-replicas` suffix. + + + It provides a stable connection (regardless of replica node + failures) to any read-only Postgres server of the cluster. + Read-only servers are load-balanced via this service. + + + See also https://kubernetes.io/docs/concepts/services-networking/service/ + + ' + properties: + enabled: + type: boolean + description: Specify if the service should be created or + not. + default: true + type: + type: string + enum: + - ClusterIP + - LoadBalancer + - NodePort + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid + + options are ClusterIP, NodePort, and LoadBalancer. "ClusterIP" + allocates + + a cluster-internal IP address for load-balancing to endpoints. + + "NodePort" builds on ClusterIP and allocates a port on + every node. + + "LoadBalancer" builds on NodePort and creates + + an external load-balancer (if supported in the current + cloud). + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + + ' + default: ClusterIP + customPorts: + type: array + description: "The list of custom ports that will be exposed\ + \ by the service.\n\nThe names of custom ports will be\ + \ prefixed with the string `custom-` so they do not\n\ + \ conflict with ports defined for the service.\n\nThe\ + \ names of target ports will be prefixed with the string\ + \ `custom-` so that the ports\n that can be referenced\ + \ in this section will be only those defined under\n \ + \ .spec.pods.customContainers[].ports sections were names\ + \ are also prepended with the same\n prefix.\n\n**Changing\ + \ this field may require a restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#serviceport-v1-core\n" + items: + description: "A custom port that will be exposed by the\ + \ service.\n\nThe name of the custom port will be prefixed\ + \ with the string `custom-` so it does not\n conflict\ + \ with ports defined for the service.\nm\nThe name of\ + \ target port will be prefixed with the string `custom-`\ + \ so that the port\n that can be referenced in this\ + \ section will be only those defined under\n .spec.pods.customContainers[].ports\ + \ sections were names are also prepended with the same\n\ + \ prefix.\n \nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#serviceport-v1-core\n" + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + description: "IntOrString is a type that can hold\ + \ an int32 or a string. When\n used in JSON or\ + \ YAML marshalling and unmarshalling, it produces\n\ + \ or consumes the inner type. This allows you to\ + \ have, for example,\n a JSON field that can accept\ + \ a name or number.\n\nThe name will be prefixed\ + \ with the string `custom-` so that the target port\ + \ that can be\n referenced will be only those defined\ + \ under .spec.pods.customContainers[].ports sections\n\ + \ were names are also prepended with the same prefix.\n" + format: int-or-string + type: string + required: + - port + type: object + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if NodePorts + will be automatically allocated for services with type + LoadBalancer. Default is "true". It may be set to "false" + if the cluster load-balancer does not rely on NodePorts. If + the caller requests specific NodePorts (by specifying + a value), those requests will be respected, regardless + of this field. This field may only be set for services + with type LoadBalancer and will be cleared if the type + is changed to any other type. + type: boolean + externalIPs: + description: externalIPs is a list of IP addresses for which + nodes in the cluster will also accept traffic for this + service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes system. + items: + type: string + type: array + externalTrafficPolicy: + description: 'externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of the + Service''s "externally-facing" addresses (NodePorts, ExternalIPs, + and LoadBalancer IPs). If set to "Local", the proxy will + configure the service in a way that assumes that external + load balancers will take care of balancing the service + traffic between nodes, and so each node will deliver traffic + only to the node-local endpoints of the service, without + masquerading the client source IP. (Traffic mistakenly + sent to a node with no endpoints will be dropped.) The + default value, "Cluster", uses the standard behavior of + routing to all endpoints evenly (possibly modified by + topology and other features). Note that traffic sent to + an External IP or LoadBalancer IP from within the cluster + will always get "Cluster" semantics, but clients sending + to a NodePort from within the cluster may need to take + traffic policy into account when picking a node. + + + ' + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is set + to Local. If a value is specified, is in-range, and is + not in use, it will be used. If not specified, a value + will be automatically allocated. External systems (e.g. + load-balancers) can use this port to determine if a given + node holds endpoints for this service or not. If this + field is specified when creating a Service which does + not need it, creation will fail. This field will be wiped + when updating a Service to no longer need it (e.g. changing + type). This field cannot be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy describes how nodes distribute + service traffic they receive on the ClusterIP. If set + to "Local", the proxy will assume that pods only want + to talk to endpoints of the service on the same node as + the pod, dropping the traffic if there are no local endpoints. + The default value, "Cluster", uses the standard behavior + of routing to all endpoints evenly (possibly modified + by topology and other features). + type: string + ipFamilies: + description: 'IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is usually + assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the cluster, + and ipFamilyPolicy allows it, it will be used; otherwise + creation of the service will fail. This field is conditionally + mutable: it allows for adding or removing a secondary + IP family, but it does not allow changing the primary + IP family of the Service. Valid values are "IPv4" and + "IPv6". This field only applies to Services of types + ClusterIP, NodePort, and LoadBalancer, and does apply + to "headless" services. This field will be wiped when + updating a Service to type ExternalName. + + + This field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. Both + clusterIPs and ipFamilies are governed by the ipFamilyPolicy + field.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is no + value provided, then this field will be set to SingleStack. + Services can be "SingleStack" (a single IP family), "PreferDualStack" + (two IP families on dual-stack configured clusters or + a single IP family on single-stack clusters), or "RequireDualStack" + (two IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend on + the value of this field. This field will be wiped when + updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If specified, + the value of this field must be a label-style identifier, + with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". + Unprefixed names are reserved for end-users. This field + can only be set when the Service type is 'LoadBalancer'. + If not set, the default load balancer implementation is + used, today this is typically done through the cloud provider + integration, but should apply for any default implementation. + If set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any default + load balancer implementation (e.g. cloud providers) should + ignore Services that set this field. This field can only + be set when creating or updating a Service to type 'LoadBalancer'. + Once set, it can not be changed. This field will be wiped + when a service is updated to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load balancer + is created. This field will be ignored if the cloud-provider + does not support the feature. Deprecated: This field was + under-specified and its meaning varies across implementations, + and it cannot support dual-stack. As of Kubernetes v1.24, + users are encouraged to use implementation-specific annotations + when available. This field may be removed in a future + API version.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified client + IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to maintain + session affinity. Enable client IP based session affinity. + Must be ClientIP or None. Defaults to None. More info: + https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + + + ' + type: string + sessionAffinityConfig: + description: SessionAffinityConfig represents the configurations + of session affinity. + properties: + clientIP: + description: ClientIPConfig represents the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The value + must be >0 && <=86400(for 1 day) if ServiceAffinity + == "ClientIP". Default value is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + pods: + type: object + description: Cluster pod's configuration. + properties: + persistentVolume: + type: object + description: "Pod's persistent volume configuration.\n\n**Example:**\n\ + \n```yaml\napiVersion: stackgres.io/v1\nkind: SGCluster\n\ + metadata:\n name: stackgres\nspec:\n pods:\n persistentVolume:\n\ + \ size: '5Gi'\n storageClass: default\n```\n" + properties: + size: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi|Ti)$ + description: 'Size of the PersistentVolume set for each + instance of the cluster. This size is specified either + in Mebibytes, Gibibytes or Tebibytes (multiples of 2^20, + 2^30 or 2^40, respectively). + + ' + storageClass: + type: string + description: 'Name of an existing StorageClass in the Kubernetes + cluster, used to create the PersistentVolumes for the + instances of the cluster. + + ' + required: + - size + disableConnectionPooling: + type: boolean + description: 'If set to `true`, avoids creating a connection + pooling (using [PgBouncer](https://www.pgbouncer.org/)) sidecar. + + + **Changing this field may require a restart.** + + ' + default: false + disableMetricsExporter: + type: boolean + description: If set to `true`, avoids creating the Prometheus + exporter sidecar. Recommended when there's no intention to + use Prometheus for monitoring. + default: false + disablePostgresUtil: + type: boolean + description: 'If set to `true`, avoids creating the `postgres-util` + sidecar. This sidecar contains usual Postgres administration + utilities *that are not present in the main (`patroni`) container*, + like `psql`. Only disable if you know what you are doing. + + + **Changing this field may require a restart.** + + ' + default: false + resources: + type: object + description: Pod custom resources configuration. + properties: + enableClusterLimitsRequirements: + type: boolean + description: 'When enabled resource limits for containers + other than the patroni container wil be set just like + for patroni contianer as specified in the SGInstanceProfile. + + + **Changing this field may require a restart.** + + ' + default: false + disableResourcesRequestsSplitFromTotal: + type: boolean + description: "When set to `true` the resources requests\ + \ values in fields `SGInstanceProfile.spec.requests.cpu`\ + \ and `SGInstanceProfile.spec.requests.memory` will represent\ + \ the resources\n requests of the patroni container and\ + \ the total resources requests calculated by adding the\ + \ resources requests of all the containers (including\ + \ the patroni container).\n\n**Changing this field may\ + \ require a restart.**\n" + scheduling: + type: object + description: 'Pod custom scheduling, affinity and topology spread + constratins configuration. + + + **Changing this field may require a restart.** + + ' + properties: + nodeSelector: + type: object + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match + a node''s labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + + ' + tolerations: + description: 'If specified, the pod''s tolerations. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + type: array + items: + description: 'The pod this Toleration is attached to tolerates + any taint that matches the triple + using the matching operator + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + properties: + effect: + description: 'Effect indicates the taint effect to + match. Empty means match all taint effects. When + specified, allowed values are NoSchedule, PreferNoSchedule + and NoExecute. + + + ' + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If + the key is empty, operator must be Exists; this + combination means to match all values and all keys. + type: string + operator: + description: 'Operator represents a key''s relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints + of a particular category. + + + ' + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect + NoExecute, otherwise this field is ignored) tolerates + the taint. By default, it is not set, which means + tolerate the taint forever (do not evict). Zero + and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + nodeAffinity: + description: 'Node affinity is a group of node affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a + no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range + 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the union of + the results of one or more label queries over a set + of nodes; that is, it represents the OR of the selectors + represented by the node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + priorityClassName: + type: string + description: 'Priority indicates the importance of a Pod + relative to other Pods. If a Pod cannot be scheduled, + the scheduler tries to preempt (evict) lower priority + Pods to make scheduling of the pending Pod possible. + + ' + podAffinity: + description: 'Pod affinity is a group of inter pod affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: 'Pod anti affinity is a group of inter pod + anti affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all + of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the + node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + topologySpreadConstraints: + type: array + description: 'TopologySpreadConstraints describes how a + group of pods ought to spread across topology domains. + Scheduler will schedule pods in a way which abides by + the constraints. All topologySpreadConstraints are ANDed. + + ' + items: + description: 'TopologySpreadConstraint specifies how to + spread matching pods among the given topology. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#topologyspreadconstraint-v1-core + + ' + properties: + labelSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select the pods over which spreading will + be calculated. The keys are used to lookup values + from the incoming pod labels, those key-value labels + are ANDed with labelSelector to select the group + of existing pods over which spreading will be calculated + for the incoming pod. Keys that don't exist in the + incoming pod labels will be ignored. A null or empty + list means only match against labelSelector. + items: + type: string + type: array + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. The global minimum is the minimum + number of matching pods in an eligible domain or + zero if the number of eligible domains is less than + MinDomains. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum + is 1. | zone1 | zone2 | zone3 | | P P | P P | P | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can + be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: 'MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less than + minDomains, Pod Topology Spread treats "global minimum" + as 0, and then the calculation of Skew is performed. + And when the number of eligible domains with matching + topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, + when the number of eligible domains is less than + minDomains, scheduler won''t schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be + DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is set + to 2, MinDomains is set to 5 and pods with the same + labelSelector spread as 2/2/2: | zone1 | zone2 | + zone3 | | P P | P P | P P | The number of + domains is less than 5(MinDomains), so "global minimum" + is treated as 0. In this situation, new pod with + the same labelSelector cannot be scheduled, because + computed skew will be 3(3 - 0) if new Pod is scheduled + to any of the three zones, it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default).' + format: int32 + type: integer + nodeAffinityPolicy: + description: 'NodeAffinityPolicy indicates how we + will treat Pod''s nodeAffinity/nodeSelector when + calculating pod topology spread skew. Options are: + - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. + + + If this value is nil, the behavior is equivalent + to the Honor policy. This is a alpha-level feature + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag.' + type: string + nodeTaintsPolicy: + description: 'NodeTaintsPolicy indicates how we will + treat node taints when calculating pod topology + spread skew. Options are: - Honor: nodes without + taints, along with tainted nodes for which the incoming + pod has a toleration, are included. - Ignore: node + taints are ignored. All nodes are included. + + + If this value is nil, the behavior is equivalent + to the Ignore policy. This is a alpha-level feature + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag.' + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and + try to put balanced number of pods into each bucket. + We define a domain as a particular instance of a + topology. Also, we define an eligible domain as + a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if + TopologyKey is "topology.kubernetes.io/zone", each + zone is a domain of that topology. It's a required + field. + type: string + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how to deal\ + \ with a pod if it doesn't satisfy the spread constraint.\ + \ - DoNotSchedule (default) tells the scheduler\ + \ not to schedule it. - ScheduleAnyway tells the\ + \ scheduler to schedule the pod in any location,\n\ + \ but giving higher precedence to topologies that\ + \ would help reduce the\n skew.\nA constraint is\ + \ considered \"Unsatisfiable\" for an incoming pod\ + \ if and only if every possible node assignment\ + \ for that pod would violate \"MaxSkew\" on some\ + \ topology. For example, in a 3-zone cluster, MaxSkew\ + \ is set to 1, and pods with the same labelSelector\ + \ spread as 3/1/1: | zone1 | zone2 | zone3 | | P\ + \ P P | P | P | If WhenUnsatisfiable is\ + \ set to DoNotSchedule, incoming pod can only be\ + \ scheduled to zone2(zone3) to become 3/2/1(3/1/2)\ + \ as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1).\ + \ In other words, the cluster can still be imbalanced,\ + \ but scheduler won't make it *more* imbalanced.\ + \ It's a required field.\n\n" + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + backup: + type: object + description: Backup Pod custom scheduling and affinity configuration. + properties: + nodeSelector: + type: object + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector which + must match a node''s labels for the pod to be scheduled + on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + + ' + tolerations: + description: 'If specified, the pod''s tolerations. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + type: array + items: + description: 'The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + properties: + effect: + description: 'Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + + + ' + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: 'Operator represents a key''s relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + + + ' + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + nodeAffinity: + description: 'Node affinity is a group of node affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node matches the corresponding + matchExpressions; the node(s) with the highest + sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the union + of the results of one or more label queries over + a set of nodes; that is, it represents the OR + of the selectors represented by the node selector + terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + priorityClassName: + type: string + description: 'Priority indicates the importance of a + Pod relative to other Pods. If a Pod cannot be scheduled, + the scheduler tries to preempt (evict) lower priority + Pods to make scheduling of the pending Pod possible. + + ' + podAffinity: + description: 'Pod affinity is a group of inter pod affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: 'Pod anti affinity is a group of inter + pod anti affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the anti-affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to a pod label update), the + system may or may not try to eventually evict + the pod from its node. When there are multiple + elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + managementPolicy: + type: string + description: "managementPolicy controls how pods are created\ + \ during initial scale up, when replacing pods\n on nodes,\ + \ or when scaling down. The default policy is `OrderedReady`,\ + \ where pods are created\n in increasing order (pod-0, then\ + \ pod-1, etc) and the controller will wait until each pod\ + \ is\n ready before continuing. When scaling down, the pods\ + \ are removed in the opposite order.\n The alternative policy\ + \ is `Parallel` which will create pods in parallel to match\ + \ the desired\n scale without waiting, and on scale down\ + \ will delete all pods at once.\n" + default: OrderedReady + customVolumes: + type: array + description: "A list of custom volumes that may be used along\ + \ with any container defined in\n customInitContainers or\ + \ customContainers sections.\n\nThe name used in this section\ + \ will be prefixed with the string `custom-` so that when\n\ + \ referencing them in the customInitContainers or customContainers\ + \ sections the name used\n have to be prepended with the\ + \ same prefix.\n\nOnly the following volume types are allowed:\ + \ configMap, downwardAPI, emptyDir,\n gitRepo, glusterfs,\ + \ hostPath, nfs, projected and secret\n\n**Changing this field\ + \ may require a restart.**\n \nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#volume-v1-core\n" + items: + type: object + description: "A custom volume that may be used along with\ + \ any container defined in\n customInitContainers or customContainers\ + \ sections.\n\nThe name used in this section will be prefixed\ + \ with the string `custom-` so that when\n referencing them\ + \ in the customInitContainers or customContainers sections\ + \ the name used\n have to be prepended with the same prefix.\n\ + \nOnly the following volume types are allowed: configMap,\ + \ downwardAPI, emptyDir,\n gitRepo, glusterfs, hostPath,\ + \ nfs, projected and secret\n\n**Changing this field may\ + \ require a restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#volume-v1-core\n" + properties: + name: + description: "Volumes name. Must be a DNS_LABEL and unique\ + \ within the pod.\n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\n\ + \nThe name will be prefixed with the string `custom-`\ + \ so that when referencing them in the\n customInitContainers\ + \ or customContainers sections the name used have to\ + \ be prepended with\n the same prefix.\n" + type: string + configMap: + description: 'Adapts a ConfigMap into a volume. + + + The contents of the target ConfigMap''s Data field will + be presented in a volume as files using the keys in + the Data field as the file names, unless the items element + is populated with specific mappings of keys to paths. + ConfigMap volumes support ownership management and SELinux + relabeling.' + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced ConfigMap will + be projected into the volume as a file whose name + is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. If + a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. If not specified, the + volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May + not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + downwardAPI: + description: DownwardAPIVolumeSource represents a volume + containing downward API info. Downward API volumes support + ownership management and SELinux relabeling. + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: ObjectFieldSelector selects an + APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. If not specified, the + volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of the + relative path must not start with ''..''' + type: string + resourceFieldRef: + description: ResourceFieldSelector represents + container resources (cpu, memory) and their + output format + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling in\ + \ JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::=\ + \ \n (Note that\ + \ may be empty, from the \"\"\ + \ case in .)\n \ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= | \ + \ | ::=\ + \ Ki | Mi | Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M\ + \ | G | T | P | E\n (Note that 1024 =\ + \ 1Ki but 1000 = 1k; I didn't choose the\ + \ capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent\ + \ forms is used, no quantity may represent\ + \ a number greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This may\ + \ be extended in the future if we require\ + \ larger or smaller quantities.\n\nWhen\ + \ a Quantity is parsed from a string,\ + \ it will remember the type of suffix\ + \ it had, and will use the same type again\ + \ when it is serialized.\n\nBefore serializing,\ + \ Quantity will be put in \"canonical\ + \ form\". This means that Exponent/suffix\ + \ will be adjusted up or down (with a\ + \ corresponding increase or decrease in\ + \ Mantissa) such that:\n a. No precision\ + \ is lost\n b. No fractional digits will\ + \ be emitted\n c. The exponent (or suffix)\ + \ is as large as possible.\nThe sign will\ + \ be omitted unless the number is negative.\n\ + \nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That is\ + \ the whole point of this exercise.\n\n\ + Non-canonical values will still parse\ + \ as long as they are well formed, but\ + \ will be re-emitted in their canonical\ + \ form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended\ + \ to make it difficult to use these numbers\ + \ without writing some sort of special\ + \ handling code in the hopes that that\ + \ will cause implementors to also use\ + \ a fixed point implementation." + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: Represents an empty directory for a pod. + Empty directory volumes support ownership management + and SELinux relabeling. + properties: + medium: + description: 'What type of storage medium should back + this directory. The default is "" which means to + use the node''s default medium. Must be an empty + string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String() and\ + \ AsInt64() accessors.\n\nThe serialization format\ + \ is:\n\n ::= \n\ + \ (Note that may be empty, from the \"\ + \" case in .)\n ::=\ + \ 0 | 1 | ... | 9 ::= \ + \ | ::= \ + \ | . | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= | | \ + \ ::= Ki | Mi | Gi | Ti | Pi |\ + \ Ei\n (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T |\ + \ P | E\n (Note that 1024 = 1Ki but 1000 = 1k;\ + \ I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent forms is\ + \ used, no quantity may represent a number greater\ + \ than 2^63-1 in magnitude, nor may it have more\ + \ than 3 decimal places. Numbers larger or more\ + \ precise will be capped or rounded up. (E.g.: 0.1m\ + \ will rounded up to 1m.) This may be extended in\ + \ the future if we require larger or smaller quantities.\n\ + \nWhen a Quantity is parsed from a string, it will\ + \ remember the type of suffix it had, and will use\ + \ the same type again when it is serialized.\n\n\ + Before serializing, Quantity will be put in \"canonical\ + \ form\". This means that Exponent/suffix will be\ + \ adjusted up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n a. No precision\ + \ is lost\n b. No fractional digits will be emitted\n\ + \ c. The exponent (or suffix) is as large as possible.\n\ + The sign will be omitted unless the number is negative.\n\ + \nExamples:\n 1.5 will be serialized as \"1500m\"\ + \n 1.5Gi will be serialized as \"1536Mi\"\n\nNote\ + \ that the quantity will NEVER be internally represented\ + \ by a floating point number. That is the whole\ + \ point of this exercise.\n\nNon-canonical values\ + \ will still parse as long as they are well formed,\ + \ but will be re-emitted in their canonical form.\ + \ (So always use canonical form, or don't diff.)\n\ + \nThis format is intended to make it difficult to\ + \ use these numbers without writing some sort of\ + \ special handling code in the hopes that that will\ + \ cause implementors to also use a fixed point implementation." + type: string + type: object + gitRepo: + description: 'Represents a volume that is populated with + the contents of a git repository. Git repo volumes do + not support ownership management. Git repo volumes support + SELinux relabeling. + + + DEPRECATED: GitRepo is deprecated. To provision a container + with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir + into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain + or start with '..'. If '.' is supplied, the volume + directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: Represents a Glusterfs mount that lasts the + lifetime of a pod. Glusterfs volumes do not support + ownership management or SELinux relabeling. + properties: + endpoints: + description: 'EndpointsName is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs + volume to be mounted with read-only permissions. + Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: Represents a host path mapped into a pod. + Host path volumes do not support ownership management + or SELinux relabeling. + properties: + path: + description: 'Path of the directory on the host. If + the path is a symlink, it will follow the link to + the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults to + "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + nfs: + description: Represents an NFS mount that lasts the lifetime + of a pod. NFS volumes do not support ownership management + or SELinux relabeling. + properties: + path: + description: 'Path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address + of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - server + - path + type: object + projected: + description: Represents a projected volume source + properties: + defaultMode: + description: Mode bits used to set permissions on + created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected along + with other supported volume types + properties: + configMap: + description: 'Adapts a ConfigMap into a projected + volume. + + + The contents of the target ConfigMap''s Data + field will be presented in a projected volume + as files using the keys in the Data field + as the file names, unless the items element + is populated with specific mappings of keys + to paths. Note that this is identical to a + configmap volume source without the default + mode.' + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed + keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. Paths + must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits + used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: The relative path of + the file to map the key to. May + not be an absolute path. May not + contain the path element '..'. May + not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: Represents downward API info for + projecting into a projected volume. Note that + this is identical to a downwardAPI volume + source without the default mode. + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: ObjectFieldSelector selects + an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits + used to set permissions on this + file, must be an octal value between + 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: ResourceFieldSelector + represents container resources (cpu, + memory) and their output format + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number.\ + \ It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition\ + \ to String() and AsInt64()\ + \ accessors.\n\nThe serialization\ + \ format is:\n\n \ + \ ::= \n\ + \ (Note that may be\ + \ empty, from the \"\" case\ + \ in .)\n\ + \ ::= 0 | 1 | ...\ + \ | 9 ::=\ + \ | \ + \ ::= \ + \ | . | .\ + \ | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= \ + \ | | \ + \ ::= Ki |\ + \ Mi | Gi | Ti | Pi | Ei\n \ + \ (International System of units;\ + \ See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\ + \" | k | M | G | T | P | E\n\ + \ (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose\ + \ the capitalization.)\n\ + \ ::= \"e\" |\ + \ \"E\" \n\nNo\ + \ matter which of the three\ + \ exponent forms is used, no\ + \ quantity may represent a number\ + \ greater than 2^63-1 in magnitude,\ + \ nor may it have more than\ + \ 3 decimal places. Numbers\ + \ larger or more precise will\ + \ be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.)\ + \ This may be extended in the\ + \ future if we require larger\ + \ or smaller quantities.\n\n\ + When a Quantity is parsed from\ + \ a string, it will remember\ + \ the type of suffix it had,\ + \ and will use the same type\ + \ again when it is serialized.\n\ + \nBefore serializing, Quantity\ + \ will be put in \"canonical\ + \ form\". This means that Exponent/suffix\ + \ will be adjusted up or down\ + \ (with a corresponding increase\ + \ or decrease in Mantissa) such\ + \ that:\n a. No precision is\ + \ lost\n b. No fractional digits\ + \ will be emitted\n c. The\ + \ exponent (or suffix) is as\ + \ large as possible.\nThe sign\ + \ will be omitted unless the\ + \ number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be\ + \ serialized as \"1536Mi\"\n\ + \nNote that the quantity will\ + \ NEVER be internally represented\ + \ by a floating point number.\ + \ That is the whole point of\ + \ this exercise.\n\nNon-canonical\ + \ values will still parse as\ + \ long as they are well formed,\ + \ but will be re-emitted in\ + \ their canonical form. (So\ + \ always use canonical form,\ + \ or don't diff.)\n\nThis format\ + \ is intended to make it difficult\ + \ to use these numbers without\ + \ writing some sort of special\ + \ handling code in the hopes\ + \ that that will cause implementors\ + \ to also use a fixed point\ + \ implementation." + type: string + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: 'Adapts a secret into a projected + volume. + + + The contents of the target Secret''s Data + field will be presented in a projected volume + as files using the keys in the Data field + as the file names. Note that this is identical + to a secret volume source without the default + mode.' + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed + keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present + in the Secret, the volume setup will error + unless it is marked optional. Paths must + be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits + used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: The relative path of + the file to map the key to. May + not be an absolute path. May not + contain the path element '..'. May + not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: ServiceAccountTokenProjection represents + a projected service account token volume. + This projection can be used to insert a service + account token into the pods runtime filesystem + for use against APIs (Kubernetes API Server + or otherwise). + properties: + audience: + description: Audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience + defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The + kubelet will start trying to rotate the + token if the token is older than 80 percent + of its time to live or if the token is + older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative to + the mount point of the file to project + the token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + description: 'Adapts a Secret into a volume. + + + The contents of the target Secret''s Data field will + be presented in a volume as files using the keys in + the Data field as the file names. Secret volumes support + ownership management and SELinux relabeling.' + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions + on created files by default. Must be an octal value + between 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. Defaults + to 0644. Directories within the path are not affected + by this setting. This might be in conflict with + other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair in + the Data field of the referenced Secret will be + projected into the volume as a file whose name is + the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. If + a key is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set + permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. If not specified, the + volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file to + map the key to. May not be an absolute path. + May not contain the path element '..'. May + not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its keys + must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace + to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + customInitContainers: + type: array + description: "A list of custom application init containers that\ + \ run within the cluster's Pods. The\n custom init containers\ + \ will run following the defined sequence as the end of\n\ + \ cluster's Pods init containers.\n\nThe name used in this\ + \ section will be prefixed with the string `custom-` so that\ + \ when\n referencing them in the .spec.containers section\ + \ of SGInstanceProfile the name used\n have to be prepended\ + \ with the same prefix.\n\n**Changing this field may require\ + \ a restart.**\n \nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\n" + items: + type: object + description: "A custom application init container that run\ + \ within the cluster's Pods. The custom init\n containers\ + \ will run following the defined sequence as the end of\ + \ cluster's Pods init\n containers.\n\nThe name used in\ + \ this section will be prefixed with the string `custom-`\ + \ so that when\n referencing them in the .spec.containers\ + \ section of SGInstanceProfile the name used\n have to be\ + \ prepended with the same prefix.\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\\\ + n\n\n**Changing this field may require a restart.**\n" + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a + shell. The docker image''s ENTRYPOINT is used if this + is not provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string + will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: EnvVarSource represents a source for + the value of an EnvVar. + properties: + configMapKeyRef: + description: Selects a key from a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: ObjectFieldSelector selects an + APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: ResourceFieldSelector represents + container resources (cpu, memory) and their + output format + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling in\ + \ JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::=\ + \ \n (Note that\ + \ may be empty, from the \"\"\ + \ case in .)\n \ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= | \ + \ | ::=\ + \ Ki | Mi | Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M\ + \ | G | T | P | E\n (Note that 1024 =\ + \ 1Ki but 1000 = 1k; I didn't choose the\ + \ capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent\ + \ forms is used, no quantity may represent\ + \ a number greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This may\ + \ be extended in the future if we require\ + \ larger or smaller quantities.\n\nWhen\ + \ a Quantity is parsed from a string,\ + \ it will remember the type of suffix\ + \ it had, and will use the same type again\ + \ when it is serialized.\n\nBefore serializing,\ + \ Quantity will be put in \"canonical\ + \ form\". This means that Exponent/suffix\ + \ will be adjusted up or down (with a\ + \ corresponding increase or decrease in\ + \ Mantissa) such that:\n a. No precision\ + \ is lost\n b. No fractional digits will\ + \ be emitted\n c. The exponent (or suffix)\ + \ is as large as possible.\nThe sign will\ + \ be omitted unless the number is negative.\n\ + \nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That is\ + \ the whole point of this exercise.\n\n\ + Non-canonical values will still parse\ + \ as long as they are well formed, but\ + \ will be re-emitted in their canonical\ + \ form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended\ + \ to make it difficult to use these numbers\ + \ without writing some sort of special\ + \ handling code in the hopes that that\ + \ will cause implementors to also use\ + \ a fixed point implementation." + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a key + exists in multiple sources, the value associated with + the last source will take precedence. Values defined + by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: 'ConfigMapEnvSource selects a ConfigMap + to populate the environment variables with. + + + The contents of the target ConfigMap''s Data field + will represent the key-value pairs as environment + variables.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: 'SecretEnvSource selects a Secret to + populate the environment variables with. + + + The contents of the target Secret''s Data field + will represent the key-value pairs as environment + variables.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images in + workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle describes actions that the management + system should take in response to container lifecycle + events. For the PostStart and PreStop lifecycle handlers, + management of the container blocks until the action + is complete, unless the container process fails, in + which case the handler is aborted. + properties: + postStart: + description: Handler defines a specific action that + should be taken + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + preStop: + description: Handler defines a specific action that + should be taken + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive + or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action based + on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action based + on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: "Name of the container specified as a DNS_LABEL.\ + \ Each\n container in a pod must have a unique name\ + \ (DNS_LABEL). Cannot\n be updated.\n\nThe name will\ + \ be prefixed with the string `custom-` so that when\ + \ referencing it\n in the .spec.containers section of\ + \ SGInstanceProfile the name used have to be\n prepended\ + \ with the same prefix.\n" + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional information + about the network connections a container uses, but + is primarily informational. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port + which is listening on the default "0.0.0.0" address + inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port + to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, this + must match ContainerPort. Most containers do not + need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the port + that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive + or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action based + on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action based + on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String() and\ + \ AsInt64() accessors.\n\nThe serialization format\ + \ is:\n\n ::= \n\ + \ (Note that may be empty, from the\ + \ \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::=\ + \ | \ + \ ::= | . | .\ + \ | . ::= \"+\" | \"\ + -\" ::= | \ + \ ::= | \ + \ | ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T\ + \ | P | E\n (Note that 1024 = 1Ki but 1000 =\ + \ 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent forms\ + \ is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it\ + \ have more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may\ + \ be extended in the future if we require larger\ + \ or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type\ + \ of suffix it had, and will use the same type\ + \ again when it is serialized.\n\nBefore serializing,\ + \ Quantity will be put in \"canonical form\".\ + \ This means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase or\ + \ decrease in Mantissa) such that:\n a. No precision\ + \ is lost\n b. No fractional digits will be emitted\n\ + \ c. The exponent (or suffix) is as large as\ + \ possible.\nThe sign will be omitted unless the\ + \ number is negative.\n\nExamples:\n 1.5 will\ + \ be serialized as \"1500m\"\n 1.5Gi will be\ + \ serialized as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by a floating\ + \ point number. That is the whole point of this\ + \ exercise.\n\nNon-canonical values will still\ + \ parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always\ + \ use canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult to use\ + \ these numbers without writing some sort of special\ + \ handling code in the hopes that that will cause\ + \ implementors to also use a fixed point implementation." + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String() and\ + \ AsInt64() accessors.\n\nThe serialization format\ + \ is:\n\n ::= \n\ + \ (Note that may be empty, from the\ + \ \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::=\ + \ | \ + \ ::= | . | .\ + \ | . ::= \"+\" | \"\ + -\" ::= | \ + \ ::= | \ + \ | ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T\ + \ | P | E\n (Note that 1024 = 1Ki but 1000 =\ + \ 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent forms\ + \ is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it\ + \ have more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may\ + \ be extended in the future if we require larger\ + \ or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type\ + \ of suffix it had, and will use the same type\ + \ again when it is serialized.\n\nBefore serializing,\ + \ Quantity will be put in \"canonical form\".\ + \ This means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase or\ + \ decrease in Mantissa) such that:\n a. No precision\ + \ is lost\n b. No fractional digits will be emitted\n\ + \ c. The exponent (or suffix) is as large as\ + \ possible.\nThe sign will be omitted unless the\ + \ number is negative.\n\nExamples:\n 1.5 will\ + \ be serialized as \"1500m\"\n 1.5Gi will be\ + \ serialized as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by a floating\ + \ point number. That is the whole point of this\ + \ exercise.\n\nNon-canonical values will still\ + \ parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always\ + \ use canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult to use\ + \ these numbers without writing some sort of special\ + \ handling code in the hopes that that will cause\ + \ implementors to also use a fixed point implementation." + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. Some fields are + present in both SecurityContext and PodSecurityContext. When + both are set, the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as + Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: Adds and removes POSIX capabilities from + running containers. + properties: + add: + description: Added capabilities + items: + type: string + type: array + drop: + description: Removed capabilities + items: + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not + run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified in + image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: SELinuxOptions are the labels to be applied + to the container + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: SeccompProfile defines a pod/container's + seccomp profile settings. Only one profile source + may be set. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: 'type indicates which kind of seccomp + profile will be applied. Valid options are: + + + Localhost - a profile defined in a file on the + node should be used. RuntimeDefault - the container + runtime default profile should be used. Unconfined + - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: WindowsSecurityContextOptions contain + Windows-specific options and credentials. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + startupProbe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive + or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action based + on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action based + on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a + buffer for stdin in the container runtime. If this is + not set, reads from stdin in the container will always + result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce is + set to true, stdin is opened on container start, is + empty until the first client attaches to stdin, and + then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such as + an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length + across all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a + TTY for itself, also requires 'stdin' to be true. Default + is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a raw + block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - name + - devicePath + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which the + container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable + references $(VAR_NAME) are expanded using the + container's environment. Defaults to "" (volume's + root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - name + - mountPath + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot be + updated. + type: string + required: + - name + customContainers: + type: array + description: "A list of custom application containers that run\ + \ within the cluster's Pods.\n\nThe name used in this section\ + \ will be prefixed with the string `custom-` so that when\n\ + \ referencing them in the .spec.containers section of SGInstanceProfile\ + \ the name used\n have to be prepended with the same prefix.\n\ + \n**Changing this field may require a restart.**\n \nSee:\ + \ https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\n" + items: + type: object + description: "A custom application container that run within\ + \ the cluster's Pods. The custom\n containers will run following\ + \ the defined sequence as the end of cluster's Pods\n containers.\n\ + \nThe name used in this section will be prefixed with the\ + \ string `custom-` so that when\n referencing them in the\ + \ .spec.containers section of SGInstanceProfile the name\ + \ used\n have to be prepended with the same prefix.\n\n\ + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\\\ + n\n\n**Changing this field may require a restart.**\n" + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within a + shell. The docker image''s ENTRYPOINT is used if this + is not provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string + will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' + type: string + valueFrom: + description: EnvVarSource represents a source for + the value of an EnvVar. + properties: + configMapKeyRef: + description: Selects a key from a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: ObjectFieldSelector selects an + APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: ResourceFieldSelector represents + container resources (cpu, memory) and their + output format + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling in\ + \ JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::=\ + \ \n (Note that\ + \ may be empty, from the \"\"\ + \ case in .)\n \ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= | \ + \ | ::=\ + \ Ki | Mi | Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M\ + \ | G | T | P | E\n (Note that 1024 =\ + \ 1Ki but 1000 = 1k; I didn't choose the\ + \ capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent\ + \ forms is used, no quantity may represent\ + \ a number greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This may\ + \ be extended in the future if we require\ + \ larger or smaller quantities.\n\nWhen\ + \ a Quantity is parsed from a string,\ + \ it will remember the type of suffix\ + \ it had, and will use the same type again\ + \ when it is serialized.\n\nBefore serializing,\ + \ Quantity will be put in \"canonical\ + \ form\". This means that Exponent/suffix\ + \ will be adjusted up or down (with a\ + \ corresponding increase or decrease in\ + \ Mantissa) such that:\n a. No precision\ + \ is lost\n b. No fractional digits will\ + \ be emitted\n c. The exponent (or suffix)\ + \ is as large as possible.\nThe sign will\ + \ be omitted unless the number is negative.\n\ + \nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That is\ + \ the whole point of this exercise.\n\n\ + Non-canonical values will still parse\ + \ as long as they are well formed, but\ + \ will be re-emitted in their canonical\ + \ form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended\ + \ to make it difficult to use these numbers\ + \ without writing some sort of special\ + \ handling code in the hopes that that\ + \ will cause implementors to also use\ + \ a fixed point implementation." + type: string + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: SecretKeySelector selects a key + of a Secret. + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a key + exists in multiple sources, the value associated with + the last source will take precedence. Values defined + by an Env with a duplicate key will take precedence. + Cannot be updated. + items: + description: EnvFromSource represents the source of + a set of ConfigMaps + properties: + configMapRef: + description: 'ConfigMapEnvSource selects a ConfigMap + to populate the environment variables with. + + + The contents of the target ConfigMap''s Data field + will represent the key-value pairs as environment + variables.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap must + be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: 'SecretEnvSource selects a Secret to + populate the environment variables with. + + + The contents of the target Secret''s Data field + will represent the key-value pairs as environment + variables.' + properties: + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret must + be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images in + workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle describes actions that the management + system should take in response to container lifecycle + events. For the PostStart and PreStop lifecycle handlers, + management of the container blocks until the action + is complete, unless the container process fails, in + which case the handler is aborted. + properties: + postStart: + description: Handler defines a specific action that + should be taken + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + preStop: + description: Handler defines a specific action that + should be taken + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive + or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action based + on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action based + on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: "Name of the container specified as a DNS_LABEL.\ + \ Each\n container in a pod must have a unique name\ + \ (DNS_LABEL). Cannot\n be updated.\n\nThe name will\ + \ be prefixed with the string `custom-` so that when\ + \ referencing it\n in the .spec.containers section of\ + \ SGInstanceProfile the name used have to be\n prepended\ + \ with the same prefix.\n" + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional information + about the network connections a container uses, but + is primarily informational. Not specifying a port here + DOES NOT prevent that port from being exposed. Any port + which is listening on the default "0.0.0.0" address + inside a container will be accessible from the network. + Cannot be updated. + items: + description: ContainerPort represents a network port + in a single container. + properties: + containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external port + to. + type: string + hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, this + must match ContainerPort. Most containers do not + need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the port + that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive + or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action based + on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action based + on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String() and\ + \ AsInt64() accessors.\n\nThe serialization format\ + \ is:\n\n ::= \n\ + \ (Note that may be empty, from the\ + \ \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::=\ + \ | \ + \ ::= | . | .\ + \ | . ::= \"+\" | \"\ + -\" ::= | \ + \ ::= | \ + \ | ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T\ + \ | P | E\n (Note that 1024 = 1Ki but 1000 =\ + \ 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent forms\ + \ is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it\ + \ have more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may\ + \ be extended in the future if we require larger\ + \ or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type\ + \ of suffix it had, and will use the same type\ + \ again when it is serialized.\n\nBefore serializing,\ + \ Quantity will be put in \"canonical form\".\ + \ This means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase or\ + \ decrease in Mantissa) such that:\n a. No precision\ + \ is lost\n b. No fractional digits will be emitted\n\ + \ c. The exponent (or suffix) is as large as\ + \ possible.\nThe sign will be omitted unless the\ + \ number is negative.\n\nExamples:\n 1.5 will\ + \ be serialized as \"1500m\"\n 1.5Gi will be\ + \ serialized as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by a floating\ + \ point number. That is the whole point of this\ + \ exercise.\n\nNon-canonical values will still\ + \ parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always\ + \ use canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult to use\ + \ these numbers without writing some sort of special\ + \ handling code in the hopes that that will cause\ + \ implementors to also use a fixed point implementation." + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String() and\ + \ AsInt64() accessors.\n\nThe serialization format\ + \ is:\n\n ::= \n\ + \ (Note that may be empty, from the\ + \ \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 ::=\ + \ | \ + \ ::= | . | .\ + \ | . ::= \"+\" | \"\ + -\" ::= | \ + \ ::= | \ + \ | ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G | T\ + \ | P | E\n (Note that 1024 = 1Ki but 1000 =\ + \ 1k; I didn't choose the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent forms\ + \ is used, no quantity may represent a number\ + \ greater than 2^63-1 in magnitude, nor may it\ + \ have more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded up.\ + \ (E.g.: 0.1m will rounded up to 1m.) This may\ + \ be extended in the future if we require larger\ + \ or smaller quantities.\n\nWhen a Quantity is\ + \ parsed from a string, it will remember the type\ + \ of suffix it had, and will use the same type\ + \ again when it is serialized.\n\nBefore serializing,\ + \ Quantity will be put in \"canonical form\".\ + \ This means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase or\ + \ decrease in Mantissa) such that:\n a. No precision\ + \ is lost\n b. No fractional digits will be emitted\n\ + \ c. The exponent (or suffix) is as large as\ + \ possible.\nThe sign will be omitted unless the\ + \ number is negative.\n\nExamples:\n 1.5 will\ + \ be serialized as \"1500m\"\n 1.5Gi will be\ + \ serialized as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by a floating\ + \ point number. That is the whole point of this\ + \ exercise.\n\nNon-canonical values will still\ + \ parse as long as they are well formed, but will\ + \ be re-emitted in their canonical form. (So always\ + \ use canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult to use\ + \ these numbers without writing some sort of special\ + \ handling code in the hopes that that will cause\ + \ implementors to also use a fixed point implementation." + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. Some fields are + present in both SecurityContext and PodSecurityContext. When + both are set, the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as + Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: Adds and removes POSIX capabilities from + running containers. + properties: + add: + description: Added capabilities + items: + type: string + type: array + drop: + description: Removed capabilities + items: + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not + run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified in + image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: SELinuxOptions are the labels to be applied + to the container + properties: + level: + description: Level is SELinux level label that + applies to the container. + type: string + role: + description: Role is a SELinux role label that + applies to the container. + type: string + type: + description: Type is a SELinux type label that + applies to the container. + type: string + user: + description: User is a SELinux user label that + applies to the container. + type: string + type: object + seccompProfile: + description: SeccompProfile defines a pod/container's + seccomp profile settings. Only one profile source + may be set. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". + type: string + type: + description: 'type indicates which kind of seccomp + profile will be applied. Valid options are: + + + Localhost - a profile defined in a file on the + node should be used. RuntimeDefault - the container + runtime default profile should be used. Unconfined + - no profile should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: WindowsSecurityContextOptions contain + Windows-specific options and credentials. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: string + type: object + type: object + startupProbe: + description: Probe describes a health check to be performed + against a container to determine whether it is alive + or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action based + on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom header + to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action based + on opening a socket + properties: + host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can hold + an int32 or a string. When used in JSON or + YAML marshalling and unmarshalling, it produces + or consumes the inner type. This allows you + to have, for example, a JSON field that can + accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate a + buffer for stdin in the container runtime. If this is + not set, reads from stdin in the container will always + result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce is + set to true, stdin is opened on container start, is + empty until the first client attaches to stdin, and + then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such as + an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length + across all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate a + TTY for itself, also requires 'stdin' to be true. Default + is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of a raw + block device within a container. + properties: + devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - name + - devicePath + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of a Volume + within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. + type: boolean + subPath: + description: Path within the volume from which the + container's volume should be mounted. Defaults + to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable + references $(VAR_NAME) are expanded using the + container's environment. Defaults to "" (volume's + root). SubPathExpr and SubPath are mutually exclusive. + type: string + required: + - name + - mountPath + type: object + type: array + workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot be + updated. + type: string + required: + - name + required: + - persistentVolume + configurations: + type: object + description: "Cluster custom configurations.\n\n**Example:**\n\n\ + ``` yaml\napiVersion: stackgres.io/v1\nkind: SGCluster\nmetadata:\n\ + \ name: stackgres\nspec:\n configurations:\n sgPostgresConfig:\ + \ 'postgresconf'\n sgPoolingConfig: 'pgbouncerconf'\n backups:\n\ + \ - sgObjectStorage: 'backupconf'\n```\n" + properties: + sgPostgresConfig: + type: string + description: 'Name of the [SGPostgresConfig](https://stackgres.io/doc/latest/reference/crd/sgpgconfig) + used for the cluster. + + + It must exist. When not set, a default Postgres config, for + the major version selected, is used. + + + **Changing this field may require a restart.** + + ' + sgPoolingConfig: + type: string + description: 'Name of the [SGPoolingConfig](https://stackgres.io/doc/latest/reference/crd/sgpoolconfig) + used for this cluster. + + + Each pod contains a sidecar with a connection pooler (currently: + [PgBouncer](https://www.pgbouncer.org/)). The connection pooler + is implemented as a sidecar. + + + If not set, a default configuration will be used. Disabling + connection pooling altogether is possible if the disableConnectionPooling + property of the pods object is set to true. + + + **Changing this field may require a restart.** + + ' + sgBackupConfig: + type: string + description: '**Deprecated**: use instead `.spec.configurations.backups[].sgObjectStorage` + + + Name of the [SGBackupConfig](https://stackgres.io/doc/latest/reference/crd/sgbackupconfig) + to use for the cluster. It defines the backups policy, storage + and retention, among others, applied to the cluster. When + not set, backup configuration will not be used. + + ' + backupPath: + type: string + description: '**Deprecated**: use instead `.spec.configurations.backups[].path` + + + The path were the backup is stored. If not set this field + is filled up by the operator. + + + When provided will indicate were the backups and WAL files + will be stored. + + ' + backups: + type: array + description: 'List of backups configurations for this SGCluster + + ' + items: + type: object + description: 'Backup configuration for this SGCluster + + ' + properties: + compression: + type: string + description: 'Specifies the backup compression algorithm. + Possible options are: lz4, lzma, brotli. The default + method is `lz4`. LZ4 is the fastest method, but compression + ratio is the worst. LZMA is way slower, but it compresses + backups about 6 times better than LZ4. Brotli is a good + trade-off between speed and compression ratio, being + about 3 times better than LZ4. + + ' + enum: + - lz4 + - lzma + - brotli + cronSchedule: + type: string + description: 'Continuous Archiving backups are composed + of periodic *base backups* and all the WAL segments + produced in between those base backups. This parameter + specifies at what time and with what frequency to start + performing a new base backup. + + + Use cron syntax (`m h dom mon dow`) for this parameter, + i.e., 5 values separated by spaces: + + * `m`: minute, 0 to 59. + + * `h`: hour, 0 to 23. + + * `dom`: day of month, 1 to 31 (recommended not to + set it higher than 28). + + * `mon`: month, 1 to 12. + + * `dow`: day of week, 0 to 7 (0 and 7 both represent + Sunday). + + + Also ranges of values (`start-end`), the symbol `*` + (meaning `first-last`) or even `*/N`, where `N` is a + number, meaning ""every `N`, may be used. All times + are UTC. It is recommended to avoid 00:00 as base backup + time, to avoid overlapping with any other external operations + happening at this time. + + + If not set, full backups are never performed automatically. + + ' + performance: + type: object + description: 'Configuration that affects the backup network + and disk usage performance. + + ' + properties: + maxNetworkBandwidth: + type: integer + description: 'Maximum storage upload bandwidth used + when storing a backup. In bytes (per second). + + ' + maxDiskBandwidth: + type: integer + description: 'Maximum disk read I/O when performing + a backup. In bytes (per second). + + ' + uploadDiskConcurrency: + type: integer + minimum: 1 + description: 'Backup storage may use several concurrent + streams to store the data. This parameter configures + the number of parallel streams to use to reading + from disk. By default, it''s set to 1. + + ' + uploadConcurrency: + type: integer + minimum: 1 + description: 'Backup storage may use several concurrent + streams to store the data. This parameter configures + the number of parallel streams to use. By default, + it''s set to 16. + + ' + downloadConcurrency: + type: integer + minimum: 1 + description: 'Backup storage may use several concurrent + streams to read the data. This parameter configures + the number of parallel streams to use. By default, + it''s set to the minimum between the number of file + to read and 10. + + ' + retention: + type: integer + minimum: 1 + description: 'When an automatic retention policy is defined + to delete old base backups, this parameter specifies + the number of base backups to keep, in a sliding window. + + + Consequently, the time range covered by backups is `periodicity*retention`, + where `periodicity` is the separation between backups + as specified by the `cronSchedule` property. + + + Default is 5. + + ' + default: 5 + sgObjectStorage: + type: string + description: 'Name of the [SGObjectStorage](https://stackgres.io/doc/latest/reference/crd/sgobjectstorage) + to use for the cluster. + + + It defines the location in which the the backups will + be stored. + + ' + path: + type: string + description: 'The path were the backup is stored. If not + set this field is filled up by the operator. + + + When provided will indicate were the backups and WAL + files will be stored. + + ' + required: + - sgObjectStorage + patroni: + type: object + description: Allow to specify Patroni configuration that will + extend the generated one + properties: + initialConfig: + type: object + description: 'Allow to specify Patroni configuration that + will overwrite the generated one + + + **This field can only be set on creation.** + + ' + x-kubernetes-preserve-unknown-fields: true + credentials: + type: object + description: 'Allow to specify custom credentials for Postgres + users and Patroni REST API + + ' + properties: + patroni: + type: object + description: 'Kubernetes [SecretKeySelectors](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials for patroni REST API. + + + **Changing this field may require a restart.** + + ' + properties: + restApiPassword: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password for the patroni REST API. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select from. + Must be a valid secret key. + required: + - name + - key + users: + type: object + description: "Kubernetes [SecretKeySelectors](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core)\ + \ that contains the credentials of the users.\n\n**Changing\ + \ this field may require a manual modification of the\ + \ database users to reflect the new values specified.**\n\ + \nIn particular you may have to create those users if\ + \ username is changed or alter password if it is changed.\ + \ Here are the SQL commands to perform such operation\ + \ (replace\n default usernames with the new ones and\ + \ `***` with their respective passwords):\n\n* Superuser\ + \ username changed:\n```\nCREATE ROLE postgres;\n```\n\ + * Superuser password changed:\n```\nALTER ROLE postgres\ + \ WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION\ + \ BYPASSRLS PASSWORD '***';\n```\n* Replication username\ + \ changed:\n```\nCREATE ROLE replicator;\n```\n* Replication\ + \ password changed:\n```\nALTER ROLE replicator WITH NOSUPERUSER\ + \ INHERIT NOCREATEROLE NOCREATEDB LOGIN REPLICATION NOBYPASSRLS\ + \ PASSWORD '***';\n```\n* Authenticator username changed:\n\ + ```\nCREATE ROLE authenticator;\n```\n* Authenticator\ + \ password changed:\n```\nALTER ROLE authenticator WITH\ + \ SUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION\ + \ NOBYPASSRLS PASSWORD '***';\n```\n\n**Changing this\ + \ field may require a restart.**\n" + properties: + superuser: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials of the superuser (usually + the postgres user). + + ' + properties: + username: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + password: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + replication: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials of the replication user + used to replicate from the primary cluster and from + replicas of this cluster. + + ' + properties: + username: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + password: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + authenticator: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials of the authenticator + user used by pgbouncer to authenticate other users. + + ' + properties: + username: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + password: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + binding: + type: object + description: "This section allows to specify the properties\ + \ of [Service Binding spec for provisioned service](https://servicebinding.io/spec/core/1.0.0/#provisioned-service).\n\ + \ If not specified, then some default will be used.\n\nFor\ + \ more information see https://servicebinding.io/spec/core/1.0.0/\n" + properties: + provider: + type: string + description: It's the reference of custom provider name. + If not specified, then the default value will be `stackgres` + database: + type: string + description: Allow to specify the database name. If not + specified, then the default value is `postgres` + username: + type: string + description: Allow to specify the username. If not specified, + then the superuser username will be used. + password: + type: object + description: Allow to reference Secret that contains the + user's password. If not specified, then the superuser + password will be used. + properties: + name: + type: string + description: The name of the Secret + key: + type: string + description: The key of the Secret + managedSql: + type: object + description: 'This section allows to reference SQL scripts that + will be applied to the cluster live. + + ' + properties: + continueOnSGScriptError: + type: boolean + description: If true, when any entry of any `SGScript` fail + will not prevent subsequent `SGScript` from being executed. + By default is `false`. + default: false + scripts: + type: array + description: 'A list of script references that will be executed + in sequence. + + ' + items: + type: object + description: "A script reference. Each version of each entry\ + \ of the script referenced will be executed exactly once\ + \ following the sequence defined\n in the referenced script\ + \ and skipping any script entry that have already been executed.\n" + properties: + id: + type: integer + description: 'The id is immutable and must be unique across + all the `SGScript` entries. It is replaced by the operator + and is used to identify the `SGScript` entry. + + ' + sgScript: + type: string + description: A reference to an `SGScript` + initialData: + type: object + description: 'Cluster initialization data options. Cluster may be + initialized empty, or from a backup restoration. + + + **This field can only be set on creation.** + + ' + properties: + restore: + type: object + description: 'This section allows to restore a cluster from + an existing copy of the metadata and data. + + ' + properties: + fromBackup: + type: object + description: "From which backup to restore and how the process\ + \ is configured\n\n**Example:**\n\n```yaml\napiVersion:\ + \ stackgres.io/v1\nkind: SGCluster\nmetadata:\n name:\ + \ stackgres\nspec:\n initialData:\n restore:\n \ + \ fromBackup:\n name: stackgres-backup\n \ + \ downloadDiskConcurrency: 1\n```\n" + properties: + uid: + type: string + description: "When set to the UID of an existing [SGBackup](https://stackgres.io/doc/latest/reference/crd/sgbackup),\ + \ the cluster is initialized by restoring the\n backup\ + \ data to it. If not set, the cluster is initialized\ + \ empty. This field is deprecated.\n" + name: + type: string + description: "When set to the name of an existing [SGBackup](https://stackgres.io/doc/latest/reference/crd/sgbackup),\ + \ the cluster is initialized by restoring the\n backup\ + \ data to it. If not set, the cluster is initialized\ + \ empty. The selected backup must be in the same namespace.\n" + target: + type: string + description: "Specify the [recovery_target](https://postgresqlco.nf/doc/en/param/recovery_target/)\ + \ that specifies that recovery should end as soon\ + \ as a consistent\n state is reached, i.e., as early\ + \ as possible. When restoring from an online backup,\ + \ this means the point where taking the backup ended.\n\ + \n Technically, this is a string parameter, but 'immediate'\ + \ is currently the only allowed value.\n" + targetTimeline: + type: string + description: "Specify the [recovery_target_timeline](https://postgresqlco.nf/doc/en/param/recovery_target_timeline/)\ + \ to recover into a particular timeline.\n The default\ + \ is to recover along the same timeline that was current\ + \ when the base backup was taken. Setting this to\ + \ latest recovers to the latest\n timeline found\ + \ in the archive, which is useful in a standby server.\ + \ Other than that you only need to set this parameter\ + \ in complex re-recovery\n situations, where you\ + \ need to return to a state that itself was reached\ + \ after a point-in-time recovery.\n" + targetInclusive: + type: boolean + description: "Specify the [recovery_target_inclusive](https://postgresqlco.nf/doc/en/param/recovery_target_timeline/)\ + \ to stop recovery just after the specified\n recovery\ + \ target (true), or just before the recovery target\ + \ (false). Applies when targetLsn, pointInTimeRecovery,\ + \ or targetXid is specified. This\n setting controls\ + \ whether transactions having exactly the target WAL\ + \ location (LSN), commit time, or transaction ID,\ + \ respectively, will be included\n in the recovery.\ + \ Default is true.\n" + targetName: + type: string + description: "[recovery_target_name](https://postgresqlco.nf/doc/en/param/recovery_target_name/)\ + \ specifies the named restore point\n (created with\ + \ pg_create_restore_point()) to which recovery will\ + \ proceed.\n" + targetXid: + type: string + description: "[recovery_target_xid](https://postgresqlco.nf/doc/en/param/recovery_target_xid/)\ + \ specifies the transaction ID up to which recovery\ + \ will proceed.\n Keep in mind that while transaction\ + \ IDs are assigned sequentially at transaction start,\ + \ transactions can complete in a different numeric\ + \ order.\n The transactions that will be recovered\ + \ are those that committed before (and optionally\ + \ including) the specified one. The precise stopping\ + \ point\n is also influenced by targetInclusive.\n" + targetLsn: + type: string + description: "[recovery_target_lsn](https://postgresqlco.nf/doc/en/param/recovery_target_lsn/)\ + \ specifies the LSN of the write-ahead log location\ + \ up to which\n recovery will proceed. The precise\ + \ stopping point is also influenced by targetInclusive.\ + \ This parameter is parsed using the system data type\n\ + \ pg_lsn.\n" + pointInTimeRecovery: + type: object + description: "Using Point-in-Time Recovery (PITR) it\ + \ is possible to restore the database to its state\ + \ at any moment in the past by setting `restoreToTimestamp`\n\ + \ to a value between the timestamps at which your\ + \ chosen SGBackup and the subsequent one were taken.\ + \ If the chosen SGBackup is the latest one, the\n\ + \ `restoreToTimestamp` value can be between the timestamps\ + \ at which that last SGBackup was taken and the current\ + \ one.\n\nSee also: https://www.postgresql.org/docs/current/continuous-archiving.html\n" + properties: + restoreToTimestamp: + type: string + description: 'An ISO 8601 date, that holds UTC date + indicating at which point-in-time the database + have to be restored. + + ' + downloadDiskConcurrency: + type: integer + minimum: 1 + description: 'The backup fetch process may fetch several + streams in parallel. Parallel fetching is enabled when + set to a value larger than one. + + + If not specified it will be interpreted as latest. + + ' + scripts: + type: array + description: '**Deprecated** use instead .spec.managedSql with + SGScript. + + + A list of SQL scripts executed in sequence, exactly once, + when the database is bootstrap and/or after restore is completed. + + ' + items: + type: object + description: '**Deprecated** use instead .spec.managedSql + with SGScript. + + + Scripts are executed in auto-commit mode with the user `postgres` + in the specified database (or in database `postgres` if + not specified). + + + Fields `script` and `scriptFrom` are mutually exclusive + and only one of them is required. + + ' + properties: + name: + type: string + description: 'Name of the script. Must be unique across + this SGCluster. + + ' + database: + type: string + description: 'Database where the script is executed. Defaults + to the `postgres` database, if not specified. + + ' + script: + type: string + description: 'Raw SQL script to execute. This field is + mutually exclusive with `scriptFrom` field. + + ' + scriptFrom: + type: object + description: 'Reference to either a Kubernetes [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) + or a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) + that contains the SQL script to execute. This field + is mutually exclusive with `script` field. + + + Fields `secretKeyRef` and `configMapKeyRef` are mutually + exclusive, and one of them is required. + + ' + properties: + secretKeyRef: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the SQL script to execute. This field + is mutually exclusive with `configMapKeyRef` field. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select from. + Must be a valid secret key. + configMapKeyRef: + type: object + description: 'A [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) + reference that contains the SQL script to execute. + This field is mutually exclusive with `secretKeyRef` + field. + + ' + properties: + name: + type: string + description: 'The name of the ConfigMap that contains + the SQL script to execute. + + ' + key: + type: string + description: 'The key name within the ConfigMap + that contains the SQL script to execute. + + ' + replicateFrom: + type: object + description: "Make the cluster a read-only standby replica allowing\ + \ to replicate from another PostgreSQL instance and acting as\ + \ a rely.\n\nChanging this section is allowed to fix issues or\ + \ to change the replication source.\n\nRemoving this section convert\ + \ the cluster in a normal cluster where the standby leader is\ + \ converted into the a primary instance.\n\n**Example:**\n\nFrom\ + \ SGCluster instance:\n\n```yaml\napiVersion: stackgres.io/v1\n\ + kind: SGCluster\nmetadata:\n name: stackgres\nspec:\n replicateFrom:\n\ + \ instance:\n sgCluster: my-cluster\n```\n> **Note:**\ + \ The above example allow to replicate from another SGCluster\ + \ instance that in the same namespace and the same K8s cluster.\n\ + > \n> This option cannot be combined with external instance, storage\ + \ and users.\n\nFrom external instance:\n\n```yaml\napiVersion:\ + \ stackgres.io/v1\nkind: SGCluster\nmetadata:\n name: stackgres\n\ + spec:\n replicateFrom:\n instance:\n external:\n \ + \ host: ${HOST_IP}\n port: 5433\n users:\n superuser:\n\ + \ username:\n name: pg-origin-secret\n \ + \ key: superuser-username\n password:\n name:\ + \ pg-origin-secret\n key: superuser-password\n replication:\n\ + \ username:\n name: pg-origin-secret\n \ + \ key: replication-username\n password:\n name:\ + \ pg-origin-secret\n key: replication-password\n \ + \ authenticator:\n username:\n name: pg-origin-secret\n\ + \ key: authenticator-username\n password:\n \ + \ name: pg-origin-secret\n key: authenticator-password\n\ + ```\n\n> **Note:** Replace the ${HOST_IP} with the actual IP of\ + \ the external instance.\n\nFrom Storage:\n\n```yaml\napiVersion:\ + \ stackgres.io/v1\nkind: SGCluster\nmetadata:\n name: stackgres\n\ + spec:\n initialData:\n restore:\n fromBackup:\n \ + \ name: backup-name\n replicateFrom:\n storage:\n path:\ + \ ${PG_ORIGIN_BACKUP_PATH}\n sgObjectStorage: stackgres-backups\n\ + \ users:\n superuser:\n username:\n name:\ + \ pg-origin-secret\n key: superuser-username\n \ + \ password:\n name: pg-origin-secret\n key:\ + \ superuser-password\n replication:\n username:\n\ + \ name: pg-origin-secret\n key: replication-username\n\ + \ password:\n name: pg-origin-secret\n \ + \ key: replication-password\n authenticator:\n username:\n\ + \ name: pg-origin-secret\n key: authenticator-username\n\ + \ password:\n name: pg-origin-secret\n \ + \ key: authenticator-password\n```\n\n> **Note:** Using storage\ + \ only to replicate from requires to recover from a backup in\ + \ order to bootstrap the database.\n> \n> Replace the ${PG_ORIGIN_BACKUP_PATH}\ + \ with the actual path in the object storage where the backups\ + \ are stored.\n\nFrom external instance and storage:\n\n```yaml\n\ + apiVersion: stackgres.io/v1\nkind: SGCluster\nmetadata:\n name:\ + \ stackgres\nspec:\n replicateFrom:\n instance:\n external:\n\ + \ host: ${HOST_IP}\n port: 5433\n storage:\n\ + \ path: ${PG_ORIGIN_BACKUP_PATH}\n sgObjectStorage:\ + \ stackgres-backups\n users:\n superuser:\n username:\n\ + \ name: pg-origin-secret\n key: superuser-username\n\ + \ password:\n name: pg-origin-secret\n \ + \ key: superuser-password\n replication:\n username:\n\ + \ name: pg-origin-secret\n key: replication-username\n\ + \ password:\n name: pg-origin-secret\n \ + \ key: replication-password\n authenticator:\n username:\n\ + \ name: pg-origin-secret\n key: authenticator-username\n\ + \ password:\n name: pg-origin-secret\n \ + \ key: authenticator-password\n```\n\n> **Note**: Replace the\ + \ ${HOST_IP} with the actual IP of the external instance.\n> \n\ + > Replace the ${PG_ORIGIN_BACKUP_PATH} with the actual path in\ + \ the object storage where the backups are stored.\n" + properties: + instance: + type: object + description: 'Configure replication from a PostgreSQL instance. + + ' + properties: + sgCluster: + type: string + description: 'Configure replication from an SGCluster. + + ' + external: + type: object + description: 'Configure replication from an external PostgreSQL + instance. + + ' + properties: + host: + type: string + description: The host of the PostgreSQL to replicate + from. + port: + type: integer + description: The port of the PostgreSQL to replicate + from. + required: + - host + - port + storage: + type: object + description: "Configure replication from an SGObjectStorage\ + \ using WAL shipping.\n\nThe file structure of the object\ + \ storage must follow the\n [WAL-G](https://github.com/wal-g/wal-g)\ + \ file structure.\n" + properties: + performance: + type: object + description: 'Configuration that affects the backup network + and disk usage performance. + + ' + properties: + maxNetworkBandwidth: + type: integer + description: 'Maximum storage upload bandwidth used + when storing a backup. In bytes (per second). + + ' + maxDiskBandwidth: + type: integer + description: 'Maximum disk read I/O when performing + a backup. In bytes (per second). + + ' + downloadConcurrency: + type: integer + minimum: 1 + description: 'Backup storage may use several concurrent + streams to read the data. This parameter configures + the number of parallel streams to use. By default, + it''s set to the minimum between the number of file + to read and 10. + + ' + sgObjectStorage: + type: string + description: The SGObjectStorage name to replicate from. + path: + type: string + description: The path in the SGObjectStorage to replicate + from. + required: + - sgObjectStorage + - path + users: + type: object + description: 'Kubernetes [SecretKeySelectors](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials of the users. + + ' + properties: + superuser: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials of the superuser (usually + the postgres user). + + ' + properties: + username: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select from. + Must be a valid secret key. + required: + - name + - key + password: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select from. + Must be a valid secret key. + required: + - name + - key + required: + - username + - password + replication: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials of the replication user + used to replicate from the primary cluster and from replicas + of this cluster. + + ' + properties: + username: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select from. + Must be a valid secret key. + required: + - name + - key + password: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select from. + Must be a valid secret key. + required: + - name + - key + required: + - username + - password + authenticator: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials of the authenticator user + used by pgbouncer to authenticate other users. + + ' + properties: + username: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select from. + Must be a valid secret key. + required: + - name + - key + password: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select from. + Must be a valid secret key. + required: + - name + - key + required: + - username + - password + required: + - superuser + - replication + - authenticator + prometheusAutobind: + type: boolean + description: 'If enabled, a ServiceMonitor is created for each Prometheus + instance found in order to collect metrics. + + ' + default: false + nonProductionOptions: + type: object + properties: + disableClusterPodAntiAffinity: + type: boolean + description: 'It is a best practice, on non-containerized environments, + when running production workloads, to run each database server + on a different server (virtual or physical), i.e., not to + co-locate more than one database server per host. + + + The same best practice applies to databases on containers. + By default, StackGres will not allow to run more than one + StackGres pod on a given Kubernetes node. Set this property + to true to allow more than one StackGres pod per node. + + + This property default value may be changed depending on the + value of field `.spec.profile`. + + + **Changing this field may require a restart.** + + ' + disablePatroniResourceRequirements: + type: boolean + description: 'It is a best practice, on containerized environments, + when running production workloads, to enforce container''s + resources requirements. + + + The same best practice applies to databases on containers. + By default, StackGres will configure resource requirements + for patroni container. Set this property to true to prevent + StackGres from setting patroni container''s resources requirement. + + + This property default value may be changed depending on the + value of field `.spec.profile`. + + + **Changing this field may require a restart.** + + ' + disableClusterResourceRequirements: + type: boolean + description: 'It is a best practice, on containerized environments, + when running production workloads, to enforce container''s + resources requirements. + + + By default, StackGres will configure resource requirements + for all the containers. Set this property to true to prevent + StackGres from setting container''s resources requirements + (except for patroni container, see `disablePatroniResourceRequirements`). + + + This property default value may be changed depending on the + value of field `.spec.profile`. + + + **Changing this field may require a restart.** + + ' + enableSetPatroniCpuRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ cpu requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less cpu than\ + \ it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs\ + \ on the node.\n\nBy default, StackGres will configure cpu\ + \ requirements to have the same limit and request for the\ + \ patroni container. Set this property to true to prevent\ + \ StackGres from setting patroni container's cpu requirements\ + \ request equals to the limit\n when `.spec.requests.cpu`\ + \ is configured in the referenced `SGInstanceProfile`.\n\n\ + **Changing this field may require a restart.**\n" + default: false + enableSetClusterCpuRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ cpu requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less cpu than\ + \ it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs\ + \ on the node.\n\nBy default, StackGres will configure cpu\ + \ requirements to have the same limit and request for all\ + \ the containers. Set this property to true to prevent StackGres\ + \ from setting container's cpu requirements request equals\ + \ to the limit (except for patroni container, see `enablePatroniCpuRequests`)\n\ + \ when `.spec.requests.containers..cpu` `.spec.requests.initContainers..cpu` is configured in the referenced `SGInstanceProfile`.\n\ + \n**Changing this field may require a restart.**\n" + default: false + enableSetPatroniMemoryRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ memory requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less memory\ + \ than it requires.\n\nBy default, StackGres will configure\ + \ memory requirements to have the same limit and request for\ + \ the patroni container. Set this property to true to prevent\ + \ StackGres from setting patroni container's memory requirements\ + \ request equals to the limit\n when `.spec.requests.memory`\ + \ is configured in the referenced `SGInstanceProfile`.\n\n\ + **Changing this field may require a restart.**\n" + default: false + enableSetClusterMemoryRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ memory requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less memory\ + \ than it requires.\n\nBy default, StackGres will configure\ + \ memory requirements to have the same limit and request for\ + \ all the containers. Set this property to true to prevent\ + \ StackGres from setting container's memory requirements request\ + \ equals to the limit (except for patroni container, see `enablePatroniCpuRequests`)\n\ + \ when `.spec.requests.containers..memory`\ + \ `.spec.requests.initContainers..memory`\ + \ is configured in the referenced `SGInstanceProfile`.\n\n\ + **Changing this field may require a restart.**\n" + default: false + enabledFeatureGates: + type: array + description: 'A list of StackGres feature gates to enable (not + suitable for a production environment). + + + Available feature gates are: + + * `babelfish-flavor`: Allow to use `babelfish` flavor. + + ' + items: + type: string + description: The name of the fature gate to enable. + distributedLogs: + type: object + description: "StackGres features a functionality for all pods to\ + \ send Postgres, Patroni and PgBouncer logs to a central (distributed)\ + \ location, which is in turn another Postgres database. Logs can\ + \ then be accessed via SQL interface or from the web UI. This\ + \ section controls whether to enable this feature or not. If not\ + \ enabled, logs are send to the pod's standard output.\n\n**Example:**\n\ + \n```yaml\napiVersion: stackgres.io/v1\nkind: SGCluster\nmetadata:\n\ + \ name: stackgres\nspec:\n distributedLogs:\n sgDistributedLogs:\ + \ distributedlogs\n```\n" + properties: + sgDistributedLogs: + type: string + description: 'Name of the [SGDistributedLogs](https://stackgres.io/doc/latest/reference/crd/sgdistributedlogs/) + to use for this cluster. It must exist. + + ' + retention: + type: string + pattern: ^[0-9]+ (minutes?|hours?|days?|months?) + description: "Define a retention window with the syntax `\ + \ (minutes|hours|days|months)` in which log entries are kept.\n\ + \ Log entries will be removed when they get older more than\ + \ the double of the specified retention window.\n\nWhen this\ + \ field is changed the retention will be applied only to log\ + \ entries that are newer than the end of\n the retention\ + \ window previously specified. If no retention window was\ + \ previously specified it is considered\n to be of 7 days.\ + \ This means that if previous retention window is of `7 days`\ + \ new retention configuration will\n apply after UTC timestamp\ + \ calculated with: `SELECT date_trunc('days', now() at time\ + \ zone 'UTC') - INTERVAL '7 days'`.\n" + toInstallPostgresExtensions: + type: array + description: 'The list of Postgres extensions to install. + + + **This section is filled by the operator.** + + ' + items: + type: object + properties: + name: + type: string + description: The name of the extension to install. + publisher: + type: string + description: The id of the publisher of the extension to install. + version: + type: string + description: The version of the extension to install. + repository: + type: string + description: The repository base URL from where the extension + will be installed from. + postgresVersion: + type: string + description: The postgres major version of the extension to + install. + build: + type: string + description: The build version of the extension to install. + extraMounts: + type: array + description: The extra mounts of the extension to install. + items: + type: string + description: The extra mount of the installed extension. + required: + - name + - publisher + - version + - repository + - postgresVersion + required: + - instances + - postgres + - pods + status: + type: object + description: Current status of a StackGres cluster. + properties: + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + description: Last time the condition transitioned from one + status to another. + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + type: string + type: + description: Type of deployment condition. + type: string + podStatuses: + type: array + description: The list of pod statuses. + items: + type: object + properties: + name: + type: string + description: The name of the pod. + replicationGroup: + type: integer + description: Indicates the replication group this Pod belongs + to. + primary: + type: boolean + description: Indicates if the pod is the elected primary + pendingRestart: + type: boolean + description: Indicates if the pod requires restart + installedPostgresExtensions: + type: array + description: The list of Postgres extensions currently installed. + items: + type: object + properties: + name: + type: string + description: The name of the installed extension. + publisher: + type: string + description: The id of the publisher of the installed + extension. + version: + type: string + description: The version of the installed extension. + repository: + type: string + description: The repository base URL from where the + extension was installed from. + postgresVersion: + type: string + description: The postgres major version of the installed + extension. + build: + type: string + description: The build version of the installed extension. + extraMounts: + type: array + description: The extra mounts of the installed extension. + items: + type: string + description: The extra mount of the installed extension. + required: + - name + - publisher + - version + - repository + - postgresVersion + required: + - name + dbOps: + type: object + description: 'Used by some [SGDbOps](https://stackgres.io/doc/latest/reference/crd/sgdbops) + to indicate the operation configuration and status to the operator. + + ' + properties: + majorVersionUpgrade: + type: object + description: 'The major version upgrade configuration and status + + ' + properties: + initialInstances: + type: array + description: 'The instances that this operation is targetting + + ' + items: + type: string + primaryInstance: + type: string + description: 'The primary instance that this operation is + targetting + + ' + sourcePostgresVersion: + type: string + description: 'The source PostgreSQL version + + ' + sourcePostgresExtensions: + type: array + description: 'The source PostgreSQL extensions + + ' + items: + type: object + properties: + name: + type: string + description: The name of the extension to deploy. + publisher: + type: string + description: The id of the publisher of the extension + to deploy. If not specified `com.ongres` will be + used by default. + default: com.ongres + version: + type: string + description: The version of the extension to deploy. + If not specified version of `stable` channel will + be used by default and if only a version is available + that one will be used. + repository: + type: string + description: 'The repository base URL from where to + obtain the extension to deploy. + + ' + sourceSgPostgresConfig: + type: string + description: 'The source SGPostgresConfig reference + + ' + sourceBackupPath: + type: string + description: 'The source backup path + + ' + targetPostgresVersion: + type: string + description: 'The target PostgreSQL version + + ' + locale: + type: string + description: 'The PostgreSQL locale + + ' + encoding: + type: string + description: 'The PostgreSQL encoding + + ' + dataChecksum: + type: boolean + description: 'Indicates if PostgreSQL data checksum is enabled + + ' + link: + type: boolean + description: 'Use `--link` option when running `pg_upgrade` + + ' + clone: + type: boolean + description: 'Use `--clone` option when running `pg_upgrade` + + ' + check: + type: boolean + description: 'Run `pg_upgrade` with check option instead + of performing the real upgrade + + ' + rollback: + type: boolean + description: 'Indicates to rollback from a previous major + version upgrade + + ' + restart: + type: object + description: 'The minor version upgrade configuration and status + + ' + properties: + initialInstances: + type: array + description: 'The instances that this operation is targetting + + ' + items: + type: string + primaryInstance: + type: string + description: 'The primary instance that this operation is + targetting + + ' + minorVersionUpgrade: + type: object + description: 'The minor version upgrade configuration and status + + ' + properties: + initialInstances: + type: array + description: 'The instances that this operation is targetting + + ' + items: + type: string + primaryInstance: + type: string + description: 'The primary instance that this operation is + targetting + + ' + sourcePostgresVersion: + type: string + description: 'Postgres version that is currently running + on the cluster + + ' + targetPostgresVersion: + type: string + description: 'The desired Postgres version for the cluster + + ' + securityUpgrade: + type: object + description: 'The minor version upgrade configuration and status + + ' + properties: + initialInstances: + type: array + description: 'The instances that this operation is targetting + + ' + items: + type: string + primaryInstance: + type: string + description: 'The primary instance that this operation is + targetting + + ' + arch: + type: string + description: The architecture on which the cluster has been initialized. + os: + type: string + description: The operative system on which the cluster has been + initialized. + labelPrefix: + type: string + description: The custom prefix that is prepended to all labels. + managedSql: + type: object + description: 'This section stores the state of referenced SQL scripts + that are applied to the cluster live. + + ' + properties: + scripts: + type: array + description: A list of statuses for script references. + items: + type: object + description: The status of a script reference. + properties: + id: + type: integer + description: Identify the associated `SGScript` entry + with the same value in the `id` field. + startedAt: + type: string + description: ISO-8601 datetime of when the script execution + has been started. + updatedAt: + type: string + description: ISO-8601 datetime of when the last script + execution occurred. Will be reset each time the referenced + `SGScripts` entry will be applied. + failedAt: + type: string + description: ISO-8601 datetime of when the script execution + had failed (mutually exclusive with `completedAt`). + completedAt: + type: string + description: ISO-8601 datetime of when the script execution + had completed (mutually exclusive with `failedAt`). + scripts: + type: array + description: A list of statuses for script entries of + referenced script. + items: + type: object + description: The status of a script entry of a referenced + script. + properties: + id: + type: integer + description: Identify the associated script entry + with the same value in the `id` field. + version: + type: integer + description: The latest version applied + intents: + type: integer + description: Indicates the number of intents or + failures occurred + failureCode: + type: string + description: If failed, the error code of the failure. + See also https://www.postgresql.org/docs/current/errcodes-appendix.html + failure: + type: string + description: If failed, a message of the failure + binding: + type: object + description: 'This section follow the schema specified in [Service + Binding spec for provisioned service](https://servicebinding.io/spec/core/1.0.0/#provisioned-service). + + + For more information see https://servicebinding.io/spec/core/1.0.0/ + + ' + properties: + name: + type: string + description: The name of the Secret as specified in [Service + Binding spec for provisioned service](https://servicebinding.io/spec/core/1.0.0/#provisioned-service). + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgcluster + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgconfigs.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgconfigs.yaml new file mode 100644 index 00000000000..373571a367a --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgconfigs.yaml @@ -0,0 +1,975 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgconfigs.stackgres.io +spec: + group: stackgres.io + names: + kind: SGConfig + listKind: SGConfigList + plural: sgconfigs + singular: sgconfig + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .metadata.annotations.stackgres\.io/lockPod + name: operator-pod + type: string + - jsonPath: .status.version + name: operator-version + type: string + schema: + openAPIV3Schema: + type: object + description: 'SGConfig stores the configuration of the StackGres Operator + + + > **WARNING**: Creating more than one SGConfig is forbidden in order to + avoid misbehaviours. The single SGConfig should be created automatically + during installation. + + ' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of SGConfig + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + containerRegistry: + type: string + default: quay.io + description: The container registry host (and port) where the images + will be pulled from. + imagePullPolicy: + type: string + default: IfNotPresent + description: Image pull policy used for images loaded by the Operator + serviceAccount: + type: object + description: Section to configure Operator Installation ServiceAccount + properties: + create: + type: boolean + default: true + description: If `true` the Operator Installation ServiceAccount + will be created + annotations: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Section to configure Installation ServiceAccount + annotations + repoCredentials: + type: array + description: Repositories credentials Secret names + items: + type: string + description: Repository credentials Secret name + operator: + type: object + description: Section to configure Operator Pod + properties: + image: + type: object + description: Section to configure Operator image + properties: + name: + type: string + default: stackgres/operator + description: Operator image name + tag: + type: string + description: Operator image tag + pullPolicy: + type: string + default: IfNotPresent + description: Operator image pull policy + annotations: + type: object + description: Operator Pod annotations + x-kubernetes-preserve-unknown-fields: true + resources: + type: object + description: Operator Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core + x-kubernetes-preserve-unknown-fields: true + nodeSelector: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Operator Pod node selector + tolerations: + type: array + description: Operator Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + affinity: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Operator Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core + serviceAccount: + type: object + description: Section to configure Operator ServiceAccount + properties: + annotations: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Section to configure Operator ServiceAccount + annotations + repoCredentials: + type: array + description: Repositories credentials Secret names + items: + type: string + description: Repository credentials Secret name + service: + type: object + description: Section to configure Operator Service + properties: + annotations: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Section to configure Operator Service annotations + restapi: + type: object + description: Section to configure REST API Pod + properties: + name: + type: string + default: stackgres-restapi + description: REST API container name + image: + type: object + description: Section to configure REST API image + properties: + name: + type: string + default: stackgres/restapi + description: REST API image name + tag: + type: string + description: REST API image tag + pullPolicy: + type: string + default: IfNotPresent + description: REST API image pull policy + annotations: + type: object + x-kubernetes-preserve-unknown-fields: true + description: REST API Pod annotations + resources: + type: object + x-kubernetes-preserve-unknown-fields: true + description: REST API Pod resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core + nodeSelector: + type: object + x-kubernetes-preserve-unknown-fields: true + description: REST API Pod node selector + tolerations: + type: array + description: REST API Pod tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + affinity: + type: object + x-kubernetes-preserve-unknown-fields: true + description: REST API Pod affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core + serviceAccount: + type: object + description: Section to configure REST API ServiceAccount + properties: + annotations: + type: object + x-kubernetes-preserve-unknown-fields: true + description: REST API ServiceAccount annotations + repoCredentials: + type: array + description: Repositories credentials Secret names + items: + type: string + description: Repository credentials Secret name + service: + type: object + description: Section to configure REST API Service + properties: + annotations: + type: object + x-kubernetes-preserve-unknown-fields: true + description: REST API Service annotations + adminui: + type: object + description: Section to configure Web Console container + properties: + image: + type: object + description: Section to configure Web Console image + properties: + name: + type: string + default: stackgres/admin-ui + description: Web Console image name + tag: + type: string + description: Web Console image tag + pullPolicy: + type: string + default: IfNotPresent + description: Web Console image pull policy + resources: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Web Console resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core + service: + type: object + description: Section to configure Web Console service. + properties: + exposeHTTP: + type: boolean + default: false + description: When set to `true` the HTTP port will be exposed + in the Web Console Service + type: + type: string + default: ClusterIP + description: "The type used for the service of the UI:\n\ + * Set to LoadBalancer to create a load balancer (if supported\ + \ by the kubernetes cluster)\n to allow connect from\ + \ Internet to the UI. Note that enabling this feature\ + \ will probably incurr in\n some fee that depend on the\ + \ host of the kubernetes cluster (for example this is\ + \ true for EKS, GKE\n and AKS).\n* Set to NodePort to\ + \ expose admin UI from kubernetes nodes.\n" + loadBalancerIP: + type: string + description: 'LoadBalancer will get created with the IP + specified in + + this field. This feature depends on whether the underlying + cloud-provider supports specifying + + the loadBalancerIP when a load balancer is created. This + field will be ignored if the + + cloud-provider does not support the feature. + + ' + loadBalancerSourceRanges: + type: array + description: 'If specified and supported by the platform, + + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the + + specified client IPs. This field will be ignored if the + cloud-provider does not support the + + feature. + + More info: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ + + ' + items: + type: string + nodePort: + type: integer + description: The HTTPS port used to expose the Service on + Kubernetes nodes + nodePortHTTP: + type: integer + description: The HTTP port used to expose the Service on + Kubernetes nodes + jobs: + type: object + description: Section to configure Operator Installation Jobs + properties: + image: + type: object + description: Section to configure Operator Installation Jobs + image + properties: + name: + type: string + default: stackgres/jobs + description: Operator Installation Jobs image name + tag: + type: string + description: Operator Installation Jobs image tag + pullPolicy: + type: string + default: IfNotPresent + description: Operator Installation Jobs image pull policy + annotations: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Operator Installation Jobs annotations + resources: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Operator Installation Jobs resources. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#resourcerequirements-v1-core + nodeSelector: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Operator Installation Jobs node selector + tolerations: + type: array + description: Operator Installation Jobs tolerations. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + affinity: + type: object + x-kubernetes-preserve-unknown-fields: true + description: Operator Installation Jobs affinity. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core + deploy: + type: object + description: Section to configure deployment aspects. + properties: + operator: + type: boolean + default: true + description: When set to `true` the Operator will be deployed. + restapi: + type: boolean + default: true + description: When set to `true` the Web Console / REST API will + be deployed. + cert: + type: object + description: Section to configure the Operator, REST API and Web + Console certificates and JWT RSA key-pair. + properties: + autoapprove: + type: boolean + default: true + description: "If set to `true` the CertificateSigningRequest\ + \ used to generate the certificate used by\n Webhooks will\ + \ be approved by the Operator Installation Job.\n" + createForOperator: + type: boolean + default: true + description: When set to `true` the Operator certificate will + be created. + createForWebApi: + type: boolean + default: true + description: When set to `true` the Web Console / REST API certificate + will be created. + secretName: + type: string + description: "The Secret name with the Operator Webhooks certificate\ + \ issued by the Kubernetes cluster CA\n of type kubernetes.io/tls.\ + \ See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets\n" + regenerateCert: + type: boolean + description: 'When set to `true` the Operator certificates will + be regenerated if `createForOperator` is set to `true`, and + the certificate is expired or invalid. + + ' + default: true + certDuration: + type: integer + description: 'The duration in days of the generated certificate + for the Operator after which it will expire and be regenerated. + + If not specified it will be set to 730 (2 years) by default. + + ' + webSecretName: + type: string + description: "The Secret name with the Web Console / REST API\ + \ certificate\n of type kubernetes.io/tls. See https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets\n" + regenerateWebCert: + type: boolean + description: 'When set to `true` the Web Console / REST API + certificates will be regenerated if `createForWebApi` is set + to `true`, and the certificate is expired or invalid. + + ' + default: true + regenerateWebRsa: + type: boolean + description: 'When set to `true` the Web Console / REST API + RSA key pair will be regenerated if `createForWebApi` is set + to `true`, and the certificate is expired or invalid. + + ' + default: true + webCertDuration: + type: integer + description: 'The duration in days of the generated certificate + for the Web Console / REST API after which it will expire + and be regenerated. + + If not specified it will be set to 730 (2 years) by default. + + ' + webRsaDuration: + type: integer + description: 'The duration in days of the generated RSA key + pair for the Web Console / REST API after which it will expire + and be regenerated. + + If not specified it will be set to 730 (2 years) by default. + + ' + key: + type: string + description: "The private RSA key used to create the Operator\ + \ Webhooks certificate issued by the\n Kubernetes cluster\ + \ CA.\n" + crt: + type: string + description: The Operator Webhooks certificate issued by Kubernetes + cluster CA. + jwtRsaKey: + type: string + description: The private RSA key used to generate JWTs used + in REST API authentication. + jwtRsaPub: + type: string + description: The public RSA key used to verify JWTs used in + REST API authentication. + webKey: + type: string + description: The private RSA key used to create the Web Console + / REST API certificate + webCrt: + type: string + description: The Web Console / REST API certificate + certManager: + type: object + description: Section to configure cert-manager integration to + generate Operator certificates + properties: + autoConfigure: + type: boolean + default: false + description: "When set to `true` then Issuer and Certificate\ + \ for Operator and Web Console / REST API\n Pods will\ + \ be generated\n" + duration: + type: string + default: 2160h + description: The requested duration (i.e. lifetime) of the + Certificates. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 + renewBefore: + type: string + default: 360h + description: How long before the currently issued certificate’s + expiry cert-manager should renew the certificate. See + https://cert-manager.io/docs/reference/api-docs/#cert-manager.io%2fv1 + encoding: + type: string + default: PKCS1 + description: The private key cryptography standards (PKCS) + encoding for this certificate’s private key to be encoded + in. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey + size: + type: integer + default: 2048 + description: Size is the key bit size of the corresponding + private key for this certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey + rbac: + type: object + description: Section to configure RBAC for Web Console admin user + properties: + create: + type: boolean + default: true + description: "When set to `true` the admin user is assigned\ + \ the `cluster-admin` ClusterRole by creating\n ClusterRoleBinding.\n" + authentication: + type: object + description: Section to configure Web Console authentication + properties: + type: + type: string + default: jwt + description: "Specify the authentication mechanism to use. By\ + \ default is `jwt`, see https://stackgres.io/doc/latest/api/rbac#local-secret-mechanism.\n\ + \ If set to `oidc` then see https://stackgres.io/doc/latest/api/rbac/#openid-connect-provider-mechanism.\n" + createAdminSecret: + type: boolean + description: 'When `true` will create the secret used to store + the admin user credentials to access the UI. + + ' + default: true + user: + type: string + default: admin + description: The admin username that will be created for the + Web Console + password: + type: string + description: 'The admin password that will be created for the + Web Console. + + + If not specified a random password will be generated. + + ' + oidc: + type: object + description: Section to configure Web Console OIDC authentication + properties: + tlsVerification: + type: string + description: Can be one of `required`, `certificate-validation` + or `none` + authServerUrl: + type: string + clientId: + type: string + credentialsSecret: + type: string + clientIdSecretRef: + type: object + properties: + name: + type: string + key: + type: string + credentialsSecretSecretRef: + type: object + properties: + name: + type: string + key: + type: string + prometheus: + type: object + description: Section to configure Prometheus integration. + properties: + allowAutobind: + type: boolean + default: true + description: "If set to false disable automatic bind to Prometheus\n\ + \ created using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator).\n\ + If disabled the cluster will not be binded to Prometheus automatically\ + \ and will require manual\n intervention by the Kubernetes\ + \ cluster administrator.\n" + grafana: + type: object + description: Section to configure Grafana integration + properties: + autoEmbed: + type: boolean + default: false + description: "When set to `true` embed automatically Grafana\ + \ into the Web Console by creating the\n StackGres dashboard\ + \ and the read-only role used to read it from the Web Console\ + \ \n" + schema: + type: string + default: http + description: "The schema to access Grafana. By default http.\ + \ (used to embed manually and\n automatically grafana)\n" + webHost: + type: string + description: "The service host name to access grafana (used\ + \ to embed manually and\n automatically Grafana). \nThe parameter\ + \ value should point to the grafana service following the\ + \ \n [DNS reference](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/)\ + \ `svc_name.namespace`\n" + datasourceName: + type: string + default: Prometheus + description: The datasource name used to create the StackGres + Dashboard into Grafana + user: + type: string + default: admin + description: "The username to access Grafana. By default admin.\ + \ (used to embed automatically\n Grafana)\n" + password: + type: string + default: prom-operator + description: "The password to access Grafana. By default prom-operator\ + \ (the default in for\n kube-prometheus-stack helm chart).\ + \ (used to embed automatically Grafana)\n" + secretNamespace: + type: string + description: "The namespace of secret with credentials to access\ + \ Grafana. (used to\n embed automatically Grafana, alternative\ + \ to use `user` and `password`)\n" + secretName: + type: string + description: "The name of secret with credentials to access\ + \ Grafana. (used to embed\n automatically Grafana, alternative\ + \ to use `user` and `password`)\n" + secretUserKey: + type: string + description: "The key of secret with username used to access\ + \ Grafana. (used to embed\n automatically Grafana, alternative\ + \ to use `user` and `password`)\n" + secretPasswordKey: + type: string + description: "The key of secret with password used to access\ + \ Grafana. (used to\n embed automatically Grafana, alternative\ + \ to use `user` and `password`)\n" + dashboardConfigMap: + type: string + description: "The ConfigMap name with the dashboard JSON in\ + \ the key `grafana-dashboard.json`\n that will be created\ + \ in Grafana. If not set the default\n" + dashboardId: + type: string + description: "The dashboard id that will be create in Grafana\n\ + \ (see https://grafana.com/grafana/dashboards). By default\ + \ 9628. (used to embed automatically\n Grafana)\n\nManual\ + \ Steps:\n \nCreate grafana dashboard for postgres exporter\ + \ and copy/paste share URL:\n- Grafana > Create > Import >\ + \ Grafana.com Dashboard 9628\nCopy/paste grafana dashboard\ + \ URL for postgres exporter:\n- Grafana > Dashboard > Manage\ + \ > Select postgres exporter dashboard > Copy URL\n" + url: + type: string + description: "The URL of the PostgreSQL dashboard created in\ + \ Grafana (used to embed manually\n Grafana)\n" + token: + type: string + description: "The Grafana API token to access the PostgreSQL\ + \ dashboard created\n in Grafana (used to embed manually Grafana)\n\ + \nManual Steps:\n \nCreate and copy/paste grafana API token:\n\ + - Grafana > Configuration > API Keys > Add API key (for viewer)\ + \ > Copy key value\n" + extensions: + type: object + description: Section to configure extensions + properties: + repositoryUrls: + type: array + default: + - https://extensions.stackgres.io/postgres/repository + description: "A list of extensions repository URLs used to retrieve\ + \ extensions\n\nTo set a proxy for extensions repository add\ + \ parameter proxyUrl to the URL:\n `https://extensions.stackgres.io/postgres/repository?proxyUrl=%3A%2F%2F[%3A]` (URL encoded)\n\ + \nOther URL parameters are:\n\n* `skipHostnameVerification`:\ + \ set it to `true` in order to use a server or a proxy with\ + \ a self signed certificate\n* `retry`: set it to `[:]` in order to retry a request on failure\n\ + * `setHttpScheme`: set it to `true` in order to force using\ + \ HTTP scheme\n" + items: + type: string + cache: + type: object + description: "Section to configure extensions cache (experimental).\n\ + \nThis feature is in beta and may cause failures, please use\ + \ with caution and report any\n error to https://gitlab.com/ongresinc/stackgres/-/issues/new\n" + properties: + enabled: + type: boolean + default: false + description: "When set to `true` enable the extensions cache.\n\ + \nThis feature is in beta and may cause failures, please\ + \ use with caution and report any\n error to https://gitlab.com/ongresinc/stackgres/-/issues/new\n" + preloadedExtensions: + type: array + default: + - x86_64/linux/timescaledb-1\.7\.4-pg12 + description: An array of extensions pattern used to pre-loaded + estensions into the extensions cache + items: + type: string + description: An extension pattern used to pre-loaded estensions + into the extensions cache + persistentVolume: + type: object + description: Section to configure the extensions cache PersistentVolume + properties: + size: + type: string + default: 1Gi + description: 'The PersistentVolume size for the extensions + cache + + + Only use whole numbers (e.g. not 1e6) and K/Ki/M/Mi/G/Gi + as units + + ' + storageClass: + type: string + description: "If defined set storage class\nIf set to\ + \ \"-\" (equivalent to storageClass: \"\" in a PV\ + \ spec) disables\n dynamic provisioning\nIf undefined\ + \ (the default) or set to null, no storageClass spec\ + \ is\n set, choosing the default provisioner. (gp2\ + \ on AWS, standard on\n GKE, AWS & OpenStack)\n" + hostPath: + type: string + description: "If set, will use a host path volume with the\ + \ specified path for the extensions cache\n instead of\ + \ a PersistentVolume\n" + developer: + type: object + x-kubernetes-preserve-unknown-fields: true + description: 'Section to configure developer options. + + + Following options are for developers only, but can also be useful + in some cases ;) + + ' + properties: + version: + type: string + description: Set the operator version (used for testing) + logLevel: + type: string + description: Set `quarkus.log.level`. See https://quarkus.io/guides/logging#root-logger-configuration + showDebug: + type: boolean + default: false + description: If set to `true` add extra debug to any script + controlled by the reconciliation cycle of the operator configuration + showStackTraces: + type: boolean + default: false + description: Set `quarkus.log.console.format` to `%d{yyyy-MM-dd + HH:mm:ss,SSS} %-5p [%c{4.}] (%t) %s%e%n`. See https://quarkus.io/guides/logging#logging-format + useJvmImages: + type: boolean + default: false + description: 'The operator will use JVM version of the images + + ' + enableJvmDebug: + type: boolean + default: false + description: "Only work with JVM version and allow connect\n\ + \ on port 8000 of operator Pod with jdb or similar\n" + enableJvmDebugSuspend: + type: boolean + default: false + description: "Only work with JVM version and if `enableJvmDebug`\ + \ is `true`\n suspend the JVM until a debugger session is\ + \ started\n" + externalOperatorIp: + type: string + description: Set the external Operator IP + externalOperatorPort: + type: integer + description: Set the external Operator port + externalRestApiIp: + type: string + description: Set the external REST API IP + externalRestApiPort: + type: integer + description: Set the external REST API port + allowPullExtensionsFromImageRepository: + type: boolean + default: false + description: "If set to `true` and `extensions.cache.enabled`\ + \ is also `true`\n it will try to download extensions from\ + \ images (experimental)\n" + disableArbitraryUser: + type: boolean + default: false + description: 'It set to `true` disable arbitrary user that is + set for OpenShift clusters + + ' + patches: + type: object + description: 'Section to define patches for some StackGres Pods + + ' + properties: + operator: + type: object + description: 'Section to define volumes to be used by the + operator container + + ' + properties: + volumes: + type: array + description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + volumeMounts: + type: array + description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + restapi: + type: object + description: 'Section to define volumes to be used by the + restapi container + + ' + properties: + volumes: + type: array + description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + volumeMounts: + type: array + description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + adminui: + type: object + description: 'Section to define volumes to be used by the + adminui container + + ' + properties: + volumes: + type: array + description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + volumeMounts: + type: array + description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + jobs: + type: object + description: 'Section to define volumes to be used by the + jobs container + + ' + properties: + volumes: + type: array + description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + volumeMounts: + type: array + description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + clusterController: + type: object + description: 'Section to define volumes to be used by the + cluster controller container + + ' + properties: + volumes: + type: array + description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + volumeMounts: + type: array + description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + distributedlogsController: + type: object + description: 'Section to define volumes to be used by the + distributedlogs controller container + + ' + properties: + volumes: + type: array + description: Pod volumes. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volume-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + volumeMounts: + type: array + description: Pod's container volume mounts. See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#volumemount-v1-core + items: + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + description: Status defines the observed state of SGConfig + x-kubernetes-preserve-unknown-fields: true + properties: + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + description: Last time the condition transitioned from one + status to another. + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + type: string + type: + description: Type of deployment condition. + type: string + version: + type: string + description: Latest version of the operator used to check for updates + removeOldOperatorBundleResources: + type: boolean + description: Indicate when the old operator bundle resources has + been removed + grafana: + type: object + properties: + urls: + description: Grafana URLs to StackGres dashboards + type: array + items: + type: string + description: Grafana URL to StackGres dashboards preceded + by the dashboard name and a semicolon `:` + token: + description: Grafana Token that allow to access dashboards + type: string + configHash: + description: Grafana configuration hash + type: string + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgconfig + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgdbops.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgdbops.yaml new file mode 100644 index 00000000000..bcdc74f2cb2 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgdbops.yaml @@ -0,0 +1,1931 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgdbops.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGDbOps + listKind: SGDbOpsList + plural: sgdbops + singular: sgdbops + shortNames: + - sgdo + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - name: cluster + type: string + jsonPath: .spec.sgCluster + - name: operation + type: string + jsonPath: .spec.op + - name: status + type: string + jsonPath: .status.conditions[?(@.status=="True")].reason + - name: started-at + type: string + jsonPath: .status.opStarted + priority: 1 + - name: retries + type: string + jsonPath: .status.opRetries + priority: 1 + schema: + openAPIV3Schema: + required: + - metadata + - spec + type: object + properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 57 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + description: 'Name of the Database Operation. A database operation + represents a ""kind"" of operation on a StackGres cluster, classified + by a given name. The operation reference one SGCluster by its + name. Following [Kubernetes naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), + it must be an rfc1035/rfc1123 `label`, an alphanumeric (a-z, and + 0-9) string, with the ''-'' character allowed anywhere except + the first or last character. + + + The name must be unique across all database operations in the + same namespace." + + ' + spec: + type: object + properties: + sgCluster: + type: string + description: 'The name of SGCluster on which the operation will + be performed. + + ' + scheduling: + type: object + description: Pod custom node scheduling and affinity configuration + properties: + nodeSelector: + type: object + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match a + node''s labels for the pod to be scheduled on that node. More + info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + + ' + tolerations: + description: 'If specified, the pod''s tolerations. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + type: array + items: + description: 'The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + properties: + effect: + description: 'Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + + + ' + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: 'Operator represents a key''s relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + + + ' + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + nodeAffinity: + description: 'Node affinity is a group of node affinity scheduling + rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the union of the + results of one or more label queries over a set of nodes; + that is, it represents the OR of the selectors represented + by the node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + priorityClassName: + type: string + description: 'Priority indicates the importance of a Pod relative + to other Pods. If a Pod cannot be scheduled, the scheduler + tries to preempt (evict) lower priority Pods to make scheduling + of the pending Pod possible. + + ' + podAffinity: + description: 'Pod affinity is a group of inter pod affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: 'Pod anti affinity is a group of inter pod anti + affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + op: + type: string + description: 'The kind of operation that will be performed on the + SGCluster. Available operations are: + + + * `benchmark`: run a benchmark on the specified SGCluster and + report the results in the status. + + * `vacuum`: perform a [vacuum](https://www.postgresql.org/docs/current/sql-vacuum.html) + operation on the specified SGCluster. + + * `repack`: run [`pg_repack`](https://github.com/reorg/pg_repack) + command on the specified SGCluster. + + * `majorVersionUpgrade`: perform a major version upgrade of PostgreSQL + using [`pg_upgrade`](https://www.postgresql.org/docs/current/pgupgrade.html) + command. + + * `restart`: perform a restart of the cluster. + + * `minorVersionUpgrade`: perform a minor version upgrade of PostgreSQL. + + * `securityUpgrade`: perform a security upgrade of the cluster. + + ' + runAt: + type: string + description: 'An ISO 8601 date, that holds UTC scheduled date of + the operation execution. + + + If not specified or if the date it''s in the past, it will be + interpreted ASAP. + + ' + timeout: + type: string + description: 'An ISO 8601 duration in the format `PnDTnHnMn.nS`, + that specifies a timeout after which the operation execution will + be canceled. + + + If the operation can not be performed due to timeout expiration, + the condition `Failed` will have a status of `True` and the reason + will be `OperationTimedOut`. + + + If not specified the operation will never fail for timeout expiration. + + ' + maxRetries: + type: integer + description: 'The maximum number of retries the operation is allowed + to do after a failure. + + + A value of `0` (zero) means no retries are made. Can not be greater + than `10`. Defaults to: `0`. + + ' + benchmark: + type: object + description: 'Configuration of the benchmark + + ' + properties: + type: + type: string + description: 'The type of benchmark that will be performed on + the SGCluster. Available benchmarks are: + + + * `pgbench`: run [pgbench](https://www.postgresql.org/docs/current/pgbench.html) + on the specified SGCluster and report the results in the status. + + ' + pgbench: + type: object + description: 'Configuration of [pgbench](https://www.postgresql.org/docs/current/pgbench.html) + benchmark + + ' + properties: + databaseSize: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi|Ti)$ + description: 'Size of the database to generate. This size + is specified either in Mebibytes, Gibibytes or Tebibytes + (multiples of 2^20, 2^30 or 2^40, respectively). + + ' + duration: + type: string + description: 'An ISO 8601 duration in the format `PnDTnHnMn.nS`, + that specifies how long the benchmark will run. + + ' + usePreparedStatements: + type: boolean + description: 'Use extended query protocol with prepared + statements. Defaults to: `false`. + + ' + concurrentClients: + type: integer + description: 'Number of clients simulated, that is, number + of concurrent database sessions. Defaults to: `1`. + + ' + threads: + type: integer + description: 'Number of worker threads within pgbench. Using + more than one thread can be helpful on multi-CPU machines. + Clients are distributed as evenly as possible among available + threads. Default is `1`. + + ' + required: + - databaseSize + - duration + connectionType: + type: string + description: 'Specify the service where the benchmark will connect + to: + + + * `primary-service`: Connect to the primary service + + * `replicas-service`: Connect to the replicas service + + ' + required: + - type + vacuum: + type: object + description: 'Configuration of [vacuum](https://www.postgresql.org/docs/current/sql-vacuum.html) + operation + + ' + properties: + full: + type: boolean + description: "If true selects \"full\" vacuum, which can reclaim\ + \ more space, but takes much longer and exclusively locks\ + \ the table.\nThis method also requires extra disk space,\ + \ since it writes a new copy of the table and doesn't release\ + \ the old copy\n until the operation is complete. Usually\ + \ this should only be used when a significant amount of space\ + \ needs to be\n reclaimed from within the table. Defaults\ + \ to: `false`.\n" + freeze: + type: boolean + description: "If true selects aggressive \"freezing\" of tuples.\ + \ Specifying FREEZE is equivalent to performing VACUUM with\ + \ the\n vacuum_freeze_min_age and vacuum_freeze_table_age\ + \ parameters set to zero. Aggressive freezing is always performed\n\ + \ when the table is rewritten, so this option is redundant\ + \ when FULL is specified. Defaults to: `false`.\n" + analyze: + type: boolean + description: 'If true, updates statistics used by the planner + to determine the most efficient way to execute a query. Defaults + to: `true`. + + ' + disablePageSkipping: + type: boolean + description: "Normally, VACUUM will skip pages based on the\ + \ visibility map. Pages where all tuples are known to be frozen\ + \ can always be\n skipped, and those where all tuples are\ + \ known to be visible to all transactions may be skipped except\ + \ when performing an\n aggressive vacuum. Furthermore, except\ + \ when performing an aggressive vacuum, some pages may be\ + \ skipped in order to avoid\n waiting for other sessions\ + \ to finish using them. This option disables all page-skipping\ + \ behavior, and is intended to be\n used only when the contents\ + \ of the visibility map are suspect, which should happen only\ + \ if there is a hardware or\n software issue causing database\ + \ corruption. Defaults to: `false`.\n" + databases: + type: array + description: 'List of databases to vacuum or repack, don''t + specify to select all databases + + ' + items: + type: object + required: + - name + properties: + name: + type: string + description: the name of the database + full: + type: boolean + description: "If true selects \"full\" vacuum, which can\ + \ reclaim more space, but takes much longer and exclusively\ + \ locks the table.\nThis method also requires extra\ + \ disk space, since it writes a new copy of the table\ + \ and doesn't release the old copy\n until the operation\ + \ is complete. Usually this should only be used when\ + \ a significant amount of space needs to be\n reclaimed\ + \ from within the table. Defaults to: `false`.\n" + freeze: + type: boolean + description: "If true selects aggressive \"freezing\"\ + \ of tuples. Specifying FREEZE is equivalent to performing\ + \ VACUUM with the\n vacuum_freeze_min_age and vacuum_freeze_table_age\ + \ parameters set to zero. Aggressive freezing is always\ + \ performed\n when the table is rewritten, so this\ + \ option is redundant when FULL is specified. Defaults\ + \ to: `false`.\n" + analyze: + type: boolean + description: 'If true, updates statistics used by the + planner to determine the most efficient way to execute + a query. Defaults to: `true`. + + ' + disablePageSkipping: + type: boolean + description: "Normally, VACUUM will skip pages based on\ + \ the visibility map. Pages where all tuples are known\ + \ to be frozen can always be\n skipped, and those where\ + \ all tuples are known to be visible to all transactions\ + \ may be skipped except when performing an\n aggressive\ + \ vacuum. Furthermore, except when performing an aggressive\ + \ vacuum, some pages may be skipped in order to avoid\n\ + \ waiting for other sessions to finish using them.\ + \ This option disables all page-skipping behavior, and\ + \ is intended to be\n used only when the contents of\ + \ the visibility map are suspect, which should happen\ + \ only if there is a hardware or\n software issue causing\ + \ database corruption. Defaults to: `false`.\n" + repack: + type: object + description: 'Configuration of [`pg_repack`](https://github.com/reorg/pg_repack) + command + + ' + properties: + noOrder: + type: boolean + description: 'If true do vacuum full instead of cluster. Defaults + to: `false`. + + ' + waitTimeout: + type: string + description: 'If specified, an ISO 8601 duration format `PnDTnHnMn.nS` + to set a timeout to cancel other backends on conflict. + + ' + noKillBackend: + type: boolean + description: 'If true don''t kill other backends when timed + out. Defaults to: `false`. + + ' + noAnalyze: + type: boolean + description: 'If true don''t analyze at end. Defaults to: `false`. + + ' + excludeExtension: + type: boolean + description: 'If true don''t repack tables which belong to specific + extension. Defaults to: `false`. + + ' + databases: + type: array + description: 'List of database to vacuum or repack, don''t specify + to select all databases + + ' + items: + type: object + required: + - name + properties: + name: + type: string + description: the name of the database + noOrder: + type: boolean + description: 'If true do vacuum full instead of cluster. + Defaults to: `false`. + + ' + waitTimeout: + type: string + description: 'If specified, an ISO 8601 duration format + `PnDTnHnMn.nS` to set a timeout to cancel other backends + on conflict. + + ' + noKillBackend: + type: boolean + description: 'If true don''t kill other backends when + timed out. Defaults to: `false`. + + ' + noAnalyze: + type: boolean + description: 'If true don''t analyze at end. Defaults + to: `false`. + + ' + excludeExtension: + type: boolean + description: 'If true don''t repack tables which belong + to specific extension. Defaults to: `false`. + + ' + majorVersionUpgrade: + type: object + description: 'Configuration of major version upgrade (see also [`pg_upgrade`](https://www.postgresql.org/docs/current/pgupgrade.html) + command) + + ' + properties: + postgresVersion: + type: string + description: 'The target postgres version that must have the + same major version of the target SGCluster. + + ' + postgresExtensions: + type: array + description: "A major version upgrade can not be performed if\ + \ a required extension is not present for the target major\ + \ version of the upgrade.\nIn those cases you will have to\ + \ provide the target extension version of the extension for\ + \ the target major version of postgres.\nBeware that in some\ + \ cases it is not possible to upgrade an extension alongside\ + \ postgres. This is the case for PostGIS or timescaledb.\n\ + \ In such cases you will have to upgrade the extension before\ + \ or after the major version upgrade. Please make sure you\ + \ read the\n documentation of each extension in order to understand\ + \ if it is possible to upgrade it during a major version upgrade\ + \ of postgres.\n" + items: + type: object + properties: + name: + type: string + description: The name of the extension to deploy. + publisher: + type: string + description: The id of the publisher of the extension + to deploy. If not specified `com.ongres` will be used + by default. + default: com.ongres + version: + type: string + description: The version of the extension to deploy. If + not specified version of `stable` channel will be used + by default and if only a version is available that one + will be used. + repository: + type: string + description: 'The repository base URL from where to obtain + the extension to deploy. + + + **This section is filled by the operator.** + + ' + required: + - name + sgPostgresConfig: + type: string + description: 'The postgres config that must have the same major + version of the target postgres version. + + ' + backupPath: + type: string + description: "The path were the backup is stored. If not set\ + \ this field is filled up by the operator.\n\nWhen provided\ + \ will indicate were the backups and WAL files will be stored.\n\ + \nThe path should be different from the current `.spec.configurations.backups[].path`\ + \ value for the target `SGCluster`\n in order to avoid mixing\ + \ WAL files of two distinct major versions of postgres.\n" + link: + type: boolean + description: 'If true use hard links instead of copying files + to the new cluster. This option is mutually exclusive with + `clone`. Defaults to: `false`. + + ' + clone: + type: boolean + description: "If true use efficient file cloning (also known\ + \ as \"reflinks\" on some systems) instead of copying files\ + \ to the new cluster.\nThis can result in near-instantaneous\ + \ copying of the data files, giving the speed advantages of\ + \ `link` while leaving the old\n cluster untouched. This\ + \ option is mutually exclusive with `link`. Defaults to: `false`.\n\ + \nFile cloning is only supported on some operating systems\ + \ and file systems. If it is selected but not supported, the\ + \ pg_upgrade\n run will error. At present, it is supported\ + \ on Linux (kernel 4.5 or later) with Btrfs and XFS (on file\ + \ systems created with\n reflink support), and on macOS with\ + \ APFS.\n" + check: + type: boolean + description: 'If true does some checks to see if the cluster + can perform a major version upgrade without changing any data. + Defaults to: `false`. + + ' + toInstallPostgresExtensions: + type: array + description: 'The list of Postgres extensions to install. + + + **This section is filled by the operator.** + + ' + items: + type: object + properties: + name: + type: string + description: The name of the extension to install. + publisher: + type: string + description: The id of the publisher of the extension + to install. + version: + type: string + description: The version of the extension to install. + repository: + type: string + description: The repository base URL from where the extension + will be installed from. + postgresVersion: + type: string + description: The postgres major version of the extension + to install. + build: + type: string + description: The build version of the extension to install. + extraMounts: + type: array + description: The extra mounts of the extension to install. + items: + type: string + description: The extra mount of the installed extension. + required: + - name + - publisher + - version + - repository + - postgresVersion + restart: + type: object + description: 'Configuration of restart + + ' + properties: + method: + type: string + description: "The method used to perform the restart operation.\ + \ Available methods are:\n\n* `InPlace`: the in-place method\ + \ does not require more resources than those that are available.\n\ + \ In case only an instance of the StackGres cluster is present\ + \ this mean the service disruption will\n last longer so\ + \ we encourage use the reduced impact restart and especially\ + \ for a production environment.\n* `ReducedImpact`: this procedure\ + \ is the same as the in-place method but require additional\n\ + \ resources in order to spawn a new updated replica that\ + \ will be removed when the procedure completes.\n" + onlyPendingRestart: + type: boolean + description: "By default all Pods are restarted. Setting this\ + \ option to `true` allow to restart only those Pods which\n\ + \ are in pending restart state as detected by the operation.\ + \ Defaults to: `false`.\n" + minorVersionUpgrade: + type: object + description: 'Configuration of minor version upgrade + + ' + properties: + postgresVersion: + type: string + description: 'The target postgres version that must have the + same major version of the target SGCluster. + + ' + method: + type: string + description: "The method used to perform the minor version upgrade\ + \ operation. Available methods are:\n\n* `InPlace`: the in-place\ + \ method does not require more resources than those that are\ + \ available.\n In case only an instance of the StackGres\ + \ cluster is present this mean the service disruption will\n\ + \ last longer so we encourage use the reduced impact restart\ + \ and especially for a production environment.\n* `ReducedImpact`:\ + \ this procedure is the same as the in-place method but require\ + \ additional\n resources in order to spawn a new updated\ + \ replica that will be removed when the procedure completes.\n" + securityUpgrade: + type: object + description: 'Configuration of security upgrade + + ' + properties: + method: + type: string + description: "The method used to perform the security upgrade\ + \ operation. Available methods are:\n\n* `InPlace`: the in-place\ + \ method does not require more resources than those that are\ + \ available.\n In case only an instance of the StackGres\ + \ cluster is present this mean the service disruption will\n\ + \ last longer so we encourage use the reduced impact restart\ + \ and especially for a production environment.\n* `ReducedImpact`:\ + \ this procedure is the same as the in-place method but require\ + \ additional\n resources in order to spawn a new updated\ + \ replica that will be removed when the procedure completes.\n" + required: + - sgCluster + - op + status: + type: object + properties: + conditions: + type: array + description: 'Possible conditions are: + + + * Running: to indicate when the operation is actually running + + * Completed: to indicate when the operation has completed successfully + + * Failed: to indicate when the operation has failed + + ' + items: + type: object + properties: + lastTransitionTime: + description: Last time the condition transitioned from one + status to another. + type: string + message: + description: A human-readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition last transition. + type: string + status: + description: Status of the condition, one of `True`, `False` + or `Unknown`. + type: string + type: + description: Type of deployment condition. + type: string + opRetries: + type: integer + description: 'The number of retries performed by the operation + + ' + opStarted: + type: string + description: 'The ISO 8601 timestamp of when the operation started + running + + ' + benchmark: + type: object + description: 'The results of the benchmark + + ' + properties: + pgbench: + type: object + description: 'The results of the pgbench benchmark + + ' + properties: + scaleFactor: + type: number + nullable: true + description: 'The scale factor used to run pgbench (`--scale`). + + ' + transactionsProcessed: + type: integer + nullable: true + description: 'The number of transactions processed. + + ' + latency: + type: object + description: 'The latency results of the pgbench benchmark + + ' + properties: + average: + type: object + description: 'Average latency of transactions + + ' + properties: + value: + type: number + nullable: true + description: 'The latency average value + + ' + unit: + type: string + nullable: false + description: 'The latency measure unit represented + in milliseconds + + ' + standardDeviation: + type: object + description: 'The latency standard deviation of transactions. + + ' + properties: + value: + type: number + nullable: true + description: 'The latency standard deviation value + + ' + unit: + type: string + nullable: false + description: 'The latency measure unit represented + in milliseconds + + ' + transactionsPerSecond: + type: object + description: 'All the transactions per second results of + the pgbench benchmark + + ' + properties: + includingConnectionsEstablishing: + type: object + description: 'Number of Transaction Per Second (tps) + including connection establishing. + + ' + properties: + value: + type: number + nullable: true + description: 'The Transaction Per Second (tps) including + connections establishing value + + ' + unit: + type: string + nullable: false + description: 'Transaction Per Second (tps) measure + + ' + excludingConnectionsEstablishing: + type: object + description: 'Number of Transaction Per Second (tps) + excluding connection establishing. + + ' + properties: + value: + type: number + nullable: true + description: 'The Transaction Per Second (tps) excluding + connections establishing value + + ' + unit: + type: string + nullable: false + description: 'Transaction Per Second (tps) measure + + ' + majorVersionUpgrade: + type: object + description: 'The results of a major version upgrade + + ' + properties: + sourcePostgresVersion: + type: string + description: 'The postgres version currently used by the primary + instance + + ' + targetPostgresVersion: + type: string + description: 'The postgres version that the cluster will be + upgraded to + + ' + primaryInstance: + type: string + description: 'The primary instance when the operation started + + ' + initialInstances: + type: array + description: 'The instances present when the operation started + + ' + items: + type: string + pendingToRestartInstances: + type: array + description: 'The instances that are pending to be restarted + + ' + items: + type: string + restartedInstances: + type: array + description: 'The instances that have been restarted + + ' + items: + type: string + phase: + type: string + description: 'The phase the operation is or was executing) + + ' + failure: + type: string + description: 'A failure message (when available) + + ' + restart: + type: object + description: 'The results of a restart + + ' + properties: + primaryInstance: + type: string + description: 'The primary instance when the operation started + + ' + initialInstances: + type: array + description: 'The instances present when the operation started + + ' + items: + type: string + pendingToRestartInstances: + type: array + description: 'The instances that are pending to be restarted + + ' + items: + type: string + restartedInstances: + type: array + description: 'The instances that have been restarted + + ' + items: + type: string + switchoverInitiated: + type: string + description: 'An ISO 8601 date indicating if and when the switchover + initiated + + ' + switchoverFinalized: + type: string + description: 'An ISO 8601 date indicating if and when the switchover + finalized + + ' + failure: + type: string + description: 'A failure message (when available) + + ' + minorVersionUpgrade: + type: object + description: 'The results of a minor version upgrade + + ' + properties: + sourcePostgresVersion: + type: string + description: 'The postgres version currently used by the primary + instance + + ' + targetPostgresVersion: + type: string + description: 'The postgres version that the cluster will be + upgraded (or downgraded) to + + ' + primaryInstance: + type: string + description: 'The primary instance when the operation started + + ' + initialInstances: + type: array + description: 'The instances present when the operation started + + ' + items: + type: string + pendingToRestartInstances: + type: array + description: 'The instances that are pending to be restarted + + ' + items: + type: string + restartedInstances: + type: array + description: 'The instances that have been restarted + + ' + items: + type: string + switchoverInitiated: + type: string + description: 'An ISO 8601 date indicating if and when the switchover + initiated + + ' + switchoverFinalized: + type: string + description: 'An ISO 8601 date indicating if and when the switchover + finalized + + ' + failure: + type: string + description: 'A failure message (when available) + + ' + securityUpgrade: + type: object + description: 'The results of a security upgrade + + ' + properties: + primaryInstance: + type: string + description: 'The primary instance when the operation started + + ' + initialInstances: + type: array + description: 'The instances present when the operation started + + ' + items: + type: string + pendingToRestartInstances: + type: array + description: 'The instances that are pending to be restarted + + ' + items: + type: string + restartedInstances: + type: array + description: 'The instances that have been restarted + + ' + items: + type: string + switchoverInitiated: + type: string + description: 'An ISO 8601 date indicating if and when the switchover + initiated + + ' + switchoverFinalized: + type: string + description: 'An ISO 8601 date indicating if and when the switchover + finalized + + ' + failure: + type: string + description: 'A failure message (when available) + + ' + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgdbops + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgdistributedlogs.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgdistributedlogs.yaml new file mode 100644 index 00000000000..99c4ccf3ad8 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgdistributedlogs.yaml @@ -0,0 +1,1509 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgdistributedlogs.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGDistributedLogs + listKind: SGDistributedLogsList + plural: sgdistributedlogs + singular: sgdistributedlogs + shortNames: + - sgdil + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - name: volume-size + type: string + jsonPath: .spec.persistentVolume.size + schema: + openAPIV3Schema: + type: object + required: + - metadata + - spec + properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 52 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + description: 'Name of the Distributed Logs cluster. Following [Kubernetes + naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), + it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters + consisting of one or more lowercase labels separated by `.`. Where + each label is an alphanumeric (a-z, and 0-9) string, with the + `-` character allowed anywhere except the first or last character. + + + A Distributed Logs cluster may store logs for zero or more SGClusters. + + + The name must be unique across all SGCluster, SGShardedCluster + and SGDistributedLogs in the same namespace. + + ' + spec: + type: object + properties: + profile: + type: string + description: "The profile allow to change in a convenient place\ + \ a set of configuration defaults that affect how the cluster\ + \ is generated.\n\nAll those defaults can be overwritten by setting\ + \ the correspoinding fields.\n\nAvailable profiles are:\n\n* `production`:\n\ + \n Prevents two Pods from running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `false` by default).\n Sets both limits and requests using\ + \ `SGInstanceProfile` for `patroni` container that runs both Patroni\ + \ and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced\ + \ `SGInstanceProfile` for sidecar containers other than `patroni`\ + \ (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `testing`:\n\n Allows two Pods\ + \ to running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Sets both limits and requests using\ + \ `SGInstanceProfile` for `patroni` container that runs both Patroni\ + \ and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced\ + \ `SGInstanceProfile` for sidecar containers other than `patroni`\ + \ (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `development`:\n\n Allows two\ + \ Pods from running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Unset both limits and requests for\ + \ `patroni` container that runs both Patroni and Postgres (set\ + \ `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `true` by default).\n Unsets requests for sidecar containers\ + \ other than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `true` by default).\n\n**Changing this field may require\ + \ a restart.**\n" + default: production + persistentVolume: + type: object + description: Pod's persistent volume configuration + properties: + size: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi|Ti)$ + description: 'Size of the PersistentVolume set for the pod of + the cluster for distributed logs. This size is specified either + in Mebibytes, Gibibytes or Tebibytes (multiples of 2^20, 2^30 + or 2^40, respectively). + + ' + storageClass: + type: string + description: 'Name of an existing StorageClass in the Kubernetes + cluster, used to create the PersistentVolumes for the instances + of the cluster. + + ' + postgresServices: + type: object + nullable: true + description: "Kubernetes [services](https://kubernetes.io/docs/concepts/services-networking/service/)\ + \ created or managed by StackGres.\n\n**Example:**\n\n```yaml\n\ + apiVersion: stackgres.io/v1\nkind: SGDistributedLogs\nmetadata:\n\ + \ name: stackgres\nspec:\n postgresServices:\n primary:\n\ + \ type: ClusterIP\n replicas:\n enabled: true\n \ + \ type: ClusterIP\n```\n" + properties: + primary: + type: object + description: Configuration for the `-primary` service. It provides + a stable connection (regardless of primary failures or switchovers) + to the read-write Postgres server of the cluster. + properties: + type: + type: string + enum: + - ClusterIP + - LoadBalancer + - NodePort + description: Specifies the type of Kubernetes service(`ClusterIP`, + `LoadBalancer`, `NodePort`) + annotations: + type: object + additionalProperties: + type: string + description: "Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)\ + \ passed to the `-primary` service.\n\n**Example:**\n\n\ + ```yaml\napiVersion: stackgres.io/v1\nkind: SGDistributedLogs\n\ + metadata:\n name: stackgres\nspec:\n pods:\n metadata:\n\ + \ annotations:\n allResources:\n \ + \ customAnnotations: customAnnotationValue\n```\n" + loadBalancerIP: + type: string + description: Specify loadBalancer IP of Postgres primary + service for Distributed Log + replicas: + type: object + description: Configuration for the `-replicas` service. It provides + a stable connection (regardless of replica node failures) + to any read-only Postgres server of the cluster. Read-only + servers are load-balanced via this service. + properties: + enabled: + type: boolean + description: Specify if the `-replicas` service should be + created or not. + type: + type: string + enum: + - ClusterIP + - LoadBalancer + - NodePort + description: Specifies the type of Kubernetes service(`ClusterIP`, + `LoadBalancer`, `NodePort`). + annotations: + type: object + additionalProperties: + type: string + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + passed to the `-replicas` service. + loadBalancerIP: + type: string + description: Specify loadBalancer IP of Postgres replica + service for Distributed Log + resources: + type: object + description: Pod custom resources configuration. + properties: + enableClusterLimitsRequirements: + type: boolean + description: 'When set to `true` resources limits for containers + other than the patroni container wil be set just like for + patroni contianer as specified in the SGInstanceProfile. + + + **Changing this field may require a restart.** + + ' + disableResourcesRequestsSplitFromTotal: + type: boolean + description: "When set to `true` the resources requests values\ + \ in fields `SGInstanceProfile.spec.requests.cpu` and `SGInstanceProfile.spec.requests.memory`\ + \ will represent the resources\n requests of the patroni container\ + \ and the total resources requests calculated by adding the\ + \ resources requests of all the containers (including the\ + \ patroni container).\n\n**Changing this field may require\ + \ a restart.**\n" + scheduling: + type: object + description: 'Pod custom scheduling and affinity configuration. + + + **Changing this field may require a restart.** + + ' + properties: + nodeSelector: + type: object + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match a + node''s labels for the pod to be scheduled on that node. More + info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + + ' + tolerations: + description: 'If specified, the pod''s tolerations. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + type: array + items: + description: 'The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + properties: + effect: + description: 'Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + + + ' + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: 'Operator represents a key''s relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + + + ' + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + nodeAffinity: + description: 'Node affinity is a group of node affinity scheduling + rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the union of the + results of one or more label queries over a set of nodes; + that is, it represents the OR of the selectors represented + by the node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + priorityClassName: + type: string + description: 'Priority indicates the importance of a Pod relative + to other Pods. If a Pod cannot be scheduled, the scheduler + tries to preempt (evict) lower priority Pods to make scheduling + of the pending Pod possible. + + ' + podAffinity: + description: 'Pod affinity is a group of inter pod affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: 'Pod anti affinity is a group of inter pod anti + affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + sgInstanceProfile: + type: string + description: 'Name of the [SGInstanceProfile](https://stackgres.io/doc/latest/04-postgres-cluster-management/03-resource-profiles/). + A SGInstanceProfile defines CPU and memory limits. Must exist + before creating a distributed logs. When no profile is set, a + default (currently: 1 core, 2 GiB RAM) one is used. + + + **Changing this field may require a restart.** + + ' + configurations: + type: object + description: 'Cluster custom configurations. + + ' + properties: + sgPostgresConfig: + type: string + description: 'Name of the [SGPostgresConfig](https://stackgres.io/doc/latest/reference/crd/sgpgconfig) + used for the distributed logs. It must exist. When not set, + a default Postgres config, for the major version selected, + is used. + + + **Changing this field may require a restart.** + + ' + metadata: + type: object + description: Metadata information from cluster created resources. + properties: + annotations: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + to be passed to resources created and managed by StackGres. + properties: + allResources: + type: object + description: Annotations to attach to any resource created + or managed by StackGres. + additionalProperties: + type: string + pods: + type: object + description: Annotations to attach to pods created or managed + by StackGres. + additionalProperties: + type: string + services: + type: object + description: Annotations to attach to services created or + managed by StackGres. + additionalProperties: + type: string + toInstallPostgresExtensions: + type: array + description: 'The list of Postgres extensions to install. + + + **This section is filled by the operator.** + + ' + items: + type: object + properties: + name: + type: string + description: The name of the extension to install. + publisher: + type: string + description: The id of the publisher of the extension to install. + version: + type: string + description: The version of the extension to install. + repository: + type: string + description: The repository base URL from where the extension + will be installed from. + postgresVersion: + type: string + description: The postgres major version of the extension to + install. + build: + type: string + description: The build version of the extension to install. + extraMounts: + type: array + description: The extra mounts of the extension to install. + items: + type: string + description: The extra mount of the installed extension. + required: + - name + - publisher + - version + - repository + - postgresVersion + nonProductionOptions: + type: object + properties: + disableClusterPodAntiAffinity: + type: boolean + description: 'It is a best practice, on non-containerized environments, + when running production workloads, to run each database server + on a different server (virtual or physical), i.e., not to + co-locate more than one database server per host. + + + The same best practice applies to databases on containers. + By default, StackGres will not allow to run more than one + StackGres or Distributed Logs pod on a given Kubernetes node. + If set to `true` it will allow more than one StackGres pod + per node. + + + **Changing this field may require a restart.** + + ' + disablePatroniResourceRequirements: + type: boolean + description: 'It is a best practice, on containerized environments, + when running production workloads, to enforce container''s + resources requirements. + + + The same best practice applies to databases on containers. + By default, StackGres will configure resource requirements + for patroni container. Set this property to true to prevent + StackGres from setting patroni container''s resources requirement. + + + **Changing this field may require a restart.** + + ' + disableClusterResourceRequirements: + type: boolean + description: 'It is a best practice, on containerized environments, + when running production workloads, to enforce container''s + resources requirements. + + + By default, StackGres will configure resource requirements + for all the containers. Set this property to true to prevent + StackGres from setting container''s resources requirements + (except for patroni container, see `disablePatroniResourceRequirements`). + + + **Changing this field may require a restart.** + + ' + enableSetPatroniCpuRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ cpu requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less cpu than\ + \ it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs\ + \ on the node.\n\nBy default, StackGres will configure cpu\ + \ requirements to have the same limit and request for the\ + \ patroni container. Set this property to true to prevent\ + \ StackGres from setting patroni container's cpu requirements\ + \ request equals to the limit\n when `.spec.requests.cpu`\ + \ is configured in the referenced `SGInstanceProfile`.\n\n\ + **Changing this field may require a restart.**\n" + enableSetClusterCpuRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ cpu requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less cpu than\ + \ it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs\ + \ on the node.\n\nBy default, StackGres will configure cpu\ + \ requirements to have the same limit and request for all\ + \ the containers. Set this property to true to prevent StackGres\ + \ from setting container's cpu requirements request equals\ + \ to the limit (except for patroni container, see `enablePatroniCpuRequests`)\n\ + \ when `.spec.requests.containers..cpu` `.spec.requests.initContainers..cpu` is configured in the referenced `SGInstanceProfile`.\n\ + \n**Changing this field may require a restart.**\n" + enableSetPatroniMemoryRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ memory requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less memory\ + \ than it requires.\n\nBy default, StackGres will configure\ + \ memory requirements to have the same limit and request for\ + \ the patroni container. Set this property to true to prevent\ + \ StackGres from setting patroni container's memory requirements\ + \ request equals to the limit\n when `.spec.requests.memory`\ + \ is configured in the referenced `SGInstanceProfile`.\n\n\ + **Changing this field may require a restart.**\n" + enableSetClusterMemoryRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ memory requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less memory\ + \ than it requires.\n\nBy default, StackGres will configure\ + \ memory requirements to have the same limit and request for\ + \ all the containers. Set this property to true to prevent\ + \ StackGres from setting container's memory requirements request\ + \ equals to the limit (except for patroni container, see `enablePatroniCpuRequests`)\n\ + \ when `.spec.requests.containers..memory`\ + \ `.spec.requests.initContainers..memory`\ + \ is configured in the referenced `SGInstanceProfile`.\n\n\ + **Changing this field may require a restart.**\n" + required: + - persistentVolume + status: + type: object + properties: + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + description: Last time the condition transitioned from one + status to another. + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + type: string + type: + description: Type of deployment condition. + type: string + podStatuses: + type: array + description: The list of pod statuses. + items: + type: object + properties: + name: + type: string + description: The name of the pod. + primary: + type: boolean + description: Indicates if the pod is the elected primary + pendingRestart: + type: boolean + description: Indicates if the pod requires restart + installedPostgresExtensions: + type: array + description: The list of extensions currently installed. + items: + type: object + properties: + name: + type: string + description: The name of the installed extension. + publisher: + type: string + description: The id of the publisher of the installed + extension. + version: + type: string + description: The version of the installed extension. + repository: + type: string + description: The repository base URL from where the + extension was installed. + postgresVersion: + type: string + description: The postgres major version of the installed + extension. + build: + type: string + description: The build version of the installed extension. + required: + - name + - publisher + - version + - repository + - postgresVersion + required: + - name + databases: + type: array + description: The list of database status + items: + type: object + description: A database status + properties: + name: + type: string + description: The database name that has been created + retention: + type: string + description: The retention window that has been applied to + tables + connectedClusters: + type: array + description: The list of connected `sgclusters` + items: + type: object + description: A connected `sgcluster` + properties: + namespace: + type: string + description: The `sgcluster` namespace + name: + type: string + description: The `sgcluster` name + config: + type: object + description: The configuration for `sgdistributedlgos` of + this `sgcluster` + properties: + sgDistributedLogs: + type: string + description: The `sgdistributedlogs` to which this `sgcluster` + is connected to + retention: + type: string + description: The retention window that has been applied + to tables + fluentdConfigHash: + type: string + description: The hash of the configuration file that is used by + fluentd + arch: + type: string + description: The architecture on which the cluster has been initialized. + os: + type: string + description: The operative system on which the cluster has been + initialized. + labelPrefix: + type: string + description: The custom prefix that is prepended to all labels. + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgdistributedlogs + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sginstanceprofiles.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sginstanceprofiles.yaml new file mode 100644 index 00000000000..59df61347ad --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sginstanceprofiles.yaml @@ -0,0 +1,320 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sginstanceprofiles.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGInstanceProfile + listKind: SGInstanceProfileList + plural: sginstanceprofiles + singular: sginstanceprofile + shortNames: + - sginp + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - name: cpu + type: string + jsonPath: .spec.cpu + - name: memory + type: string + jsonPath: .spec.memory + schema: + openAPIV3Schema: + required: + - metadata + - spec + type: object + properties: + metadata: + type: object + properties: + name: + type: string + description: "Name of the Instance Profile. An instance profile\ + \ represents a \"kind\" of\n server (CPU and RAM) where you may\ + \ run StackGres Pods, classified by a given name.\n The profile\ + \ may be referenced by zero or more SGClusters, and if so it would\n\ + \ be referenced by its name. Following [Kubernetes naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md),\ + \ it must be an rfc1035/rfc1123 subdomain, that is, up to 253\ + \ characters consisting of one or more lowercase labels separated\ + \ by `.`. Where each label is an alphanumeric (a-z, and 0-9) string,\ + \ with the `-` character allowed anywhere except the first or\ + \ last character.\n\nThe name must be unique across all instance\ + \ profiles in the same namespace.\n" + spec: + type: object + properties: + cpu: + type: string + pattern: ^[1-9][0-9]*[m]?$ + description: "CPU(s) (cores) limits for every resource's Pod that\ + \ reference this SGInstanceProfile. The suffix `m`\n specifies\ + \ millicpus (where 1000m is equals to 1).\n\nThe number of cpu\ + \ limits is assigned to the patroni container (that runs both\ + \ Patroni and PostgreSQL).\n\nA minimum of 2 cpu is recommended.\n" + memory: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM limits for every resource's Pod that reference\ + \ this SGInstanceProfile. The suffix `Mi` or `Gi`\n specifies\ + \ Mebibytes or Gibibytes, respectively.\n\nThe amount of RAM limits\ + \ is assigned to the patroni container (that runs both Patroni\ + \ and PostgreSQL).\n\nA minimum of 2Gi is recommended.\n" + hugePages: + type: object + description: 'RAM limits allocated for huge pages of the patroni + container (that runs both Patroni and PostgreSQL). + + ' + properties: + hugepages-2Mi: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM limits allocated for huge pages of the patroni\ + \ container (that runs both Patroni and PostgreSQL) with a\ + \ size of 2Mi. The suffix `Mi` or `Gi`\n specifies Mebibytes\ + \ or Gibibytes, respectively.\n" + hugepages-1Gi: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM limits allocated for huge pages of the patroni\ + \ container (that runs both Patroni and PostgreSQL) with a\ + \ size of 1Gi. The suffix `Mi` or `Gi`\n specifies Mebibytes\ + \ or Gibibytes, respectively.\n" + containers: + type: object + description: 'The CPU(s) (cores) and RAM limits assigned to containers + other than patroni container. + + ' + additionalProperties: + type: object + description: "The CPU(s) (cores) and RAM limits assigned to a\ + \ container.\n\nThis section, if left empty, will be filled\ + \ automatically by the operator with\n some defaults that can\ + \ be proportional to the resources limits assigned to patroni\n\ + \ container (except for the huge pages that are always left\ + \ untouched).\n" + properties: + cpu: + type: string + pattern: ^[1-9][0-9]*[m]?$ + description: "CPU(s) (cores) limits for the specified container.\ + \ The suffix `m`\n specifies millicpus (where 1000m is\ + \ equals to 1).\n" + memory: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM limits for the specified container. The\ + \ suffix `Mi` or `Gi`\n specifies Mebibytes or Gibibytes,\ + \ respectively.\n" + hugePages: + type: object + description: 'RAM limits for huge pages for the specified + container. + + ' + properties: + hugepages-2Mi: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM limits for huge pages of the specified\ + \ container with a size of 2Mi. The suffix `Mi`\n or\ + \ `Gi` specifies Mebibytes or Gibibytes, respectively.\n" + hugepages-1Gi: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM limits for huge pages of the specified\ + \ container with a size of 1Gi. The suffix `Mi`\n or\ + \ `Gi` specifies Mebibytes or Gibibytes, respectively.\n" + initContainers: + type: object + description: The CPU(s) (cores) and RAM limits assigned to the init + containers. + additionalProperties: + type: object + description: "The CPU(s) (cores) and RAM limits assigned to a\ + \ init container.\n\nThis section will be filled automatically\ + \ by the operator with\n the same values of the resources limits\ + \ assigned to patroni\n container (except for the huge pages\ + \ that are always left untouched).\n" + properties: + cpu: + type: string + pattern: ^[1-9][0-9]*[m]?$ + description: "CPU(s) (cores) limits for the specified init\ + \ container. The suffix\n `m` specifies millicpus (where\ + \ 1000m is equals to 1).\n" + memory: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM limits for the specified init container.\ + \ The suffix `Mi`\n or `Gi` specifies Mebibytes or Gibibytes,\ + \ respectively.\n" + hugePages: + type: object + description: 'RAM limits for huge pages of the specified init + container + + ' + properties: + hugepages-2Mi: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM limits for huge pages of the specified\ + \ init container with a size of 2Mi. The suffix `Mi`\n\ + \ or `Gi` specifies Mebibytes or Gibibytes, respectively.\n" + hugepages-1Gi: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM limits for huge pages of the specified\ + \ init container with a size of 1Gi. The suffix `Mi`\ + \ or `Gi`\n specifies Mebibytes or Gibibytes, respectively.\n" + requests: + type: object + description: "This section allow to configure the resources requests\ + \ for each container and, if not specified, it is filled with\ + \ some defaults based on the fields `.spec.cpu` and `.spec.memory`\ + \ will be set.\n\nOn containerized environments, when running\ + \ production workloads, enforcing container's resources requirements\ + \ requests to be equals to the limits in order to achieve the\ + \ highest level of performance. Doing so, reduces the chances\ + \ of leaving\n the workload with less resources than it requires.\ + \ It also allow to set [static CPU management policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs on the\ + \ node.\n There are cases where you may need to set cpu requests\ + \ to the same value as cpu limits in order to achieve static CPU\ + \ management policy.\n\nBy default the resources requests values\ + \ in fields `.spec.requests.cpu` and `.spec.requests.memory` represent\ + \ the total resources requests assigned to each resource's Pod\ + \ that reference this SGInstanceProfile.\n The resources requests\ + \ of the patroni container (that runs both Patroni and PostgreSQL)\ + \ is calculated by subtracting from the total resources requests\ + \ the resources requests of other containers that are present\ + \ in the Pod.\n To change this behavior and having the resources\ + \ requests values in fields `.spec.requests.cpu` and `.spec.requests.memory`\ + \ to represent the resources requests of the patroni container\ + \ and the total resources requests\n calculated by adding the\ + \ resources requests of all the containers (including the patroni\ + \ container) you may set one or more of the following fields to\ + \ `true`\n (depending on the resource's Pods you need this behaviour\ + \ to be changed):\n \n* `SGCluster.spec.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.coordinator.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.shards.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.shards.ovewrites.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGDistributedLogs.spec.resources.disableResourcesRequestsSplitFromTotal`\n" + properties: + cpu: + type: string + pattern: ^[1-9][0-9]*[m]?$ + description: "CPU(s) (cores) requests for every resource's Pod\ + \ that reference this SGInstanceProfile. The suffix `m`\n\ + \ specifies millicpus (where 1000m is equals to 1).\n\nBy\ + \ default the cpu requests values in field `.spec.requests.cpu`\ + \ represent the total cpu requests assigned to each resource's\ + \ Pod that reference this SGInstanceProfile.\n The cpu requests\ + \ of the patroni container (that runs both Patroni and PostgreSQL)\ + \ is calculated by subtracting from the total cpu requests\ + \ the cpu requests of other containers that are present in\ + \ the Pod.\n To change this behavior and having the cpu requests\ + \ values in field `.spec.requests.cpu` to represent the cpu\ + \ requests of the patroni container and the total cpu requests\n\ + \ calculated by adding the cpu requests of all the containers\ + \ (including the patroni container) you may set one or more\ + \ of the following fields to `true`\n (depending on the resource's\ + \ Pods you need this behaviour to be changed):\n \n* `SGCluster.spec.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.coordinator.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.shards.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.shards.ovewrites.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGDistributedLogs.spec.resources.disableResourcesRequestsSplitFromTotal`\n" + memory: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM requests for every resource's Pod that reference\ + \ this SGInstanceProfile. The suffix `Mi` or `Gi`\n specifies\ + \ Mebibytes or Gibibytes, respectively.\n\nBy default the\ + \ memory requests values in field `.spec.requests.memory`\ + \ represent the total memory requests assigned to each resource's\ + \ Pod that reference this SGInstanceProfile.\n The memory\ + \ requests of the patroni container (that runs both Patroni\ + \ and PostgreSQL) is calculated by subtracting from the total\ + \ memory requests the memory requests of other containers\ + \ that are present in the Pod.\n To change this behavior and\ + \ having the memory requests values in field `.spec.requests.memory`\ + \ to represent the memory requests of the patroni container\ + \ and the total memory requests\n calculated by adding the\ + \ memory requests of all the containers (including the patroni\ + \ container) you may set one or more of the following fields\ + \ to `true`\n (depending on the resource's Pods you need this\ + \ behaviour to be changed):\n \n* `SGCluster.spec.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.coordinator.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.shards.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGShardedCluster.spec.shards.ovewrites.pods.resources.disableResourcesRequestsSplitFromTotal`\n\ + * `SGDistributedLogs.spec.resources.disableResourcesRequestsSplitFromTotal`\n" + containers: + type: object + description: 'The CPU(s) (cores) and RAM requests assigned to + containers other than patroni container. + + ' + additionalProperties: + type: object + description: "The CPU(s) (cores) and RAM requests assigned\ + \ to a container.\n\nThis section, if left empty, will be\ + \ filled automatically by the operator with\n some defaults\ + \ that can be proportional to the resources assigned to\ + \ patroni\n container (except for the huge pages that are\ + \ always left untouched).\n" + properties: + cpu: + type: string + pattern: ^[1-9][0-9]*[m]?$ + description: "CPU(s) (cores) requests for the specified\ + \ container. The suffix `m`\n specifies millicpus (where\ + \ 1000m is equals to 1).\n" + memory: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM requests for the specified container.\ + \ The suffix `Mi` or `Gi`\n specifies Mebibytes or\ + \ Gibibytes, respectively.\n" + initContainers: + type: object + description: The CPU(s) (cores) and RAM requests assigned to + init containers. + additionalProperties: + type: object + description: "The CPU(s) (cores) and RAM requests assigned\ + \ to a init container.\n\nThis section will be filled automatically\ + \ by the operator with\n the same values of the resources\ + \ requests assigned to patroni\n container (except for\ + \ the huge pages that are always left untouched).\n" + properties: + cpu: + type: string + pattern: ^[1-9][0-9]*[m]?$ + description: "CPU(s) (cores) requests for the specified\ + \ init container. The suffix\n `m` specifies millicpus\ + \ (where 1000m is equals to 1).\n" + memory: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi)$ + description: "RAM requests for the specified init container.\ + \ The suffix `Mi`\n or `Gi` specifies Mebibytes or\ + \ Gibibytes, respectively.\n" + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sginstanceprofile + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgobjectstorages.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgobjectstorages.yaml new file mode 100644 index 00000000000..1bedcaf556e --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgobjectstorages.yaml @@ -0,0 +1,442 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgobjectstorages.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGObjectStorage + listKind: SGObjectStorageList + plural: sgobjectstorages + singular: sgobjectstorage + shortNames: + - sgobjs + versions: + - name: v1beta1 + served: true + storage: true + additionalPrinterColumns: + - name: type + type: string + jsonPath: .spec.type + schema: + openAPIV3Schema: + type: object + required: + - metadata + - spec + properties: + metadata: + type: object + properties: + name: + type: string + description: 'Name of the Object Storage configuration. + + The name must be unique across all object storage configurations + in the same namespace. + + ' + spec: + type: object + description: 'Object Storage configuration + + ' + properties: + type: + type: string + enum: + - s3 + - s3Compatible + - gcs + - azureBlob + description: "Determine the type of object storage used for storing\ + \ the base backups and WAL segments.\n Possible values:\n\ + \ * `s3`: Amazon Web Services S3 (Simple Storage Service).\n\ + \ * `s3Compatible`: non-AWS services that implement a compatibility\ + \ API with AWS S3.\n * `gcs`: Google Cloud Storage.\n \ + \ * `azureBlob`: Microsoft Azure Blob Storage.\n" + s3: + type: object + description: 'Amazon Web Services S3 configuration. + + ' + properties: + bucket: + type: string + pattern: ^((s3|https?)://)?[^/]+(/[^/]*)*$ + description: 'AWS S3 bucket name. + + ' + region: + type: string + description: 'The AWS S3 region. The Region may be detected + using s3:GetBucketLocation, but if you wish to avoid giving + permissions to this API call or forbid it from the applicable + IAM policy, you must then specify this property. + + ' + storageClass: + type: string + description: 'The [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) + to use for the backup object storage. By default, the `STANDARD` + storage class is used. Other supported values include `STANDARD_IA` + for Infrequent Access and `REDUCED_REDUNDANCY`. + + ' + awsCredentials: + type: object + description: 'The credentials to access AWS S3 for writing and + reading. + + ' + properties: + secretKeySelectors: + type: object + description: 'Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core)(s) + to reference the Secrets that contain the information + about the `awsCredentials`. Note that you may use the + same or different Secrets for the `accessKeyId` and the + `secretAccessKey`. In the former case, the `keys` that + identify each must be, obviously, different. + + ' + properties: + accessKeyId: + type: object + description: 'AWS [access key ID](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). + For example, `AKIAIOSFODNN7EXAMPLE`. + + ' + properties: + key: + type: string + description: 'The key of the secret to select from. + Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + secretAccessKey: + type: object + description: 'AWS [secret access key](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). + For example, `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`. + + ' + properties: + key: + type: string + description: 'The key of the secret to select from. + Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + required: + - accessKeyId + - secretAccessKey + required: + - secretKeySelectors + required: + - bucket + - awsCredentials + s3Compatible: + type: object + description: AWS S3-Compatible API configuration + properties: + bucket: + type: string + pattern: ^((s3|https?)://)?[^/]+(/[^/]*)*$ + description: 'Bucket name. + + ' + enablePathStyleAddressing: + type: boolean + description: 'Enable path-style addressing (i.e. `http://s3.amazonaws.com/BUCKET/KEY`) + when connecting to an S3-compatible service that lacks support + for sub-domain style bucket URLs (i.e. `http://BUCKET.s3.amazonaws.com/KEY`). + + + Defaults to false. + + ' + endpoint: + type: string + description: 'Overrides the default url to connect to an S3-compatible + service. + + For example: `http://s3-like-service:9000`. + + ' + region: + type: string + description: 'The AWS S3 region. The Region may be detected + using s3:GetBucketLocation, but if you wish to avoid giving + permissions to this API call or forbid it from the applicable + IAM policy, you must then specify this property. + + ' + storageClass: + type: string + description: 'The [Amazon S3 Storage Class](https://aws.amazon.com/s3/storage-classes/) + to use for the backup object storage. By default, the `STANDARD` + storage class is used. Other supported values include `STANDARD_IA` + for Infrequent Access and `REDUCED_REDUNDANCY`. + + ' + awsCredentials: + type: object + description: 'The credentials to access AWS S3 for writing and + reading. + + ' + properties: + secretKeySelectors: + type: object + description: 'Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core)(s) + to reference the Secret(s) that contain the information + about the `awsCredentials`. Note that you may use the + same or different Secrets for the `accessKeyId` and the + `secretAccessKey`. In the former case, the `keys` that + identify each must be, obviously, different. + + ' + properties: + accessKeyId: + type: object + description: 'AWS [access key ID](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). + For example, `AKIAIOSFODNN7EXAMPLE`. + + ' + properties: + key: + type: string + description: 'The key of the secret to select from. + Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + secretAccessKey: + type: object + description: 'AWS [secret access key](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). + For example, `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`. + + ' + properties: + key: + type: string + description: 'The key of the secret to select from. + Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + caCertificate: + type: object + description: 'CA Certificate file to be used when connecting + to the S3 Compatible Service. + + ' + properties: + key: + type: string + description: 'The key of the secret to select from. + Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + required: + - accessKeyId + - secretAccessKey + required: + - secretKeySelectors + required: + - bucket + - awsCredentials + gcs: + type: object + description: 'Google Cloud Storage configuration. + + ' + properties: + bucket: + type: string + pattern: ^(gs://)?[^/]+(/[^/]*)*$ + description: 'GCS bucket name. + + ' + gcpCredentials: + type: object + description: 'The credentials to access GCS for writing and + reading. + + ' + properties: + fetchCredentialsFromMetadataService: + type: boolean + description: 'If true, the credentials will be fetched from + the GCE/GKE metadata service and the field `secretKeySelectors` + have to be set to null or omitted. + + + This is useful when running StackGres inside a GKE cluster + using [Workload Identity](https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity). + + ' + secretKeySelectors: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + to reference the Secrets that contain the information + about the Service Account to access GCS. + + ' + properties: + serviceAccountJSON: + type: object + description: 'A service account key from GCP. In JSON + format, as downloaded from the GCP Console. + + ' + properties: + key: + type: string + description: 'The key of the secret to select from. + Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + required: + - serviceAccountJSON + required: + - bucket + - gcpCredentials + azureBlob: + type: object + description: 'Azure Blob Storage configuration. + + ' + properties: + bucket: + type: string + pattern: ^(azure://)?[^/]+(/[^/]*)*$ + description: 'Azure Blob Storage bucket name. + + ' + azureCredentials: + type: object + description: 'The credentials to access Azure Blob Storage for + writing and reading. + + ' + properties: + secretKeySelectors: + type: object + description: 'Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core)(s) + to reference the Secret(s) that contain the information + about the `azureCredentials`. . Note that you may use + the same or different Secrets for the `storageAccount` + and the `accessKey`. In the former case, the `keys` that + identify each must be, obviously, different. + + ' + properties: + storageAccount: + type: object + description: 'The [Storage Account](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview?toc=/azure/storage/blobs/toc.json) + that contains the Blob bucket to be used. + + ' + properties: + key: + type: string + description: 'The key of the secret to select from. + Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + accessKey: + type: object + description: 'The [storage account access key](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal). + + ' + properties: + key: + type: string + description: 'The key of the secret to select from. + Must be a valid secret key. + + ' + name: + type: string + description: 'Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + + ' + required: + - key + - name + required: + - storageAccount + - accessKey + required: + - bucket + - azureCredentials + required: + - type + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgobjectstorage + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgpgconfigs.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgpgconfigs.yaml new file mode 100644 index 00000000000..33a8462d50d --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgpgconfigs.yaml @@ -0,0 +1,108 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgpgconfigs.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGPostgresConfig + listKind: SGPostgresConfigList + plural: sgpgconfigs + singular: sgpgconfig + shortNames: + - sgpgc + - sgpostgresconfig + - sgpostgresconfigs + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - name: version + type: string + jsonPath: .spec.postgresVersion + schema: + openAPIV3Schema: + type: object + required: + - metadata + - spec + properties: + metadata: + type: object + properties: + name: + type: string + description: 'Name of the Postgres Configuration. The configuration + may be referenced by zero or more SGClusters, and if so it would + be referenced by its name. Following [Kubernetes naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), + it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters + consisting of one or more lowercase labels separated by `.`. Where + each label is an alphanumeric (a-z, and 0-9) string, with the + `-` character allowed anywhere except the first or last character. + + + The name must be unique across all Postgres configurations in + the same namespace. + + ' + spec: + type: object + properties: + postgresVersion: + type: string + description: 'The **major** Postgres version the configuration is + for. Postgres major versions contain one number starting with + version 10 (`10`, `11`, `12`, etc), and two numbers separated + by a dot for previous versions (`9.6`, `9.5`, etc). + + + Note that Postgres maintains full compatibility across minor versions, + and hence a configuration for a given major version will work + for any minor version of that same major version. + + + Check [StackGres component versions](https://stackgres.io/doc/latest/intro/versions) + to see the Postgres versions supported by this version of StackGres. + + ' + postgresql.conf: + type: object + additionalProperties: + type: string + description: 'The `postgresql.conf` parameters the configuration + contains, represented as an object where the keys are valid names + for the `postgresql.conf` configuration file parameters of the + given `postgresVersion`. You may check [postgresqlco.nf](https://postgresqlco.nf) + as a reference on how to tune and find the valid parameters for + a given major version. + + ' + required: + - postgresVersion + - postgresql.conf + status: + type: object + properties: + defaultParameters: + type: object + additionalProperties: + type: string + description: 'The `postgresql.conf` default parameters which are + used if not set. + + ' + required: + - defaultParameters + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgpgconfig + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgpoolconfigs.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgpoolconfigs.yaml new file mode 100644 index 00000000000..c44deadb766 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgpoolconfigs.yaml @@ -0,0 +1,140 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgpoolconfigs.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGPoolingConfig + listKind: SGPoolingConfigList + plural: sgpoolconfigs + singular: sgpoolconfig + shortNames: + - sgpoc + - sgpoolingconfig + - sgpoolingconfigs + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + required: + - metadata + - spec + properties: + metadata: + type: object + properties: + name: + type: string + description: 'Name of the Connection Pooling Configuration. The + configuration may be referenced by zero or more SGClusters, and + if so it would be referenced by its name. Following [Kubernetes + naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), + it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters + consisting of one or more lowercase labels separated by `.`. Where + each label is an alphanumeric (a-z, and 0-9) string, with the + `-` character allowed anywhere except the first or last character. + + + The name must be unique across all Connection Pooling configurations + in the same namespace. + + ' + spec: + type: object + properties: + pgBouncer: + type: object + description: 'Connection pooling configuration based on PgBouncer. + + ' + properties: + pgbouncer.ini: + type: object + description: 'The `pgbouncer.ini` parameters the configuration + contains, represented as an object where the keys are valid + names for the `pgbouncer.ini` configuration file parameters. + + + Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) + for more information about supported parameters. + + ' + properties: + pgbouncer: + type: object + additionalProperties: true + description: 'The `pgbouncer.ini` (Section [pgbouncer]) + parameters the configuration contains, represented as + an object where the keys are valid names for the `pgbouncer.ini` + configuration file parameters. + + + Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#generic-settings) + for more information about supported parameters + + ' + databases: + type: object + additionalProperties: + type: object + additionalProperties: true + description: 'The `pgbouncer.ini` (Section [databases]) + parameters the configuration contains, represented as + an object where the keys are valid names for the `pgbouncer.ini` + configuration file parameters. + + + Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-databases) + for more information about supported parameters. + + ' + users: + type: object + additionalProperties: + type: object + additionalProperties: true + description: 'The `pgbouncer.ini` (Section [users]) parameters + the configuration contains, represented as an object where + the keys are valid names for the `pgbouncer.ini` configuration + file parameters. + + + Check [pgbouncer configuration](https://www.pgbouncer.org/config.html#section-users) + for more information about supported parameters. + + ' + status: + type: object + properties: + pgBouncer: + type: object + description: 'Connection pooling configuration status based on PgBouncer. + + ' + properties: + defaultParameters: + type: object + additionalProperties: + type: string + description: 'The `pgbouncer.ini` default parameters parameters + which are used if not set. + + ' + required: + - defaultParameters + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgpoolconfig + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgscripts.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgscripts.yaml new file mode 100644 index 00000000000..7be3b682d4b --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgscripts.yaml @@ -0,0 +1,243 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgscripts.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGScript + listKind: SGScriptList + plural: sgscripts + singular: sgscript + shortNames: + - sgscr + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - name: scripts + type: string + jsonPath: .spec.scripts.length + schema: + openAPIV3Schema: + type: object + required: + - metadata + - spec + properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 52 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + description: 'Name of the StackGres script. Following [Kubernetes + naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), + it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters + consisting of one or more lowercase labels separated by `.`. Where + each label is an alphanumeric (a-z, and 0-9) string, with the + `-` character allowed anywhere except the first or last character. + + + The name must be unique across all StackGres scripts in the same + namespace. The full script name includes the namespace in which + the script is created. + + ' + spec: + type: object + properties: + managedVersions: + type: boolean + description: 'If `true` the versions will be managed by the operator + automatically. The user will still be able to update them if needed. + `true` by default. + + ' + continueOnError: + type: boolean + description: 'If `true`, when any script entry fail will not prevent + subsequent script entries from being executed. `false` by default. + + ' + scripts: + type: array + description: 'A list of SQL scripts. + + ' + items: + type: object + description: 'Scripts are executed in auto-commit mode with the + user `postgres` in the specified database (or in database `postgres` + if not specified). + + + Fields `script` and `scriptFrom` are mutually exclusive and + only one of them is required. + + ' + properties: + name: + type: string + description: 'Name of the script. Must be unique across this + SGScript. + + ' + id: + type: integer + description: 'The id is immutable and must be unique across + all the script entries. It is replaced by the operator and + is used to identify the script for the whole life of the + `SGScript` object. + + ' + version: + type: integer + description: 'Version of the script. It will allow to identify + if this script entry has been changed. + + ' + database: + type: string + description: 'Database where the script is executed. Defaults + to the `postgres` database, if not specified. + + ' + user: + type: string + description: 'User that will execute the script. Defaults + to the `postgres` user. + + ' + wrapInTransaction: + type: string + description: 'Wrap the script in a transaction using the specified + transaction mode: + + + * `read-committed`: The script will be wrapped in a transaction + using [READ COMMITTED](https://www.postgresql.org/docs/current/transaction-iso.html#XACT-READ-COMMITTED) + isolation level. + + * `repeatable-read`: The script will be wrapped in a transaction + using [REPEATABLE READ](https://www.postgresql.org/docs/current/transaction-iso.html#XACT-REPEATABLE-READ) + isolation level. + + * `serializable`: The script will be wrapped in a transaction + using [SERIALIZABLE](https://www.postgresql.org/docs/current/transaction-iso.html#XACT-SERIALIZABLE) + isolation level. + + + If not set the script entry will not be wrapped in a transaction + + ' + storeStatusInDatabase: + type: boolean + description: "When set to `true` the script entry execution\ + \ will include storing the status of the execution of this\n\ + \ script entry in the table `managed_sql.status` that will\ + \ be created in the specified `database`. This\n will avoid\ + \ an operation that fails partially to be unrecoverable\ + \ requiring the intervention from the user\n if user in\ + \ conjunction with `retryOnError`.\n\nIf set to `true` then\ + \ `wrapInTransaction` field must be set.\n\nThis is `false`\ + \ by default.\n" + retryOnError: + type: boolean + description: "If not set or set to `false` the script entry\ + \ will not be retried if it fails.\n\nWhen set to `true`\ + \ the script execution will be retried with an exponential\ + \ backoff of 5 minutes,\n starting from 10 seconds and\ + \ a standard deviation of 10 seconds.\n\nThis is `false`\ + \ by default.\n" + script: + type: string + description: 'Raw SQL script to execute. This field is mutually + exclusive with `scriptFrom` field. + + ' + scriptFrom: + type: object + description: 'Reference to either a Kubernetes [Secret](https://kubernetes.io/docs/concepts/configuration/secret/) + or a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) + that contains the SQL script to execute. This field is mutually + exclusive with `script` field. + + + Fields `secretKeyRef` and `configMapKeyRef` are mutually + exclusive, and one of them is required. + + ' + properties: + secretKeyRef: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the SQL script to execute. This field + is mutually exclusive with `configMapKeyRef` field. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select from. + Must be a valid secret key. + configMapKeyRef: + type: object + description: 'A [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) + reference that contains the SQL script to execute. This + field is mutually exclusive with `secretKeyRef` field. + + ' + properties: + name: + type: string + description: 'The name of the ConfigMap that contains + the SQL script to execute. + + ' + key: + type: string + description: 'The key name within the ConfigMap that + contains the SQL script to execute. + + ' + status: + type: object + properties: + scripts: + type: array + description: 'A list of script entry statuses where a script entry + under `.spec.scripts` is identified by the `id` field. + + ' + items: + type: object + properties: + id: + type: integer + description: 'The id that identifies a script entry. + + ' + hash: + type: string + description: 'The hash of a ConfigMap or Secret referenced + with the associated script entry. + + ' + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgscript + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgshardedbackups.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgshardedbackups.yaml new file mode 100644 index 00000000000..13e20713f1d --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgshardedbackups.yaml @@ -0,0 +1,188 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgshardedbackups.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGShardedBackup + listKind: SGShardedBackupList + plural: sgshardedbackups + singular: sgshardedbackup + shortNames: + - sgsbk + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - name: cluster + type: string + jsonPath: .spec.sgShardedCluster + - name: managed + type: string + jsonPath: .spec.managedLifecycle + - name: status + type: string + jsonPath: .status.process.status + - name: pg-version + type: string + jsonPath: .status.backupInformation.postgresVersion + priority: 1 + - name: compressed-size + type: integer + format: byte + jsonPath: .status.backupInformation.size.compressed + priority: 1 + schema: + openAPIV3Schema: + type: object + required: + - metadata + - spec + description: "A manual or automatically generated sharded backup of an SGCluster\ + \ configured with an SGBackupConfig.\n\nWhen a SGBackup is created a Job\ + \ will perform a full sharded backup of the database and update the status\ + \ of the SGBackup\n with the all the information required to restore it\ + \ and some stats (or a failure message in case something unexpected\n\ + \ happened).\nAfter an SGBackup is created the same Job performs a reconciliation\ + \ of the sharded backups by applying the retention window\n that has been\ + \ configured in the SGBackupConfig and removing the sharded backups with\ + \ managed lifecycle and the WAL files older\n than the ones that fit in\ + \ the retention window. The reconciliation also removes sharded backups\ + \ (excluding WAL files) that do\n not belongs to any SGBackup. If the\ + \ target storage of the SGBackupConfig is changed deletion of an SGBackup\ + \ sharded backups\n with managed lifecycle and the WAL files older than\ + \ the ones that fit in the retention window and of sharded backups that\ + \ do\n not belongs to any SGBackup will not be performed anymore on the\ + \ previous storage, only on the new target storage.\n" + properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 56 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + description: 'Name of the sharded backup. Following [Kubernetes + naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), + it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters + consisting of one or more lowercase labels separated by `.`. Where + each label is an alphanumeric (a-z, and 0-9) string, with the + `-` character allowed anywhere except the first or last character. + + + The name must be unique across all StackGres sharded backups in + the same namespace." + + ' + spec: + type: object + properties: + sgShardedCluster: + type: string + description: "The name of the `SGShardedCluster` from which this\ + \ sharded backup is/will be taken.\n\nIf this is a copy of an\ + \ existing completed sharded backup in a different namespace\n\ + \ the value must be prefixed with the namespace of the source\ + \ backup and a\n dot `.` (e.g. `.`) or have the same value\n if the source sharded\ + \ backup is also a copy.\n" + managedLifecycle: + type: boolean + description: "Indicate if this sharded backup is permanent and should\ + \ not be removed by the automated\n retention policy. Default\ + \ is `false`.\n" + status: + type: object + properties: + sgBackups: + type: array + description: 'The list of SGBackups that compose the SGShardedBackup + used to restore the sharded cluster. + + ' + items: + type: string + description: 'One of the SGBackups that compose the SGShardedBackup + used to restore the sharded cluster. + + ' + process: + type: object + properties: + status: + type: string + description: 'Status of the sharded backup. + + ' + failure: + type: string + description: 'If the status is `failed` this field will contain + a message indicating the failure reason. + + ' + jobPod: + type: string + description: 'Name of the pod assigned to the sharded backup. + StackGres utilizes internally a locking mechanism based on + the pod name of the job that creates the sharded backup. + + ' + timing: + type: object + properties: + start: + type: string + description: 'Start time of sharded backup. + + ' + end: + type: string + description: 'End time of sharded backup. + + ' + stored: + type: string + description: 'Time at which the sharded backup is safely + stored in the object storage. + + ' + backupInformation: + type: object + properties: + postgresVersion: + type: string + description: 'Postgres version of the server where the sharded + backup is taken from. + + ' + size: + type: object + properties: + uncompressed: + type: integer + format: int64 + description: 'Size (in bytes) of the uncompressed sharded + backup. + + ' + compressed: + type: integer + format: int64 + description: 'Size (in bytes) of the compressed sharded + backup. + + ' + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgshardedbackup + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgshardedclusters.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgshardedclusters.yaml new file mode 100644 index 00000000000..8e1b7a14555 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgshardedclusters.yaml @@ -0,0 +1,23274 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgshardedclusters.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGShardedCluster + listKind: SGShardedClusterList + plural: sgshardedclusters + singular: sgshardedcluster + shortNames: + - sgscl + versions: + - name: v1alpha1 + served: true + storage: true + additionalPrinterColumns: + - name: version + type: string + jsonPath: .spec.postgres.version + - name: instances + type: integer + jsonPath: .spec.coordinator.instances + (.spec.shards.clusters * .spec.shards.instancesPerCluster) + - name: Profile + type: string + jsonPath: .spec.coordinator.sgInstanceProfile + ", " + .spec.shards.sgInstanceProfile + - name: Disk + type: string + jsonPath: .spec.coordinator.pods.persistentVolume.size + ", " + .spec.shards.pods.persistentVolume.size + - name: prometheus-autobind + type: string + jsonPath: .spec.prometheusAutobind + priority: 1 + - name: pool-config + type: string + jsonPath: .spec.coordinator.configurations.sgPoolingConfig + ", " + .spec.shards.configurations.sgPoolingConfig + priority: 1 + - name: postgres-config + type: string + jsonPath: .spec.coordinator.configurations.sgPostgresConfig + ", " + .spec.shards.configurations.sgPostgresConfig + priority: 1 + schema: + openAPIV3Schema: + type: object + required: + - metadata + - spec + properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 37 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + description: 'Name of the StackGres sharded cluster. Following [Kubernetes + naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), + it must be an rfc1035/rfc1123 subdomain, that is, up to 253 characters + consisting of one or more lowercase labels separated by `.`. Where + each label is an alphanumeric (a-z, and 0-9) string, with the + `-` character allowed anywhere except the first or last character. + + + The name must be unique across all SGCluster, SGShardedCluster + and SGDistributedLogs in the same namespace. + + ' + spec: + type: object + description: 'Specification of the desired behavior of a StackGres sharded + cluster. + + ' + properties: + profile: + type: string + description: "The profile allow to change in a convenient place\ + \ a set of configuration defaults that affect how the cluster\ + \ is generated.\n\nAll those defaults can be overwritten by setting\ + \ the correspoinding fields.\n\nAvailable profiles are:\n\n* `production`:\n\ + \n Prevents two Pods from running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `false` by default).\n Sets both limits and requests using\ + \ `SGInstanceProfile` for `patroni` container that runs both Patroni\ + \ and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced\ + \ `SGInstanceProfile` for sidecar containers other than `patroni`\ + \ (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `testing`:\n\n Allows two Pods\ + \ to running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Sets both limits and requests using\ + \ `SGInstanceProfile` for `patroni` container that runs both Patroni\ + \ and Postgres (set `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `false` by default).\n Sets requests using the referenced\ + \ `SGInstanceProfile` for sidecar containers other than `patroni`\ + \ (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `false` by default).\n\n* `development`:\n\n Allows two\ + \ Pods from running in the same Node (set `.spec.nonProductionOptions.disableClusterPodAntiAffinity`\ + \ to `true` by default).\n Unset both limits and requests for\ + \ `patroni` container that runs both Patroni and Postgres (set\ + \ `.spec.nonProductionOptions.disablePatroniResourceRequirements`\ + \ to `true` by default).\n Unsets requests for sidecar containers\ + \ other than `patroni` (set `.spec.nonProductionOptions.disableClusterResourceRequirements`\ + \ to `true` by default).\n\n**Changing this field may require\ + \ a restart.**\n" + default: production + type: + type: string + description: 'The sharding technology that will be used for the + sharded cluster. + + + Currently the only possible value for this field is `citus`. + + ' + database: + type: string + description: 'The database name that will be created and used across + all node and where "partitioned" (distributed) tables will live + in. + + ' + postgres: + type: object + description: 'This section allows to configure Postgres features + + ' + properties: + version: + type: string + description: 'Postgres version used on the cluster. It is either + of: + + * The string ''latest'', which automatically sets the latest + major.minor Postgres version. + + * A major version, like ''14'' or ''13'', which sets that + major version and the latest minor version. + + * A specific major.minor version, like ''14.4''. + + ' + flavor: + type: string + description: 'Postgres flavor used on the cluster. It is either + of: + + * `babelfish` will use the [Babelfish for Postgres](https://babelfish-for-postgresql.github.io/babelfish-for-postgresql/). + + + If not specified then the vanilla Postgres will be used for + the cluster. + + + **This field can only be set on creation.** + + ' + extensions: + type: array + description: "StackGres support deploy of extensions at runtime\ + \ by simply adding an entry to this array. A deployed extension\ + \ still\nrequires the creation in a database using the [`CREATE\ + \ EXTENSION`](https://www.postgresql.org/docs/current/sql-createextension.html)\n\ + statement. After an extension is deployed correctly it will\ + \ be present until removed and the cluster restarted.\n\n\ + A cluster restart is required for:\n* Extensions that requires\ + \ to add an entry to [`shared_preload_libraries`](https://postgresqlco.nf/en/doc/param/shared_preload_libraries/)\ + \ configuration parameter.\n* Upgrading extensions that overwrite\ + \ any file that is not the extension''s control file or extension''s\ + \ script file.\n* Removing extensions. Until the cluster is\ + \ not restarted a removed extension will still be available.\n\ + * Install of extensions that require extra mount. After installed\ + \ the cluster will require to be restarted.\n\n**Exmaple:**\n\ + \n``` yaml\napiVersion: stackgres.io/v1alpha1\nkind: SGShardedCluster\n\ + metadata:\n name: stackgres\nspec:\n postgres:\n extensions:\n\ + \ - {name: 'timescaledb', version: '2.3.1'}\n```\n" + items: + type: object + properties: + name: + type: string + description: The name of the extension to deploy. + publisher: + type: string + description: The id of the publisher of the extension + to deploy. If not specified `com.ongres` will be used + by default. + version: + type: string + description: The version of the extension to deploy. If + not specified version of `stable` channel will be used + by default. + repository: + type: string + description: 'The repository base URL from where to obtain + the extension to deploy. + + + **This section is filled by the operator.** + + ' + required: + - name + ssl: + type: object + description: "This section allows to use SSL when connecting\ + \ to Postgres\n\n**Example:**\n\n```yaml\napiVersion: stackgres.io/v1alpha1\n\ + kind: SGShardedCluster\nmetadata:\n name: stackgres\nspec:\n\ + \ postgres:\n ssl:\n enabled: true\n certificateSecretKeySelector:\n\ + \ name: stackgres-secrets\n key: cert\n \ + \ privateKeySecretKeySelector:\n name: stackgres-secrets\n\ + \ key: key\n```\n" + properties: + enabled: + type: boolean + description: 'Allow to enable SSL for connections to Postgres. + By default is `true`. + + + If `true` certificate and private key will be auto-generated + unless fields `certificateSecretKeySelector` and `privateKeySecretKeySelector` + are specified. + + ' + certificateSecretKeySelector: + type: object + description: 'Secret key selector for the certificate or + certificate chain used for SSL connections. + + ' + properties: + name: + type: string + description: 'The name of Secret that contains the certificate + or certificate chain for SSL connections + + ' + key: + type: string + description: 'The key of Secret that contains the certificate + or certificate chain for SSL connections + + ' + required: + - name + - key + privateKeySecretKeySelector: + type: object + description: 'Secret key selector for the private key used + for SSL connections. + + ' + properties: + name: + type: string + description: 'The name of Secret that contains the private + key for SSL connections + + ' + key: + type: string + description: 'The key of Secret that contains the private + key for SSL connections + + ' + required: + - name + - key + required: + - version + replication: + type: object + description: "This section allows to configure the global Postgres\ + \ replication mode.\n\nThe main replication group is implicit\ + \ and contains the total number of instances less the sum of all\n\ + \ instances in other replication groups.\n\nThe total number\ + \ of instances is always specified by `.spec.instances`.\n" + properties: + mode: + type: string + description: "The replication mode applied to the whole cluster.\n\ + Possible values are:\n* `async` (default)\n* `sync`\n* `strict-sync`\n\ + * `sync-all`\n* `strict-sync-all`\n\n**async**\n\nWhen in\ + \ asynchronous mode the cluster is allowed to lose some committed\ + \ transactions.\n When the primary server fails or becomes\ + \ unavailable for any other reason a sufficiently healthy\ + \ standby\n will automatically be promoted to primary. Any\ + \ transactions that have not been replicated to that standby\n\ + \ remain in a \"forked timeline\" on the primary, and are\ + \ effectively unrecoverable (the data is still there,\n but\ + \ recovering it requires a manual recovery effort by data\ + \ recovery specialists).\n\n**sync**\n\nWhen in synchronous\ + \ mode a standby will not be promoted unless it is certain\ + \ that the standby contains all\n transactions that may have\ + \ returned a successful commit status to client (clients can\ + \ change the behavior\n per transaction using PostgreSQL’s\ + \ `synchronous_commit` setting. Transactions with `synchronous_commit`\n\ + \ values of `off` and `local` may be lost on fail over, but\ + \ will not be blocked by replication delays). This\n means\ + \ that the system may be unavailable for writes even though\ + \ some servers are available. System\n administrators can\ + \ still use manual failover commands to promote a standby\ + \ even if it results in transaction\n loss.\n\nSynchronous\ + \ mode does not guarantee multi node durability of commits\ + \ under all circumstances. When no suitable\n standby is\ + \ available, primary server will still accept writes, but\ + \ does not guarantee their replication. When\n the primary\ + \ fails in this mode no standby will be promoted. When the\ + \ host that used to be the primary comes\n back it will get\ + \ promoted automatically, unless system administrator performed\ + \ a manual failover. This behavior\n makes synchronous mode\ + \ usable with 2 node clusters.\n\nWhen synchronous mode is\ + \ used and a standby crashes, commits will block until the\ + \ primary is switched to standalone\n mode. Manually shutting\ + \ down or restarting a standby will not cause a commit service\ + \ interruption. Standby will\n signal the primary to release\ + \ itself from synchronous standby duties before PostgreSQL\ + \ shutdown is initiated.\n\n**strict-sync**\n\nWhen it is\ + \ absolutely necessary to guarantee that each write is stored\ + \ durably on at least two nodes, use the strict\n synchronous\ + \ mode. This mode prevents synchronous replication to be switched\ + \ off on the primary when no synchronous\n standby candidates\ + \ are available. As a downside, the primary will not be available\ + \ for writes (unless the Postgres\n transaction explicitly\ + \ turns off `synchronous_mode` parameter), blocking all client\ + \ write requests until at least one\n synchronous replica\ + \ comes up.\n\n**Note**: Because of the way synchronous replication\ + \ is implemented in PostgreSQL it is still possible to lose\n\ + \ transactions even when using strict synchronous mode. If\ + \ the PostgreSQL backend is cancelled while waiting to acknowledge\n\ + \ replication (as a result of packet cancellation due to\ + \ client timeout or backend failure) transaction changes become\n\ + \ visible for other backends. Such changes are not yet replicated\ + \ and may be lost in case of standby promotion.\n\n**sync-all**\n\ + \nThe same as `sync` but `syncInstances` is ignored and the\ + \ number of synchronous instances is equals to the total number\n\ + \ of instances less one.\n\n**strict-sync-all**\n\nThe same\ + \ as `strict-sync` but `syncInstances` is ignored and the\ + \ number of synchronous instances is equals to the total number\n\ + \ of instances less one.\n" + default: async + syncInstances: + type: integer + minimum: 1 + description: "Number of synchronous standby instances. Must\ + \ be less than the total number of instances. It is set to\ + \ 1 by default.\n Only setteable if mode is `sync` or `strict-sync`.\n" + postgresServices: + type: object + description: Kubernetes [services](https://kubernetes.io/docs/concepts/services-networking/service/) + created or managed by StackGres. + properties: + coordinator: + type: object + description: 'Configuration for the coordinator services + + ' + properties: + any: + type: object + description: 'Configure the coordinator service to any instance + of the coordinator with the same name as the SGShardedCluster + plus the `-reads` suffix. + + + It provides a stable connection (regardless of node failures) + to any Postgres server of the coordinator cluster. Servers + are load-balanced via this service. + + + See also https://kubernetes.io/docs/concepts/services-networking/service/ + + ' + properties: + enabled: + type: boolean + description: Specify if the service should be created + or not. + type: + type: string + enum: + - ClusterIP + - LoadBalancer + - NodePort + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid + + options are ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates + + a cluster-internal IP address for load-balancing to + endpoints. + + "NodePort" builds on ClusterIP and allocates a port + on every node. + + "LoadBalancer" builds on NodePort and creates + + an external load-balancer (if supported in the current + cloud). + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + + ' + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may + be set to "false" if the cluster load-balancer does + not rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests + will be respected, regardless of this field. This + field may only be set for services with type LoadBalancer + and will be cleared if the type is changed to any + other type. + type: boolean + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes + system. + items: + type: string + type: array + externalTrafficPolicy: + description: 'externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of + the Service''s "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that + assumes that external load balancers will take care + of balancing the service traffic between nodes, and + so each node will deliver traffic only to the node-local + endpoints of the service, without masquerading the + client source IP. (Traffic mistakenly sent to a node + with no endpoints will be dropped.) The default value, + "Cluster", uses the standard behavior of routing to + all endpoints evenly (possibly modified by topology + and other features). Note that traffic sent to an + External IP or LoadBalancer IP from within the cluster + will always get "Cluster" semantics, but clients sending + to a NodePort from within the cluster may need to + take traffic policy into account when picking a node. + + + ' + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External + systems (e.g. load-balancers) can use this port to + determine if a given node holds endpoints for this + service or not. If this field is specified when creating + a Service which does not need it, creation will fail. + This field will be wiped when updating a Service to + no longer need it (e.g. changing type). This field + cannot be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the + same node as the pod, dropping the traffic if there + are no local endpoints. The default value, "Cluster", + uses the standard behavior of routing to all endpoints + evenly (possibly modified by topology and other features). + type: string + ipFamilies: + description: 'IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the + cluster, and ipFamilyPolicy allows it, it will be + used; otherwise creation of the service will fail. + This field is conditionally mutable: it allows for + adding or removing a secondary IP family, but it does + not allow changing the primary IP family of the Service. + Valid values are "IPv4" and "IPv6". This field only + applies to Services of types ClusterIP, NodePort, + and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to + type ExternalName. + + + This field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the + ipFamilyPolicy field.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is + no value provided, then this field will be set to + SingleStack. Services can be "SingleStack" (a single + IP family), "PreferDualStack" (two IP families on + dual-stack configured clusters or a single IP family + on single-stack clusters), or "RequireDualStack" (two + IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend + on the value of this field. This field will be wiped + when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set + when the Service type is 'LoadBalancer'. If not set, + the default load balancer implementation is used, + today this is typically done through the cloud provider + integration, but should apply for any default implementation. + If set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated + to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load + balancer is created. This field will be ignored if + the cloud-provider does not support the feature. Deprecated: + This field was under-specified and its meaning varies + across implementations, and it cannot support dual-stack. + As of Kubernetes v1.24, users are encouraged to use + implementation-specific annotations when available. + This field may be removed in a future API version.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified + client IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based + session affinity. Must be ClientIP or None. Defaults + to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + + + ' + type: string + sessionAffinityConfig: + description: SessionAffinityConfig represents the configurations + of session affinity. + properties: + clientIP: + description: ClientIPConfig represents the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The + value must be >0 && <=86400(for 1 day) if + ServiceAffinity == "ClientIP". Default value + is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + primary: + type: object + description: 'Configure the coordinator service to the primary + of the coordinator with the name as the SGShardedCluster. + + + It provides a stable connection (regardless of primary + failures or switchovers) to the read-write Postgres server + of the coordinator cluster. + + + See also https://kubernetes.io/docs/concepts/services-networking/service/ + + ' + properties: + enabled: + type: boolean + description: Specify if the service should be created + or not. + type: + type: string + enum: + - ClusterIP + - LoadBalancer + - NodePort + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid + + options are ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates + + a cluster-internal IP address for load-balancing to + endpoints. + + "NodePort" builds on ClusterIP and allocates a port + on every node. + + "LoadBalancer" builds on NodePort and creates + + an external load-balancer (if supported in the current + cloud). + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + + ' + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may + be set to "false" if the cluster load-balancer does + not rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests + will be respected, regardless of this field. This + field may only be set for services with type LoadBalancer + and will be cleared if the type is changed to any + other type. + type: boolean + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes + system. + items: + type: string + type: array + externalTrafficPolicy: + description: 'externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of + the Service''s "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that + assumes that external load balancers will take care + of balancing the service traffic between nodes, and + so each node will deliver traffic only to the node-local + endpoints of the service, without masquerading the + client source IP. (Traffic mistakenly sent to a node + with no endpoints will be dropped.) The default value, + "Cluster", uses the standard behavior of routing to + all endpoints evenly (possibly modified by topology + and other features). Note that traffic sent to an + External IP or LoadBalancer IP from within the cluster + will always get "Cluster" semantics, but clients sending + to a NodePort from within the cluster may need to + take traffic policy into account when picking a node. + + + ' + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External + systems (e.g. load-balancers) can use this port to + determine if a given node holds endpoints for this + service or not. If this field is specified when creating + a Service which does not need it, creation will fail. + This field will be wiped when updating a Service to + no longer need it (e.g. changing type). This field + cannot be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the + same node as the pod, dropping the traffic if there + are no local endpoints. The default value, "Cluster", + uses the standard behavior of routing to all endpoints + evenly (possibly modified by topology and other features). + type: string + ipFamilies: + description: 'IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the + cluster, and ipFamilyPolicy allows it, it will be + used; otherwise creation of the service will fail. + This field is conditionally mutable: it allows for + adding or removing a secondary IP family, but it does + not allow changing the primary IP family of the Service. + Valid values are "IPv4" and "IPv6". This field only + applies to Services of types ClusterIP, NodePort, + and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to + type ExternalName. + + + This field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the + ipFamilyPolicy field.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is + no value provided, then this field will be set to + SingleStack. Services can be "SingleStack" (a single + IP family), "PreferDualStack" (two IP families on + dual-stack configured clusters or a single IP family + on single-stack clusters), or "RequireDualStack" (two + IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend + on the value of this field. This field will be wiped + when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set + when the Service type is 'LoadBalancer'. If not set, + the default load balancer implementation is used, + today this is typically done through the cloud provider + integration, but should apply for any default implementation. + If set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated + to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load + balancer is created. This field will be ignored if + the cloud-provider does not support the feature. Deprecated: + This field was under-specified and its meaning varies + across implementations, and it cannot support dual-stack. + As of Kubernetes v1.24, users are encouraged to use + implementation-specific annotations when available. + This field may be removed in a future API version.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified + client IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based + session affinity. Must be ClientIP or None. Defaults + to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + + + ' + type: string + sessionAffinityConfig: + description: SessionAffinityConfig represents the configurations + of session affinity. + properties: + clientIP: + description: ClientIPConfig represents the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The + value must be >0 && <=86400(for 1 day) if + ServiceAffinity == "ClientIP". Default value + is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + customPorts: + type: array + description: "The list of custom ports that will be exposed\ + \ by the coordinator services.\n\nThe names of custom\ + \ ports will be prefixed with the string `custom-` so\ + \ they do not\n conflict with ports defined for the coordinator\ + \ services.\n\nThe names of target ports will be prefixed\ + \ with the string `custom-` so that the ports\n that\ + \ can be referenced in this section will be only those\ + \ defined under\n .spec.pods.customContainers[].ports\ + \ sections were names are also prepended with the same\n\ + \ prefix.\n\n**Changing this field may require a restart.**\n\ + \nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#serviceport-v1-core\n" + items: + description: "A custom port that will be exposed by the\ + \ Postgres coordinator services.\n\nThe name of the\ + \ custom port will be prefixed with the string `custom-`\ + \ so it does not\n conflict with ports defined for\ + \ the coordinator services.\n\nThe name of target port\ + \ will be prefixed with the string `custom-` so that\ + \ the port\n that can be referenced in this section\ + \ will be only those defined under\n .spec.pods.customContainers[].ports\ + \ sections were names are also prepended with the same\n\ + \ prefix.\n \nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#serviceport-v1-core\n" + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + description: "IntOrString is a type that can hold\ + \ an int32 or a string. When\n used in JSON or\ + \ YAML marshalling and unmarshalling, it produces\n\ + \ or consumes the inner type. This allows you to\ + \ have, for example,\n a JSON field that can accept\ + \ a name or number.\n\nThe name will be prefixed\ + \ with the string `custom-` so that the target port\ + \ that can be\n referenced will be only those defined\ + \ under .spec.pods.customContainers[].ports sections\n\ + \ were names are also prepended with the same prefix.\n" + format: int-or-string + type: string + required: + - port + type: object + shards: + type: object + description: 'Configuration for the shards services + + ' + properties: + primaries: + type: object + description: 'Configure the shards service to any primary + in the shards with the name as the SGShardedCluster plus + the `-shards` suffix. + + + It provides a stable connection (regardless of primary + failures or switchovers) to read-write Postgres servers + of any shard cluster. Read-write servers are load-balanced + via this service. + + + See also https://kubernetes.io/docs/concepts/services-networking/service/ + + ' + properties: + enabled: + type: boolean + description: Specify if the service should be created + or not. + type: + type: string + enum: + - ClusterIP + - LoadBalancer + - NodePort + description: 'type determines how the Service is exposed. + Defaults to ClusterIP. Valid + + options are ClusterIP, NodePort, and LoadBalancer. + "ClusterIP" allocates + + a cluster-internal IP address for load-balancing to + endpoints. + + "NodePort" builds on ClusterIP and allocates a port + on every node. + + "LoadBalancer" builds on NodePort and creates + + an external load-balancer (if supported in the current + cloud). + + More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + + ' + allocateLoadBalancerNodePorts: + description: allocateLoadBalancerNodePorts defines if + NodePorts will be automatically allocated for services + with type LoadBalancer. Default is "true". It may + be set to "false" if the cluster load-balancer does + not rely on NodePorts. If the caller requests specific + NodePorts (by specifying a value), those requests + will be respected, regardless of this field. This + field may only be set for services with type LoadBalancer + and will be cleared if the type is changed to any + other type. + type: boolean + externalIPs: + description: externalIPs is a list of IP addresses for + which nodes in the cluster will also accept traffic + for this service. These IPs are not managed by Kubernetes. The + user is responsible for ensuring that traffic arrives + at a node with this IP. A common example is external + load-balancers that are not part of the Kubernetes + system. + items: + type: string + type: array + externalTrafficPolicy: + description: 'externalTrafficPolicy describes how nodes + distribute service traffic they receive on one of + the Service''s "externally-facing" addresses (NodePorts, + ExternalIPs, and LoadBalancer IPs). If set to "Local", + the proxy will configure the service in a way that + assumes that external load balancers will take care + of balancing the service traffic between nodes, and + so each node will deliver traffic only to the node-local + endpoints of the service, without masquerading the + client source IP. (Traffic mistakenly sent to a node + with no endpoints will be dropped.) The default value, + "Cluster", uses the standard behavior of routing to + all endpoints evenly (possibly modified by topology + and other features). Note that traffic sent to an + External IP or LoadBalancer IP from within the cluster + will always get "Cluster" semantics, but clients sending + to a NodePort from within the cluster may need to + take traffic policy into account when picking a node. + + + ' + type: string + healthCheckNodePort: + description: healthCheckNodePort specifies the healthcheck + nodePort for the service. This only applies when type + is set to LoadBalancer and externalTrafficPolicy is + set to Local. If a value is specified, is in-range, + and is not in use, it will be used. If not specified, + a value will be automatically allocated. External + systems (e.g. load-balancers) can use this port to + determine if a given node holds endpoints for this + service or not. If this field is specified when creating + a Service which does not need it, creation will fail. + This field will be wiped when updating a Service to + no longer need it (e.g. changing type). This field + cannot be updated once set. + format: int32 + type: integer + internalTrafficPolicy: + description: InternalTrafficPolicy describes how nodes + distribute service traffic they receive on the ClusterIP. + If set to "Local", the proxy will assume that pods + only want to talk to endpoints of the service on the + same node as the pod, dropping the traffic if there + are no local endpoints. The default value, "Cluster", + uses the standard behavior of routing to all endpoints + evenly (possibly modified by topology and other features). + type: string + ipFamilies: + description: 'IPFamilies is a list of IP families (e.g. + IPv4, IPv6) assigned to this service. This field is + usually assigned automatically based on cluster configuration + and the ipFamilyPolicy field. If this field is specified + manually, the requested family is available in the + cluster, and ipFamilyPolicy allows it, it will be + used; otherwise creation of the service will fail. + This field is conditionally mutable: it allows for + adding or removing a secondary IP family, but it does + not allow changing the primary IP family of the Service. + Valid values are "IPv4" and "IPv6". This field only + applies to Services of types ClusterIP, NodePort, + and LoadBalancer, and does apply to "headless" services. + This field will be wiped when updating a Service to + type ExternalName. + + + This field may hold a maximum of two entries (dual-stack + families, in either order). These families must correspond + to the values of the clusterIPs field, if specified. + Both clusterIPs and ipFamilies are governed by the + ipFamilyPolicy field.' + items: + type: string + type: array + x-kubernetes-list-type: atomic + ipFamilyPolicy: + description: IPFamilyPolicy represents the dual-stack-ness + requested or required by this Service. If there is + no value provided, then this field will be set to + SingleStack. Services can be "SingleStack" (a single + IP family), "PreferDualStack" (two IP families on + dual-stack configured clusters or a single IP family + on single-stack clusters), or "RequireDualStack" (two + IP families on dual-stack configured clusters, otherwise + fail). The ipFamilies and clusterIPs fields depend + on the value of this field. This field will be wiped + when updating a service to type ExternalName. + type: string + loadBalancerClass: + description: loadBalancerClass is the class of the load + balancer implementation this Service belongs to. If + specified, the value of this field must be a label-style + identifier, with an optional prefix, e.g. "internal-vip" + or "example.com/internal-vip". Unprefixed names are + reserved for end-users. This field can only be set + when the Service type is 'LoadBalancer'. If not set, + the default load balancer implementation is used, + today this is typically done through the cloud provider + integration, but should apply for any default implementation. + If set, it is assumed that a load balancer implementation + is watching for Services with a matching class. Any + default load balancer implementation (e.g. cloud providers) + should ignore Services that set this field. This field + can only be set when creating or updating a Service + to type 'LoadBalancer'. Once set, it can not be changed. + This field will be wiped when a service is updated + to a non 'LoadBalancer' type. + type: string + loadBalancerIP: + description: 'Only applies to Service Type: LoadBalancer. + This feature depends on whether the underlying cloud-provider + supports specifying the loadBalancerIP when a load + balancer is created. This field will be ignored if + the cloud-provider does not support the feature. Deprecated: + This field was under-specified and its meaning varies + across implementations, and it cannot support dual-stack. + As of Kubernetes v1.24, users are encouraged to use + implementation-specific annotations when available. + This field may be removed in a future API version.' + type: string + loadBalancerSourceRanges: + description: 'If specified and supported by the platform, + this will restrict traffic through the cloud-provider + load-balancer will be restricted to the specified + client IPs. This field will be ignored if the cloud-provider + does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' + items: + type: string + type: array + sessionAffinity: + description: 'Supports "ClientIP" and "None". Used to + maintain session affinity. Enable client IP based + session affinity. Must be ClientIP or None. Defaults + to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + + + ' + type: string + sessionAffinityConfig: + description: SessionAffinityConfig represents the configurations + of session affinity. + properties: + clientIP: + description: ClientIPConfig represents the configurations + of Client IP based session affinity. + properties: + timeoutSeconds: + description: timeoutSeconds specifies the seconds + of ClientIP type session sticky time. The + value must be >0 && <=86400(for 1 day) if + ServiceAffinity == "ClientIP". Default value + is 10800(for 3 hours). + format: int32 + type: integer + type: object + type: object + customPorts: + type: array + description: "The list of custom ports that will be exposed\ + \ by the shards services.\n\nThe names of custom ports\ + \ will be prefixed with the string `custom-` so they do\ + \ not\n conflict with ports defined for the shards services.\n\ + \nThe names of target ports will be prefixed with the\ + \ string `custom-` so that the ports\n that can be referenced\ + \ in this section will be only those defined under\n \ + \ .spec.pods.customContainers[].ports sections were names\ + \ are also prepended with the same\n prefix.\n\n**Changing\ + \ this field may require a restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#serviceport-v1-core\n" + items: + description: "A custom port that will be exposed by the\ + \ Postgres shards services.\n\nThe name of the custom\ + \ port will be prefixed with the string `custom-` so\ + \ it does not\n conflict with ports defined for the\ + \ shards services.\n\nThe name of target port will be\ + \ prefixed with the string `custom-` so that the port\n\ + \ that can be referenced in this section will be only\ + \ those defined under\n .spec.pods.customContainers[].ports\ + \ sections were names are also prepended with the same\n\ + \ prefix.\n \nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#serviceport-v1-core\n" + properties: + appProtocol: + description: The application protocol for this port. + This field follows standard Kubernetes label syntax. + Un-prefixed names are reserved for IANA standard + service names (as per RFC-6335 and http://www.iana.org/assignments/service-names). + Non-standard protocols should use prefixed names + such as mycompany.com/my-custom-protocol. + type: string + name: + description: The name of this port within the service. + This must be a DNS_LABEL. All ports within a ServiceSpec + must have unique names. When considering the endpoints + for a Service, this must match the 'name' field + in the EndpointPort. Optional if only one ServicePort + is defined on this service. + type: string + nodePort: + description: 'The port on each node on which this + service is exposed when type is NodePort or LoadBalancer. Usually + assigned by the system. If a value is specified, + in-range, and not in use it will be used, otherwise + the operation will fail. If not specified, a port + will be allocated if this Service requires one. If + this field is specified when creating a Service + which does not need it, creation will fail. This + field will be wiped when updating a Service to no + longer need it (e.g. changing type from NodePort + to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' + format: int32 + type: integer + port: + description: The port that will be exposed by this + service. + format: int32 + type: integer + protocol: + description: The IP protocol for this port. Supports + "TCP", "UDP", and "SCTP". Default is TCP. + type: string + targetPort: + description: "IntOrString is a type that can hold\ + \ an int32 or a string. When\n used in JSON or\ + \ YAML marshalling and unmarshalling, it produces\n\ + \ or consumes the inner type. This allows you to\ + \ have, for example,\n a JSON field that can accept\ + \ a name or number.\n\nThe name will be prefixed\ + \ with the string `custom-` so that the target port\ + \ that can be\n referenced will be only those defined\ + \ under .spec.pods.customContainers[].ports sections\n\ + \ were names are also prepended with the same prefix.\n" + format: int-or-string + type: string + required: + - port + type: object + configurations: + type: object + description: "Sharded cluster custom configurations.\n\n**Example:**\n\ + \n``` yaml\napiVersion: stackgres.io/v1alpha1\nkind: SGShardedCluster\n\ + metadata:\n name: stackgres\nspec:\n configurations:\n backups:\n\ + \ - sgObjectStorage: 'backupconf'\n```\n" + properties: + backups: + type: array + description: 'List of sharded backups configurations for this + SGShardedCluster + + ' + items: + type: object + description: 'Sharded backup configuration for this SGShardedCluster + + ' + properties: + compression: + type: string + description: 'Specifies the backup compression algorithm. + Possible options are: lz4, lzma, brotli. The default + method is `lz4`. LZ4 is the fastest method, but compression + ratio is the worst. LZMA is way slower, but it compresses + backups about 6 times better than LZ4. Brotli is a good + trade-off between speed and compression ratio, being + about 3 times better than LZ4. + + ' + enum: + - lz4 + - lzma + - brotli + cronSchedule: + type: string + description: 'Continuous Archiving backups are composed + of periodic *base backups* and all the WAL segments + produced in between those base backups for the coordinator + and each shard. This parameter specifies at what time + and with what frequency to start performing a new base + backup. + + + Use cron syntax (`m h dom mon dow`) for this parameter, + i.e., 5 values separated by spaces: + + * `m`: minute, 0 to 59. + + * `h`: hour, 0 to 23. + + * `dom`: day of month, 1 to 31 (recommended not to + set it higher than 28). + + * `mon`: month, 1 to 12. + + * `dow`: day of week, 0 to 7 (0 and 7 both represent + Sunday). + + + Also ranges of values (`start-end`), the symbol `*` + (meaning `first-last`) or even `*/N`, where `N` is a + number, meaning ""every `N`, may be used. All times + are UTC. It is recommended to avoid 00:00 as base backup + time, to avoid overlapping with any other external operations + happening at this time. + + + If not set, full backups are never performed automatically. + + ' + performance: + type: object + description: 'Configuration that affects the backup network + and disk usage performance. + + ' + properties: + maxNetworkBandwidth: + type: integer + description: 'Maximum storage upload bandwidth used + when storing a backup. In bytes (per second). + + ' + maxDiskBandwidth: + type: integer + description: 'Maximum disk read I/O when performing + a backup. In bytes (per second). + + ' + uploadDiskConcurrency: + type: integer + minimum: 1 + description: 'Backup storage may use several concurrent + streams to store the data. This parameter configures + the number of parallel streams to use to reading + from disk. By default, it''s set to 1. + + ' + uploadConcurrency: + type: integer + minimum: 1 + description: 'Backup storage may use several concurrent + streams to store the data. This parameter configures + the number of parallel streams to use. By default, + it''s set to 16. + + ' + downloadConcurrency: + type: integer + minimum: 1 + description: 'Backup storage may use several concurrent + streams to read the data. This parameter configures + the number of parallel streams to use. By default, + it''s set to the minimum between the number of file + to read and 10. + + ' + retention: + type: integer + minimum: 1 + description: 'When an automatic retention policy is defined + to delete old base backups, this parameter specifies + the number of base backups to keep, in a sliding window. + + + Consequently, the time range covered by backups is `periodicity*retention`, + where `periodicity` is the separation between backups + as specified by the `cronSchedule` property. + + + Default is 5. + + ' + sgObjectStorage: + type: string + description: 'Name of the [SGObjectStorage](https://stackgres.io/doc/latest/reference/crd/sgobjectstorage) + to use for the cluster. It defines the location in which + the the backups will be stored. + + ' + paths: + type: array + items: + type: string + description: 'The paths were the backups are stored. If + not set this field is filled up by the operator. + + + When provided will indicate were the backups and WAL + files will be stored. + + + The first path indicate the coordinator path and the + other paths indicate the shards paths + + ' + required: + - sgObjectStorage + credentials: + type: object + description: 'Allow to specify custom credentials for Postgres + users and Patroni REST API + + + **Changing this field may require a restart.** + + ' + properties: + patroni: + type: object + description: 'Kubernetes [SecretKeySelectors](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials for patroni REST API. + + + **Changing this field may require a restart.** + + ' + properties: + restApiPassword: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password for the patroni REST API. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select from. + Must be a valid secret key. + required: + - name + - key + users: + type: object + description: "Kubernetes [SecretKeySelectors](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core)\ + \ that contains the credentials of the users.\n\n**Changing\ + \ this field may require a manual modification of the\ + \ database users to reflect the new values specified.**\n\ + \nIn particular you may have to create those users if\ + \ username is changed or alter password if it is changed.\ + \ Here are the SQL commands to perform such operation\ + \ (replace\n default usernames with the new ones and\ + \ `***` with their respective passwords):\n\n* Superuser\ + \ username changed:\n```\nCREATE ROLE postgres;\n```\n\ + * Superuser password changed:\n```\nALTER ROLE postgres\ + \ WITH SUPERUSER INHERIT CREATEROLE CREATEDB LOGIN REPLICATION\ + \ BYPASSRLS PASSWORD '***';\n```\n* Replication username\ + \ changed:\n```\nCREATE ROLE replicator;\n```\n* Replication\ + \ password changed:\n```\nALTER ROLE replicator WITH NOSUPERUSER\ + \ INHERIT NOCREATEROLE NOCREATEDB LOGIN REPLICATION NOBYPASSRLS\ + \ PASSWORD '***';\n```\n* Authenticator username changed:\n\ + ```\nCREATE ROLE authenticator;\n```\n* Authenticator\ + \ password changed:\n```\nALTER ROLE authenticator WITH\ + \ SUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION\ + \ NOBYPASSRLS PASSWORD '***';\n```\n\n**Changing this\ + \ field may require a restart.**\n" + properties: + superuser: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials of the superuser (usually + the postgres user). + + ' + properties: + username: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + password: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + replication: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials of the replication user + used to replicate from the primary cluster and from + replicas of this cluster. + + ' + properties: + username: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + password: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + authenticator: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the credentials of the authenticator + user used by pgbouncer to authenticate other users. + + ' + properties: + username: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the username of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + password: + type: object + description: 'A Kubernetes [SecretKeySelector](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#secretkeyselector-v1-core) + that contains the password of the user. + + ' + properties: + name: + type: string + description: Name of the referent. [More information](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names). + key: + type: string + description: The key of the secret to select + from. Must be a valid secret key. + required: + - name + - key + binding: + type: object + description: "This section allows to specify the properties\ + \ of [Service Binding spec for provisioned service](https://servicebinding.io/spec/core/1.0.0/#provisioned-service).\n\ + \ If not specified, then some default will be used.\n\nFor\ + \ more information see https://servicebinding.io/spec/core/1.0.0/\n" + properties: + provider: + type: string + description: It's the reference of custom provider name. + If not specified, then the default value will be `stackgres` + database: + type: string + description: Allow to specify the database name. If not + specified, then the default value is `postgres` + username: + type: string + description: Allow to specify the username. If not specified, + then the superuser username will be used. + password: + type: object + description: Allow to reference Secret that contains the + user's password. If not specified, then the superuser + password will be used. + properties: + name: + type: string + description: The name of the Secret + key: + type: string + description: The key of the Secret + metadata: + type: object + description: Metadata information from any cluster created resources. + properties: + annotations: + type: object + description: "Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/)\ + \ to be passed to resources created and managed by StackGres.\n\ + \n**Example:**\n\n```yaml\napiVersion: stackgres.io/v1alpha1\n\ + kind: SGShardedCluster\nmetadata:\n name: stackgres\nspec:\n\ + \ metadata:\n annotations:\n clusterPods:\n \ + \ customAnnotations: customAnnotationValue\n primaryService:\n\ + \ customAnnotations: customAnnotationValue\n replicasService:\n\ + \ customAnnotations: customAnnotationValue\n```\n" + properties: + allResources: + type: object + description: Annotations to attach to any resource created + or managed by StackGres. + additionalProperties: + type: string + clusterPods: + type: object + description: Annotations to attach to pods created or managed + by StackGres. + additionalProperties: + type: string + services: + type: object + description: Annotations to attach to all services created + or managed by StackGres. + additionalProperties: + type: string + primaryService: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + passed to the `-primary` service. + additionalProperties: + type: string + replicasService: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + passed to the `-replicas` service. + additionalProperties: + type: string + labels: + type: object + description: "Custom Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/)\ + \ to be passed to resources created and managed by StackGres.\n\ + \n**Example:**\n\n```yaml\napiVersion: stackgres.io/v1alpha1\n\ + kind: SGShardedCluster\nmetadata:\n name: stackgres\nspec:\n\ + \ metadata:\n labels:\n clusterPods:\n customLabel:\ + \ customLabelValue\n services:\n customLabel:\ + \ customLabelValue\n```\n" + properties: + clusterPods: + type: object + description: Labels to attach to Pods created or managed + by StackGres. + additionalProperties: + type: string + services: + type: object + description: Labels to attach to Services and Endpoints + created or managed by StackGres. + additionalProperties: + type: string + coordinator: + type: object + description: 'The coordinator is a StackGres cluster responsible + of coordinating data storage and access from the shards. + + ' + properties: + instances: + type: integer + minimum: 1 + maximum: 16 + description: "Number of StackGres instances for the cluster.\ + \ Each instance contains one Postgres server.\n Out of all\ + \ of the Postgres servers, one is elected as the primary,\ + \ the rest remain as read-only replicas.\n" + sgInstanceProfile: + type: string + description: 'Name of the [SGInstanceProfile](https://stackgres.io/doc/latest/reference/crd/sginstanceprofile/). + + + A SGInstanceProfile defines CPU and memory limits. Must exist + before creating a cluster. + + + When no profile is set, a default (1 core, 2 GiB RAM) one + is used. + + + **Changing this field may require a restart.** + + ' + managedSql: + type: object + description: 'This section allows to reference SQL scripts that + will be applied to the cluster live. + + ' + properties: + continueOnSGScriptError: + type: boolean + description: If true, when any entry of any `SGScript` fail + will not prevent subsequent `SGScript` from being executed. + By default is `false`. + scripts: + type: array + description: 'A list of script references that will be executed + in sequence. + + ' + items: + type: object + description: "A script reference. Each version of each\ + \ entry of the script referenced will be executed exactly\ + \ once following the sequence defined\n in the referenced\ + \ script and skipping any script entry that have already\ + \ been executed.\n" + properties: + id: + type: integer + description: The id is immutable and must be unique + across all the `SGScript` entries. It is replaced + by the operator and is used to identify the `SGScript` + entry. + sgScript: + type: string + description: A reference to an `SGScript` + pods: + type: object + description: Cluster pod's configuration. + properties: + persistentVolume: + type: object + description: Pod's persistent volume configuration. + properties: + size: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi|Ti)$ + description: 'Size of the PersistentVolume set for each + instance of the cluster. This size is specified either + in Mebibytes, Gibibytes or Tebibytes (multiples of + 2^20, 2^30 or 2^40, respectively). + + ' + storageClass: + type: string + description: 'Name of an existing StorageClass in the + Kubernetes cluster, used to create the PersistentVolumes + for the instances of the cluster. + + ' + required: + - size + disableConnectionPooling: + type: boolean + description: 'If set to `true`, avoids creating a connection + pooling (using [PgBouncer](https://www.pgbouncer.org/)) + sidecar. + + + **Changing this field may require a restart.** + + ' + disableMetricsExporter: + type: boolean + description: 'If set to `true`, avoids creating the Prometheus + exporter sidecar. Recommended when there''s no intention + to use Prometheus for monitoring. + + ' + disablePostgresUtil: + type: boolean + description: 'If set to `true`, avoids creating the `postgres-util` + sidecar. This sidecar contains usual Postgres administration + utilities *that are not present in the main (`patroni`) + container*, like `psql`. Only disable if you know what + you are doing. + + + **Changing this field may require a restart.** + + ' + resources: + type: object + description: Pod custom resources configuration. + properties: + enableClusterLimitsRequirements: + type: boolean + description: 'When enabled resource limits for containers + other than the patroni container wil be set just like + for patroni contianer as specified in the SGInstanceProfile. + + + **Changing this field may require a restart.** + + ' + disableResourcesRequestsSplitFromTotal: + type: boolean + description: "When set to `true` the resources requests\ + \ values in fields `SGInstanceProfile.spec.requests.cpu`\ + \ and `SGInstanceProfile.spec.requests.memory` will\ + \ represent the resources\n requests of the patroni\ + \ container and the total resources requests calculated\ + \ by adding the resources requests of all the containers\ + \ (including the patroni container).\n\n**Changing\ + \ this field may require a restart.**\n" + scheduling: + type: object + description: 'Pod custom scheduling, affinity and topology + spread constratins configuration. + + + **Changing this field may require a restart.** + + ' + properties: + nodeSelector: + type: object + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector which + must match a node''s labels for the pod to be scheduled + on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + + ' + tolerations: + description: 'If specified, the pod''s tolerations. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + type: array + items: + description: 'The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + properties: + effect: + description: 'Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + + + ' + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: 'Operator represents a key''s relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + + + ' + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + nodeAffinity: + description: 'Node affinity is a group of node affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node matches the corresponding + matchExpressions; the node(s) with the highest + sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the union + of the results of one or more label queries over + a set of nodes; that is, it represents the OR + of the selectors represented by the node selector + terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + priorityClassName: + type: string + description: 'Priority indicates the importance of a + Pod relative to other Pods. If a Pod cannot be scheduled, + the scheduler tries to preempt (evict) lower priority + Pods to make scheduling of the pending Pod possible. + + ' + podAffinity: + description: 'Pod affinity is a group of inter pod affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: 'Pod anti affinity is a group of inter + pod anti affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the anti-affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to a pod label update), the + system may or may not try to eventually evict + the pod from its node. When there are multiple + elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + topologySpreadConstraints: + type: array + description: 'TopologySpreadConstraints describes how + a group of pods ought to spread across topology domains. + Scheduler will schedule pods in a way which abides + by the constraints. All topologySpreadConstraints + are ANDed. + + ' + items: + description: 'TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#topologyspreadconstraint-v1-core + + ' + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select the pods over which spreading + will be calculated. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are ANDed with labelSelector to select + the group of existing pods over which spreading + will be calculated for the incoming pod. Keys + that don't exist in the incoming pod labels + will be ignored. A null or empty list means + only match against labelSelector. + items: + type: string + type: array + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. When + `whenUnsatisfiable=DoNotSchedule`, it is the + maximum permitted difference between the number + of matching pods in the target topology and + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: 'MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + "global minimum" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won''t schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is + set to 2, MinDomains is set to 5 and pods with + the same labelSelector spread as 2/2/2: | zone1 + | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), + so "global minimum" is treated as 0. In this + situation, new pod with the same labelSelector + cannot be scheduled, because computed skew will + be 3(3 - 0) if new Pod is scheduled to any of + the three zones, it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default).' + format: int32 + type: integer + nodeAffinityPolicy: + description: 'NodeAffinityPolicy indicates how + we will treat Pod''s nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options + are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: + nodeAffinity/nodeSelector are ignored. All nodes + are included in the calculations. + + + If this value is nil, the behavior is equivalent + to the Honor policy. This is a alpha-level feature + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag.' + type: string + nodeTaintsPolicy: + description: 'NodeTaintsPolicy indicates how we + will treat node taints when calculating pod + topology spread skew. Options are: - Honor: + nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. + All nodes are included. + + + If this value is nil, the behavior is equivalent + to the Ignore policy. This is a alpha-level + feature enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag.' + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods into + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. + type: string + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how\ + \ to deal with a pod if it doesn't satisfy the\ + \ spread constraint. - DoNotSchedule (default)\ + \ tells the scheduler not to schedule it. -\ + \ ScheduleAnyway tells the scheduler to schedule\ + \ the pod in any location,\n but giving higher\ + \ precedence to topologies that would help reduce\ + \ the\n skew.\nA constraint is considered \"\ + Unsatisfiable\" for an incoming pod if and only\ + \ if every possible node assignment for that\ + \ pod would violate \"MaxSkew\" on some topology.\ + \ For example, in a 3-zone cluster, MaxSkew\ + \ is set to 1, and pods with the same labelSelector\ + \ spread as 3/1/1: | zone1 | zone2 | zone3 |\ + \ | P P P | P | P | If WhenUnsatisfiable\ + \ is set to DoNotSchedule, incoming pod can\ + \ only be scheduled to zone2(zone3) to become\ + \ 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)\ + \ satisfies MaxSkew(1). In other words, the\ + \ cluster can still be imbalanced, but scheduler\ + \ won't make it *more* imbalanced. It's a required\ + \ field.\n\n" + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + backup: + type: object + description: Backup Pod custom scheduling and affinity + configuration. + properties: + nodeSelector: + description: 'Node affinity is a group of node affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the + union of the results of one or more label + queries over a set of nodes; that is, it represents + the OR of the selectors represented by the + node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + tolerations: + description: 'Node affinity is a group of node affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the + union of the results of one or more label + queries over a set of nodes; that is, it represents + the OR of the selectors represented by the + node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + nodeAffinity: + description: 'Node affinity is a group of node affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the + union of the results of one or more label + queries over a set of nodes; that is, it represents + the OR of the selectors represented by the + node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + priorityClassName: + type: string + description: 'Priority indicates the importance + of a Pod relative to other Pods. If a Pod cannot + be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the + pending Pod possible. + + ' + podAffinity: + description: 'Pod affinity is a group of inter pod + affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label selector is a + label query over a set of resources. + The result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a + label query over a set of resources. + The result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: 'Pod anti affinity is a group of inter + pod anti affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most + preferred is the one with the greatest sum + of weights, i.e. for each node that meets + all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label selector is a + label query over a set of resources. + The result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a + label query over a set of resources. + The result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + managementPolicy: + type: string + description: "managementPolicy controls how pods are created\ + \ during initial scale up, when replacing pods\n on nodes,\ + \ or when scaling down. The default policy is `OrderedReady`,\ + \ where pods are created\n in increasing order (pod-0,\ + \ then pod-1, etc) and the controller will wait until\ + \ each pod is\n ready before continuing. When scaling\ + \ down, the pods are removed in the opposite order.\n\ + \ The alternative policy is `Parallel` which will create\ + \ pods in parallel to match the desired\n scale without\ + \ waiting, and on scale down will delete all pods at once.\n" + customVolumes: + type: array + description: "A list of custom volumes that may be used\ + \ along with any container defined in\n customInitContainers\ + \ or customContainers sections for the coordinator.\n\n\ + The name used in this section will be prefixed with the\ + \ string `custom-` so that when\n referencing them in\ + \ the customInitContainers or customContainers sections\ + \ the name used\n have to be prepended with the same\ + \ prefix.\n\nOnly the following volume types are allowed:\ + \ configMap, downwardAPI, emptyDir,\n gitRepo, glusterfs,\ + \ hostPath, nfs, projected and secret\n\n**Changing this\ + \ field may require a restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#volume-v1-core\n" + items: + type: object + description: "A custom volume that may be used along with\ + \ any container defined in\n customInitContainers or\ + \ customContainers sections.\n\nThe name used in this\ + \ section will be prefixed with the string `custom-`\ + \ so that when\n referencing them in the customInitContainers\ + \ or customContainers sections the name used\n have\ + \ to be prepended with the same prefix.\n\nOnly the\ + \ following volume types are allowed: configMap, downwardAPI,\ + \ emptyDir,\n gitRepo, glusterfs, hostPath, nfs, projected\ + \ and secret\n\n**Changing this field may require a\ + \ restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#volume-v1-core\n" + properties: + name: + description: "Volumes name. Must be a DNS_LABEL and\ + \ unique within the pod.\n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\n\ + \nThe name will be prefixed with the string `custom-`\ + \ so that when referencing them in the\n customInitContainers\ + \ or customContainers sections the name used have\ + \ to be prepended with\n the same prefix.\n" + type: string + configMap: + description: 'Adapts a ConfigMap into a volume. + + + The contents of the target ConfigMap''s Data field + will be presented in a volume as files using the + keys in the Data field as the file names, unless + the items element is populated with specific mappings + of keys to paths. ConfigMap volumes support ownership + management and SELinux relabeling.' + properties: + defaultMode: + description: 'Optional: mode bits used to set + permissions on created files by default. Must + be an octal value between 0000 and 0777 or a + decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires + decimal values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to + set permissions on this file. Must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or + its keys must be defined + type: boolean + type: object + downwardAPI: + description: DownwardAPIVolumeSource represents a + volume containing downward API info. Downward API + volumes support ownership management and SELinux + relabeling. + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits + used to set permissions on created files by + default. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. + Defaults to 0644. Directories within the path + are not affected by this setting. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: ObjectFieldSelector selects + an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: ResourceFieldSelector represents + container resources (cpu, memory) and + their output format + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to\ + \ String() and AsInt64() accessors.\n\ + \nThe serialization format is:\n\n\ + ::= \n\ + \ (Note that may be empty,\ + \ from the \"\" case in .)\n\ + ::= 0 | 1 | ...\ + \ | 9 ::= \ + \ | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= \ + \ | | \ + \ ::= Ki | Mi |\ + \ Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k\ + \ | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't\ + \ choose the capitalization.)\n\ + \ ::= \"e\" | \"E\"\ + \ \n\nNo matter which\ + \ of the three exponent forms is used,\ + \ no quantity may represent a number\ + \ greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This\ + \ may be extended in the future if\ + \ we require larger or smaller quantities.\n\ + \nWhen a Quantity is parsed from a\ + \ string, it will remember the type\ + \ of suffix it had, and will use the\ + \ same type again when it is serialized.\n\ + \nBefore serializing, Quantity will\ + \ be put in \"canonical form\". This\ + \ means that Exponent/suffix will\ + \ be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa)\ + \ such that:\n a. No precision is\ + \ lost\n b. No fractional digits\ + \ will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\n\ + The sign will be omitted unless the\ + \ number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as \"1500m\"\ + \n 1.5Gi will be serialized as \"\ + 1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That\ + \ is the whole point of this exercise.\n\ + \nNon-canonical values will still\ + \ parse as long as they are well formed,\ + \ but will be re-emitted in their\ + \ canonical form. (So always use canonical\ + \ form, or don't diff.)\n\nThis format\ + \ is intended to make it difficult\ + \ to use these numbers without writing\ + \ some sort of special handling code\ + \ in the hopes that that will cause\ + \ implementors to also use a fixed\ + \ point implementation." + type: string + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: Represents an empty directory for a pod. + Empty directory volumes support ownership management + and SELinux relabeling. + properties: + medium: + description: 'What type of storage medium should + back this directory. The default is "" which + means to use the node''s default medium. Must + be an empty string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::= \n\ + \ (Note that may be empty, from the\ + \ \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | . | .\ + \ | . ::= \"+\" |\ + \ \"-\" ::= | \ + \ ::= | \ + \ | ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G |\ + \ T | P | E\n (Note that 1024 = 1Ki but 1000\ + \ = 1k; I didn't choose the capitalization.)\n\ + ::= \"e\" |\ + \ \"E\" \n\nNo matter which of\ + \ the three exponent forms is used, no quantity\ + \ may represent a number greater than 2^63-1\ + \ in magnitude, nor may it have more than 3\ + \ decimal places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.: 0.1m\ + \ will rounded up to 1m.) This may be extended\ + \ in the future if we require larger or smaller\ + \ quantities.\n\nWhen a Quantity is parsed from\ + \ a string, it will remember the type of suffix\ + \ it had, and will use the same type again when\ + \ it is serialized.\n\nBefore serializing, Quantity\ + \ will be put in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted up or\ + \ down (with a corresponding increase or decrease\ + \ in Mantissa) such that:\n a. No precision\ + \ is lost\n b. No fractional digits will be\ + \ emitted\n c. The exponent (or suffix) is\ + \ as large as possible.\nThe sign will be omitted\ + \ unless the number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as \"1500m\"\n 1.5Gi\ + \ will be serialized as \"1536Mi\"\n\nNote that\ + \ the quantity will NEVER be internally represented\ + \ by a floating point number. That is the whole\ + \ point of this exercise.\n\nNon-canonical values\ + \ will still parse as long as they are well\ + \ formed, but will be re-emitted in their canonical\ + \ form. (So always use canonical form, or don't\ + \ diff.)\n\nThis format is intended to make\ + \ it difficult to use these numbers without\ + \ writing some sort of special handling code\ + \ in the hopes that that will cause implementors\ + \ to also use a fixed point implementation." + type: string + type: object + gitRepo: + description: 'Represents a volume that is populated + with the contents of a git repository. Git repo + volumes do not support ownership management. Git + repo volumes support SELinux relabeling. + + + DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into + an InitContainer that clones the repo using git, + then mount the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain + or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git + repository in the subdirectory with the given + name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: Represents a Glusterfs mount that lasts + the lifetime of a pod. Glusterfs volumes do not + support ownership management or SELinux relabeling. + properties: + endpoints: + description: 'EndpointsName is the endpoint name + that details Glusterfs topology. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs + volume to be mounted with read-only permissions. + Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: Represents a host path mapped into a + pod. Host path volumes do not support ownership + management or SELinux relabeling. + properties: + path: + description: 'Path of the directory on the host. + If the path is a symlink, it will follow the + link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + nfs: + description: Represents an NFS mount that lasts the + lifetime of a pod. NFS volumes do not support ownership + management or SELinux relabeling. + properties: + path: + description: 'Path that is exported by the NFS + server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS + export to be mounted with read-only permissions. + Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address + of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - server + - path + type: object + projected: + description: Represents a projected volume source + properties: + defaultMode: + description: Mode bits used to set permissions + on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values + for mode bits. Directories within the path are + not affected by this setting. This might be + in conflict with other options that affect the + file mode, like fsGroup, and the result can + be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: 'Adapts a ConfigMap into a + projected volume. + + + The contents of the target ConfigMap''s + Data field will be presented in a projected + volume as files using the keys in the + Data field as the file names, unless the + items element is populated with specific + mappings of keys to paths. Note that this + is identical to a configmap volume source + without the default mode.' + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the + volume as a file whose name is the + key and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the ConfigMap, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits + used to set permissions on this + file. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If not + specified, the volume defaultMode + will be used. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path + of the file to map the key to. + May not be an absolute path. + May not contain the path element + '..'. May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: Represents downward API info + for projecting into a projected volume. + Note that this is identical to a downwardAPI + volume source without the default mode. + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: ObjectFieldSelector + selects an APIVersioned field + of an object. + properties: + apiVersion: + description: Version of the + schema the FieldPath is + written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits + used to set permissions on this + file, must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If not + specified, the volume defaultMode + will be used. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. + Must be utf-8 encoded. The first + item of the relative path must + not start with ''..''' + type: string + resourceFieldRef: + description: ResourceFieldSelector + represents container resources + (cpu, memory) and their output + format + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + description: "Quantity is\ + \ a fixed-point representation\ + \ of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition\ + \ to String() and AsInt64()\ + \ accessors.\n\nThe serialization\ + \ format is:\n\n\ + \ ::= \n\ + \ (Note that may\ + \ be empty, from the \"\"\ + \ case in .)\n\ + ::= 0\ + \ | 1 | ... | 9 \ + \ ::= |\ + \ \ + \ ::= \ + \ | . |\ + \ . | .\ + \ ::=\ + \ \"+\" | \"-\" \ + \ ::= | \ + \ ::=\ + \ | \ + \ | \ + \ ::= Ki | Mi | Gi\ + \ | Ti | Pi | Ei\n (International\ + \ System of units; See:\ + \ http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m\ + \ | \"\" | k | M | G | T\ + \ | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 =\ + \ 1k; I didn't choose the\ + \ capitalization.)\n\ + \ ::= \"e\" \ + \ | \"E\" \n\ + \nNo matter which of the\ + \ three exponent forms is\ + \ used, no quantity may\ + \ represent a number greater\ + \ than 2^63-1 in magnitude,\ + \ nor may it have more than\ + \ 3 decimal places. Numbers\ + \ larger or more precise\ + \ will be capped or rounded\ + \ up. (E.g.: 0.1m will rounded\ + \ up to 1m.) This may be\ + \ extended in the future\ + \ if we require larger or\ + \ smaller quantities.\n\n\ + When a Quantity is parsed\ + \ from a string, it will\ + \ remember the type of suffix\ + \ it had, and will use the\ + \ same type again when it\ + \ is serialized.\n\nBefore\ + \ serializing, Quantity\ + \ will be put in \"canonical\ + \ form\". This means that\ + \ Exponent/suffix will be\ + \ adjusted up or down (with\ + \ a corresponding increase\ + \ or decrease in Mantissa)\ + \ such that:\n a. No precision\ + \ is lost\n b. No fractional\ + \ digits will be emitted\n\ + \ c. The exponent (or suffix)\ + \ is as large as possible.\n\ + The sign will be omitted\ + \ unless the number is negative.\n\ + \nExamples:\n 1.5 will\ + \ be serialized as \"1500m\"\ + \n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote\ + \ that the quantity will\ + \ NEVER be internally represented\ + \ by a floating point number.\ + \ That is the whole point\ + \ of this exercise.\n\n\ + Non-canonical values will\ + \ still parse as long as\ + \ they are well formed,\ + \ but will be re-emitted\ + \ in their canonical form.\ + \ (So always use canonical\ + \ form, or don't diff.)\n\ + \nThis format is intended\ + \ to make it difficult to\ + \ use these numbers without\ + \ writing some sort of special\ + \ handling code in the hopes\ + \ that that will cause implementors\ + \ to also use a fixed point\ + \ implementation." + type: string + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: 'Adapts a secret into a projected + volume. + + + The contents of the target Secret''s Data + field will be presented in a projected + volume as files using the keys in the + Data field as the file names. Note that + this is identical to a secret volume source + without the default mode.' + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the + volume as a file whose name is the + key and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the Secret, the volume setup will + error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits + used to set permissions on this + file. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If not + specified, the volume defaultMode + will be used. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path + of the file to map the key to. + May not be an absolute path. + May not contain the path element + '..'. May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: ServiceAccountTokenProjection + represents a projected service account + token volume. This projection can be used + to insert a service account token into + the pods runtime filesystem for use against + APIs (Kubernetes API Server or otherwise). + properties: + audience: + description: Audience is the intended + audience of the token. A recipient + of a token must identify itself with + an identifier specified in the audience + of the token, and otherwise should + reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the + requested duration of validity of + the service account token. As the + token approaches expiration, the kubelet + volume plugin will proactively rotate + the service account token. The kubelet + will start trying to rotate the token + if the token is older than 80 percent + of its time to live or if the token + is older than 24 hours.Defaults to + 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative + to the mount point of the file to + project the token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + description: 'Adapts a Secret into a volume. + + + The contents of the target Secret''s Data field + will be presented in a volume as files using the + keys in the Data field as the file names. Secret + volumes support ownership management and SELinux + relabeling.' + properties: + defaultMode: + description: 'Optional: mode bits used to set + permissions on created files by default. Must + be an octal value between 0000 and 0777 or a + decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires + decimal values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose + name is the key and content is the value. If + specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to + set permissions on this file. Must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its + keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s + namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + customInitContainers: + type: array + description: "A list of custom application init containers\ + \ that run within the shards cluster's Pods. The\n custom\ + \ init containers will run following the defined sequence\ + \ as the end of\n cluster's Pods init containers.\n\n\ + The name used in this section will be prefixed with the\ + \ string `custom-` so that when\n referencing them in\ + \ the .spec.containers section of SGInstanceProfile the\ + \ name used\n have to be prepended with the same prefix.\n\ + \n**Changing this field may require a restart.**\n\nSee:\ + \ https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\n" + items: + type: object + description: "A custom application init container that\ + \ run within the cluster's Pods. The custom init\n containers\ + \ will run following the defined sequence as the end\ + \ of cluster's Pods init\n containers.\n\nThe name used\ + \ in this section will be prefixed with the string `custom-`\ + \ so that when\n referencing them in the .spec.containers\ + \ section of SGInstanceProfile the name used\n have\ + \ to be prepended with the same prefix.\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\\\ + n\n\n**Changing this field may require a restart.**\n" + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ + are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a variable + cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: EnvVarSource represents a source + for the value of an EnvVar. + properties: + configMapKeyRef: + description: Selects a key from a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: ObjectFieldSelector selects + an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: ResourceFieldSelector represents + container resources (cpu, memory) and + their output format + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to\ + \ String() and AsInt64() accessors.\n\ + \nThe serialization format is:\n\n\ + ::= \n\ + \ (Note that may be empty,\ + \ from the \"\" case in .)\n\ + ::= 0 | 1 | ...\ + \ | 9 ::= \ + \ | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= \ + \ | | \ + \ ::= Ki | Mi |\ + \ Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k\ + \ | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't\ + \ choose the capitalization.)\n\ + \ ::= \"e\" | \"E\"\ + \ \n\nNo matter which\ + \ of the three exponent forms is used,\ + \ no quantity may represent a number\ + \ greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This\ + \ may be extended in the future if\ + \ we require larger or smaller quantities.\n\ + \nWhen a Quantity is parsed from a\ + \ string, it will remember the type\ + \ of suffix it had, and will use the\ + \ same type again when it is serialized.\n\ + \nBefore serializing, Quantity will\ + \ be put in \"canonical form\". This\ + \ means that Exponent/suffix will\ + \ be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa)\ + \ such that:\n a. No precision is\ + \ lost\n b. No fractional digits\ + \ will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\n\ + The sign will be omitted unless the\ + \ number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as \"1500m\"\ + \n 1.5Gi will be serialized as \"\ + 1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That\ + \ is the whole point of this exercise.\n\ + \nNon-canonical values will still\ + \ parse as long as they are well formed,\ + \ but will be re-emitted in their\ + \ canonical form. (So always use canonical\ + \ form, or don't diff.)\n\nThis format\ + \ is intended to make it difficult\ + \ to use these numbers without writing\ + \ some sort of special handling code\ + \ in the hopes that that will cause\ + \ implementors to also use a fixed\ + \ point implementation." + type: string + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: SecretKeySelector selects a + key of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container + is starting. When a key exists in multiple sources, + the value associated with the last source will take + precedence. Values defined by an Env with a duplicate + key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: 'ConfigMapEnvSource selects a ConfigMap + to populate the environment variables with. + + + The contents of the target ConfigMap''s Data + field will represent the key-value pairs as + environment variables.' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: 'SecretEnvSource selects a Secret + to populate the environment variables with. + + + The contents of the target Secret''s Data + field will represent the key-value pairs as + environment variables.' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag + is specified, or IfNotPresent otherwise. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle describes actions that the + management system should take in response to container + lifecycle events. For the PostStart and PreStop + lifecycle handlers, management of the container + blocks until the action is complete, unless the + container process fails, in which case the handler + is aborted. + properties: + postStart: + description: Handler defines a specific action + that should be taken + properties: + exec: + description: ExecAction describes a "run in + container" action. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + preStop: + description: Handler defines a specific action + that should be taken + properties: + exec: + description: ExecAction describes a "run in + container" action. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: "Name of the container specified as a\ + \ DNS_LABEL. Each\n container in a pod must have\ + \ a unique name (DNS_LABEL). Cannot\n be updated.\n\ + \nThe name will be prefixed with the string `custom-`\ + \ so that when referencing it\n in the .spec.containers\ + \ section of SGInstanceProfile the name used have\ + \ to be\n prepended with the same prefix.\n" + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional + information about the network connections a container + uses, but is primarily informational. Not specifying + a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible + from the network. Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on the + pod's IP address. This must be a valid port + number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the + host. If specified, this must be a valid port + number, 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port + in a pod must have a unique name. Name for + the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, + TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::= \n\ + \ (Note that may be empty, from\ + \ the \"\" case in .)\n\ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" ::=\ + \ | \ + \ ::= | |\ + \ ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G\ + \ | T | P | E\n (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose the capitalization.)\n\ + ::= \"e\" \ + \ | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no\ + \ quantity may represent a number greater\ + \ than 2^63-1 in magnitude, nor may it have\ + \ more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded\ + \ up. (E.g.: 0.1m will rounded up to 1m.)\ + \ This may be extended in the future if we\ + \ require larger or smaller quantities.\n\n\ + When a Quantity is parsed from a string, it\ + \ will remember the type of suffix it had,\ + \ and will use the same type again when it\ + \ is serialized.\n\nBefore serializing, Quantity\ + \ will be put in \"canonical form\". This\ + \ means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n a.\ + \ No precision is lost\n b. No fractional\ + \ digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe\ + \ sign will be omitted unless the number is\ + \ negative.\n\nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by\ + \ a floating point number. That is the whole\ + \ point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they\ + \ are well formed, but will be re-emitted\ + \ in their canonical form. (So always use\ + \ canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult\ + \ to use these numbers without writing some\ + \ sort of special handling code in the hopes\ + \ that that will cause implementors to also\ + \ use a fixed point implementation." + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::= \n\ + \ (Note that may be empty, from\ + \ the \"\" case in .)\n\ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" ::=\ + \ | \ + \ ::= | |\ + \ ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G\ + \ | T | P | E\n (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose the capitalization.)\n\ + ::= \"e\" \ + \ | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no\ + \ quantity may represent a number greater\ + \ than 2^63-1 in magnitude, nor may it have\ + \ more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded\ + \ up. (E.g.: 0.1m will rounded up to 1m.)\ + \ This may be extended in the future if we\ + \ require larger or smaller quantities.\n\n\ + When a Quantity is parsed from a string, it\ + \ will remember the type of suffix it had,\ + \ and will use the same type again when it\ + \ is serialized.\n\nBefore serializing, Quantity\ + \ will be put in \"canonical form\". This\ + \ means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n a.\ + \ No precision is lost\n b. No fractional\ + \ digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe\ + \ sign will be omitted unless the number is\ + \ negative.\n\nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by\ + \ a floating point number. That is the whole\ + \ point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they\ + \ are well formed, but will be re-emitted\ + \ in their canonical form. (So always use\ + \ canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult\ + \ to use these numbers without writing some\ + \ sort of special handling code in the hopes\ + \ that that will cause implementors to also\ + \ use a fixed point implementation." + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. Some fields + are present in both SecurityContext and PodSecurityContext. When + both are set, the values in SecurityContext take + precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the + container process. AllowPrivilegeEscalation + is true always when the container is: 1) run + as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: Adds and removes POSIX capabilities + from running containers. + properties: + add: + description: Added capabilities + items: + type: string + type: array + drop: + description: Removed capabilities + items: + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults to + false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default + is DefaultProcMount which uses the container + runtime defaults for readonly paths and masked + paths. This requires the ProcMountType feature + flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of + the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must + run as a non-root user. If true, the Kubelet + will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail + to start the container if it does. If unset + or false, no such validation will be performed. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of + the container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: SELinuxOptions are the labels to + be applied to the container + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: SeccompProfile defines a pod/container's + seccomp profile settings. Only one profile source + may be set. + properties: + localhostProfile: + description: localhostProfile indicates a + profile defined in a file on the node should + be used. The profile must be preconfigured + on the node to work. Must be a descending + path, relative to the kubelet's configured + seccomp profile location. Must only be set + if type is "Localhost". + type: string + type: + description: 'type indicates which kind of + seccomp profile will be applied. Valid options + are: + + + Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile + should be used. Unconfined - no profile + should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: WindowsSecurityContextOptions contain + Windows-specific options and credentials. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only + be honored by components that enable the + WindowsHostProcessContainers feature flag. + Setting this field without the feature flag + will result in errors when validating the + Pod. All of a Pod's containers must have + the same effective HostProcess value (it + is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. + Defaults to the user specified in image + metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If + this is not set, reads from stdin in the container + will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach sessions. + If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client + attaches to stdin, and then remains open and accepts + data until the client disconnects, at which time + stdin is closed and remains closed until the container + is restarted. If this flag is false, a container + processes that reads from stdin will never receive + an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to + which the container''s termination message will + be written is mounted into the container''s filesystem. + Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output + if the termination message file is empty and the + container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of + a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - name + - devicePath + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of + a Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how + mounts are propagated from the host to container + and the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults + to false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should be + mounted. Behaves similarly to SubPath but + environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - name + - mountPath + type: object + type: array + workingDir: + description: Container's working directory. If not + specified, the container runtime's default will + be used, which might be configured in the container + image. Cannot be updated. + type: string + required: + - name + customContainers: + type: array + description: "A list of custom application containers that\ + \ run within the coordinator cluster's Pods.\n\nThe name\ + \ used in this section will be prefixed with the string\ + \ `custom-` so that when\n referencing them in the .spec.containers\ + \ section of SGInstanceProfile the name used\n have to\ + \ be prepended with the same prefix.\n \nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\n" + items: + type: object + description: "A custom application container that run\ + \ within the cluster's Pods. The custom\n containers\ + \ will run following the defined sequence as the end\ + \ of cluster's Pods\n containers.\n\nThe name used in\ + \ this section will be prefixed with the string `custom-`\ + \ so that when\n referencing them in the .spec.containers\ + \ section of SGInstanceProfile the name used\n have\ + \ to be prepended with the same prefix.\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\\\ + n\n\n**Changing this field may require a restart.**\n" + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ + are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a variable + cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: EnvVarSource represents a source + for the value of an EnvVar. + properties: + configMapKeyRef: + description: Selects a key from a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: ObjectFieldSelector selects + an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: ResourceFieldSelector represents + container resources (cpu, memory) and + their output format + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to\ + \ String() and AsInt64() accessors.\n\ + \nThe serialization format is:\n\n\ + ::= \n\ + \ (Note that may be empty,\ + \ from the \"\" case in .)\n\ + ::= 0 | 1 | ...\ + \ | 9 ::= \ + \ | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= \ + \ | | \ + \ ::= Ki | Mi |\ + \ Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k\ + \ | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't\ + \ choose the capitalization.)\n\ + \ ::= \"e\" | \"E\"\ + \ \n\nNo matter which\ + \ of the three exponent forms is used,\ + \ no quantity may represent a number\ + \ greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This\ + \ may be extended in the future if\ + \ we require larger or smaller quantities.\n\ + \nWhen a Quantity is parsed from a\ + \ string, it will remember the type\ + \ of suffix it had, and will use the\ + \ same type again when it is serialized.\n\ + \nBefore serializing, Quantity will\ + \ be put in \"canonical form\". This\ + \ means that Exponent/suffix will\ + \ be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa)\ + \ such that:\n a. No precision is\ + \ lost\n b. No fractional digits\ + \ will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\n\ + The sign will be omitted unless the\ + \ number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as \"1500m\"\ + \n 1.5Gi will be serialized as \"\ + 1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That\ + \ is the whole point of this exercise.\n\ + \nNon-canonical values will still\ + \ parse as long as they are well formed,\ + \ but will be re-emitted in their\ + \ canonical form. (So always use canonical\ + \ form, or don't diff.)\n\nThis format\ + \ is intended to make it difficult\ + \ to use these numbers without writing\ + \ some sort of special handling code\ + \ in the hopes that that will cause\ + \ implementors to also use a fixed\ + \ point implementation." + type: string + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: SecretKeySelector selects a + key of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container + is starting. When a key exists in multiple sources, + the value associated with the last source will take + precedence. Values defined by an Env with a duplicate + key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: 'ConfigMapEnvSource selects a ConfigMap + to populate the environment variables with. + + + The contents of the target ConfigMap''s Data + field will represent the key-value pairs as + environment variables.' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: 'SecretEnvSource selects a Secret + to populate the environment variables with. + + + The contents of the target Secret''s Data + field will represent the key-value pairs as + environment variables.' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag + is specified, or IfNotPresent otherwise. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle describes actions that the + management system should take in response to container + lifecycle events. For the PostStart and PreStop + lifecycle handlers, management of the container + blocks until the action is complete, unless the + container process fails, in which case the handler + is aborted. + properties: + postStart: + description: Handler defines a specific action + that should be taken + properties: + exec: + description: ExecAction describes a "run in + container" action. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + preStop: + description: Handler defines a specific action + that should be taken + properties: + exec: + description: ExecAction describes a "run in + container" action. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: "Name of the container specified as a\ + \ DNS_LABEL. Each\n container in a pod must have\ + \ a unique name (DNS_LABEL). Cannot\n be updated.\n\ + \nThe name will be prefixed with the string `custom-`\ + \ so that when referencing it\n in the .spec.containers\ + \ section of SGInstanceProfile the name used have\ + \ to be\n prepended with the same prefix.\n" + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional + information about the network connections a container + uses, but is primarily informational. Not specifying + a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible + from the network. Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on the + pod's IP address. This must be a valid port + number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the + host. If specified, this must be a valid port + number, 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port + in a pod must have a unique name. Name for + the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, + TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::= \n\ + \ (Note that may be empty, from\ + \ the \"\" case in .)\n\ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" ::=\ + \ | \ + \ ::= | |\ + \ ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G\ + \ | T | P | E\n (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose the capitalization.)\n\ + ::= \"e\" \ + \ | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no\ + \ quantity may represent a number greater\ + \ than 2^63-1 in magnitude, nor may it have\ + \ more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded\ + \ up. (E.g.: 0.1m will rounded up to 1m.)\ + \ This may be extended in the future if we\ + \ require larger or smaller quantities.\n\n\ + When a Quantity is parsed from a string, it\ + \ will remember the type of suffix it had,\ + \ and will use the same type again when it\ + \ is serialized.\n\nBefore serializing, Quantity\ + \ will be put in \"canonical form\". This\ + \ means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n a.\ + \ No precision is lost\n b. No fractional\ + \ digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe\ + \ sign will be omitted unless the number is\ + \ negative.\n\nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by\ + \ a floating point number. That is the whole\ + \ point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they\ + \ are well formed, but will be re-emitted\ + \ in their canonical form. (So always use\ + \ canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult\ + \ to use these numbers without writing some\ + \ sort of special handling code in the hopes\ + \ that that will cause implementors to also\ + \ use a fixed point implementation." + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::= \n\ + \ (Note that may be empty, from\ + \ the \"\" case in .)\n\ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" ::=\ + \ | \ + \ ::= | |\ + \ ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G\ + \ | T | P | E\n (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose the capitalization.)\n\ + ::= \"e\" \ + \ | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no\ + \ quantity may represent a number greater\ + \ than 2^63-1 in magnitude, nor may it have\ + \ more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded\ + \ up. (E.g.: 0.1m will rounded up to 1m.)\ + \ This may be extended in the future if we\ + \ require larger or smaller quantities.\n\n\ + When a Quantity is parsed from a string, it\ + \ will remember the type of suffix it had,\ + \ and will use the same type again when it\ + \ is serialized.\n\nBefore serializing, Quantity\ + \ will be put in \"canonical form\". This\ + \ means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n a.\ + \ No precision is lost\n b. No fractional\ + \ digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe\ + \ sign will be omitted unless the number is\ + \ negative.\n\nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by\ + \ a floating point number. That is the whole\ + \ point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they\ + \ are well formed, but will be re-emitted\ + \ in their canonical form. (So always use\ + \ canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult\ + \ to use these numbers without writing some\ + \ sort of special handling code in the hopes\ + \ that that will cause implementors to also\ + \ use a fixed point implementation." + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. Some fields + are present in both SecurityContext and PodSecurityContext. When + both are set, the values in SecurityContext take + precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the + container process. AllowPrivilegeEscalation + is true always when the container is: 1) run + as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: Adds and removes POSIX capabilities + from running containers. + properties: + add: + description: Added capabilities + items: + type: string + type: array + drop: + description: Removed capabilities + items: + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults to + false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default + is DefaultProcMount which uses the container + runtime defaults for readonly paths and masked + paths. This requires the ProcMountType feature + flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of + the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must + run as a non-root user. If true, the Kubelet + will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail + to start the container if it does. If unset + or false, no such validation will be performed. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of + the container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: SELinuxOptions are the labels to + be applied to the container + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: SeccompProfile defines a pod/container's + seccomp profile settings. Only one profile source + may be set. + properties: + localhostProfile: + description: localhostProfile indicates a + profile defined in a file on the node should + be used. The profile must be preconfigured + on the node to work. Must be a descending + path, relative to the kubelet's configured + seccomp profile location. Must only be set + if type is "Localhost". + type: string + type: + description: 'type indicates which kind of + seccomp profile will be applied. Valid options + are: + + + Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile + should be used. Unconfined - no profile + should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: WindowsSecurityContextOptions contain + Windows-specific options and credentials. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only + be honored by components that enable the + WindowsHostProcessContainers feature flag. + Setting this field without the feature flag + will result in errors when validating the + Pod. All of a Pod's containers must have + the same effective HostProcess value (it + is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. + Defaults to the user specified in image + metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If + this is not set, reads from stdin in the container + will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach sessions. + If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client + attaches to stdin, and then remains open and accepts + data until the client disconnects, at which time + stdin is closed and remains closed until the container + is restarted. If this flag is false, a container + processes that reads from stdin will never receive + an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to + which the container''s termination message will + be written is mounted into the container''s filesystem. + Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output + if the termination message file is empty and the + container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of + a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - name + - devicePath + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of + a Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how + mounts are propagated from the host to container + and the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults + to false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should be + mounted. Behaves similarly to SubPath but + environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - name + - mountPath + type: object + type: array + workingDir: + description: Container's working directory. If not + specified, the container runtime's default will + be used, which might be configured in the container + image. Cannot be updated. + type: string + required: + - name + required: + - persistentVolume + configurations: + type: object + description: 'Coordinator custom configurations. + + ' + properties: + sgPostgresConfig: + type: string + description: 'Name of the [SGPostgresConfig](https://stackgres.io/doc/latest/reference/crd/sgpgconfig) + used for the cluster. It must exist. When not set, a default + Postgres config, for the major version selected, is used. + + + **Changing this field may require a restart.** + + ' + sgPoolingConfig: + type: string + description: 'Name of the [SGPoolingConfig](https://stackgres.io/doc/latest/reference/crd/sgpoolconfig) + used for this cluster. Each pod contains a sidecar with + a connection pooler (currently: [PgBouncer](https://www.pgbouncer.org/)). + The connection pooler is implemented as a sidecar. + + + If not set, a default configuration will be used. Disabling + connection pooling altogether is possible if the disableConnectionPooling + property of the pods object is set to true. + + + **Changing this field may require a restart.** + + ' + replication: + type: object + description: "This section allows to configure the global Postgres\ + \ replication mode.\n\nThe main replication group is implicit\ + \ and contains the total number of instances less the sum\ + \ of all\n instances in other replication groups.\n\nThe\ + \ total number of instances is always specified by `.spec.instances`.\n" + properties: + mode: + type: string + description: 'The replication mode applied to the whole + cluster. + + Possible values are: + + * `async` (default) + + * `sync` + + * `strict-sync` + + * `sync-all` + + * `strict-sync-all` + + + **async** + + + When in asynchronous mode the cluster is allowed to lose + some committed transactions. + + When the primary server fails or becomes unavailable for + any other reason a sufficiently healthy standby + + will automatically be promoted to primary. Any transactions + that have not been replicated to that standby + + remain in a "forked timeline" on the primary, and are + effectively unrecoverable (the data is still there, + + but recovering it requires a manual recovery effort by + data recovery specialists). + + + **sync** + + + When in synchronous mode a standby will not be promoted + unless it is certain that the standby contains all + + transactions that may have returned a successful commit + status to client (clients can change the behavior + + per transaction using PostgreSQL’s `synchronous_commit` + setting. Transactions with `synchronous_commit` + + values of `off` and `local` may be lost on fail over, + but will not be blocked by replication delays). This + + means that the system may be unavailable for writes even + though some servers are available. System + + administrators can still use manual failover commands + to promote a standby even if it results in transaction + + loss. + + + Synchronous mode does not guarantee multi node durability + of commits under all circumstances. When no suitable + + standby is available, primary server will still accept + writes, but does not guarantee their replication. When + + the primary fails in this mode no standby will be promoted. + When the host that used to be the primary comes + + back it will get promoted automatically, unless system + administrator performed a manual failover. This behavior + + makes synchronous mode usable with 2 node clusters. + + + When synchronous mode is used and a standby crashes, commits + will block until the primary is switched to standalone + + mode. Manually shutting down or restarting a standby will + not cause a commit service interruption. Standby will + + signal the primary to release itself from synchronous + standby duties before PostgreSQL shutdown is initiated. + + + **strict-sync** + + + When it is absolutely necessary to guarantee that each + write is stored durably on at least two nodes, use the + strict + + synchronous mode. This mode prevents synchronous replication + to be switched off on the primary when no synchronous + + standby candidates are available. As a downside, the primary + will not be available for writes (unless the Postgres + + transaction explicitly turns off `synchronous_mode` parameter), + blocking all client write requests until at least one + + synchronous replica comes up. + + + **Note**: Because of the way synchronous replication is + implemented in PostgreSQL it is still possible to lose + + transactions even when using strict synchronous mode. + If the PostgreSQL backend is cancelled while waiting to + acknowledge + + replication (as a result of packet cancellation due to + client timeout or backend failure) transaction changes + become + + visible for other backends. Such changes are not yet replicated + and may be lost in case of standby promotion. + + + **sync-all** + + + The same as `sync` but `syncInstances` is ignored and + the number of synchronous instances is equals to the total + number + + of instances less one. + + + **strict-sync-all** + + + The same as `strict-sync` but `syncInstances` is ignored + and the number of synchronous instances is equals to the + total number + + of instances less one. + + ' + default: sync-all + syncInstances: + type: integer + minimum: 1 + description: "Number of synchronous standby instances. Must\ + \ be less than the total number of instances. It is set\ + \ to 1 by default.\n Only setteable if mode is `sync`\ + \ or `strict-sync`.\n" + metadata: + type: object + description: Metadata information from coordinator cluster created + resources. + properties: + annotations: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + to be passed to resources created and managed by StackGres. + properties: + allResources: + type: object + description: Annotations to attach to any resource created + or managed by StackGres. + additionalProperties: + type: string + clusterPods: + type: object + description: Annotations to attach to pods created or + managed by StackGres. + additionalProperties: + type: string + services: + type: object + description: Annotations to attach to all services created + or managed by StackGres. + additionalProperties: + type: string + primaryService: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + passed to the `-primary` service. + additionalProperties: + type: string + replicasService: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + passed to the `-replicas` service. + additionalProperties: + type: string + labels: + type: object + description: Custom Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) + to be passed to resources created and managed by StackGres. + properties: + clusterPods: + type: object + description: Labels to attach to Pods created or managed + by StackGres. + additionalProperties: + type: string + services: + type: object + description: Labels to attach to Services and Endpoints + created or managed by StackGres. + additionalProperties: + type: string + required: + - instances + - pods + shards: + type: object + description: 'The shards are a group of StackGres clusters where + the partitioned data chunks are stored. + + + When referring to the cluster in the descriptions belove it apply + to any shard''s StackGres cluster. + + ' + properties: + clusters: + type: integer + minimum: 1 + maximum: 16 + description: 'Number of shard''s StackGres clusters + + ' + instancesPerCluster: + type: integer + minimum: 1 + maximum: 16 + description: "Number of StackGres instances per shard's StackGres\ + \ cluster. Each instance contains one Postgres server.\n \ + \ Out of all of the Postgres servers, one is elected as the\ + \ primary, the rest remain as read-only replicas.\n" + sgInstanceProfile: + type: string + description: 'Name of the [SGInstanceProfile](https://stackgres.io/doc/latest/reference/crd/sginstanceprofile/). + + + A SGInstanceProfile defines CPU and memory limits. Must exist + before creating a cluster. + + + When no profile is set, a default (1 core, 2 GiB RAM) one + is used. + + + **Changing this field may require a restart.** + + ' + managedSql: + type: object + description: 'This section allows to reference SQL scripts that + will be applied to the cluster live. + + ' + properties: + continueOnSGScriptError: + type: boolean + description: If true, when any entry of any `SGScript` fail + will not prevent subsequent `SGScript` from being executed. + By default is `false`. + scripts: + type: array + description: 'A list of script references that will be executed + in sequence. + + ' + items: + type: object + description: "A script reference. Each version of each\ + \ entry of the script referenced will be executed exactly\ + \ once following the sequence defined\n in the referenced\ + \ script and skipping any script entry that have already\ + \ been executed.\n" + properties: + id: + type: integer + description: The id is immutable and must be unique + across all the `SGScript` entries. It is replaced + by the operator and is used to identify the `SGScript` + entry. + sgScript: + type: string + description: A reference to an `SGScript` + pods: + type: object + description: Cluster pod's configuration. + properties: + persistentVolume: + type: object + description: Pod's persistent volume configuration. + properties: + size: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi|Ti)$ + description: 'Size of the PersistentVolume set for each + instance of the cluster. This size is specified either + in Mebibytes, Gibibytes or Tebibytes (multiples of + 2^20, 2^30 or 2^40, respectively). + + ' + storageClass: + type: string + description: 'Name of an existing StorageClass in the + Kubernetes cluster, used to create the PersistentVolumes + for the instances of the cluster. + + ' + required: + - size + disableConnectionPooling: + type: boolean + description: 'If set to `true`, avoids creating a connection + pooling (using [PgBouncer](https://www.pgbouncer.org/)) + sidecar. + + + **Changing this field may require a restart.** + + ' + disableMetricsExporter: + type: boolean + description: 'If set to `true`, avoids creating the Prometheus + exporter sidecar. Recommended when there''s no intention + to use Prometheus for monitoring. + + + **Changing this field may require a restart.** + + ' + disablePostgresUtil: + type: boolean + description: 'If set to `true`, avoids creating the `postgres-util` + sidecar. This sidecar contains usual Postgres administration + utilities *that are not present in the main (`patroni`) + container*, like `psql`. Only disable if you know what + you are doing. + + + **Changing this field may require a restart.** + + ' + resources: + type: object + description: Pod custom resources configuration. + properties: + enableClusterLimitsRequirements: + type: boolean + description: 'When enabled resource limits for containers + other than the patroni container wil be set just like + for patroni contianer as specified in the SGInstanceProfile. + + + **Changing this field may require a restart.** + + ' + disableResourcesRequestsSplitFromTotal: + type: boolean + description: "When set to `true` the resources requests\ + \ values in fields `SGInstanceProfile.spec.requests.cpu`\ + \ and `SGInstanceProfile.spec.requests.memory` will\ + \ represent the resources\n requests of the patroni\ + \ container and the total resources requests calculated\ + \ by adding the resources requests of all the containers\ + \ (including the patroni container).\n\n**Changing\ + \ this field may require a restart.**\n" + scheduling: + type: object + description: 'Pod custom scheduling, affinity and topology + spread constratins configuration. + + + **Changing this field may require a restart.** + + ' + properties: + nodeSelector: + type: object + additionalProperties: + type: string + description: 'NodeSelector is a selector which must + be true for the pod to fit on a node. Selector which + must match a node''s labels for the pod to be scheduled + on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + + ' + tolerations: + description: 'If specified, the pod''s tolerations. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + type: array + items: + description: 'The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + properties: + effect: + description: 'Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + + + ' + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values and + all keys. + type: string + operator: + description: 'Operator represents a key''s relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + + + ' + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must be + of effect NoExecute, otherwise this field is + ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever + (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value + should be empty, otherwise just a regular string. + type: string + type: object + nodeAffinity: + description: 'Node affinity is a group of node affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node matches the corresponding + matchExpressions; the node(s) with the highest + sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the union + of the results of one or more label queries over + a set of nodes; that is, it represents the OR + of the selectors represented by the node selector + terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is In + or NotIn, the values array must + be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. If + the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + priorityClassName: + type: string + description: 'Priority indicates the importance of a + Pod relative to other Pods. If a Pod cannot be scheduled, + the scheduler tries to preempt (evict) lower priority + Pods to make scheduling of the pending Pod possible. + + ' + podAffinity: + description: 'Pod affinity is a group of inter pod affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: 'Pod anti affinity is a group of inter + pod anti affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the one with + the greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added per-node + to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. If + the anti-affinity requirements specified by this + field cease to be met at some point during pod + execution (e.g. due to a pod label update), the + system may or may not try to eventually evict + the pod from its node. When there are multiple + elements, the lists of nodes corresponding to + each podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty + label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + topologySpreadConstraints: + type: array + description: 'TopologySpreadConstraints describes how + a group of pods ought to spread across topology domains. + Scheduler will schedule pods in a way which abides + by the constraints. All topologySpreadConstraints + are ANDed. + + ' + items: + description: 'TopologySpreadConstraint specifies how + to spread matching pods among the given topology. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#topologyspreadconstraint-v1-core + + ' + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of pod label + keys to select the pods over which spreading + will be calculated. The keys are used to lookup + values from the incoming pod labels, those key-value + labels are ANDed with labelSelector to select + the group of existing pods over which spreading + will be calculated for the incoming pod. Keys + that don't exist in the incoming pod labels + will be ignored. A null or empty list means + only match against labelSelector. + items: + type: string + type: array + maxSkew: + description: 'MaxSkew describes the degree to + which pods may be unevenly distributed. When + `whenUnsatisfiable=DoNotSchedule`, it is the + maximum permitted difference between the number + of matching pods in the target topology and + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default + value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: 'MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + "global minimum" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won''t schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew is + set to 2, MinDomains is set to 5 and pods with + the same labelSelector spread as 2/2/2: | zone1 + | zone2 | zone3 | | P P | P P | P P | + The number of domains is less than 5(MinDomains), + so "global minimum" is treated as 0. In this + situation, new pod with the same labelSelector + cannot be scheduled, because computed skew will + be 3(3 - 0) if new Pod is scheduled to any of + the three zones, it will violate MaxSkew. + + + This is a beta field and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default).' + format: int32 + type: integer + nodeAffinityPolicy: + description: 'NodeAffinityPolicy indicates how + we will treat Pod''s nodeAffinity/nodeSelector + when calculating pod topology spread skew. Options + are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: + nodeAffinity/nodeSelector are ignored. All nodes + are included in the calculations. + + + If this value is nil, the behavior is equivalent + to the Honor policy. This is a alpha-level feature + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag.' + type: string + nodeTaintsPolicy: + description: 'NodeTaintsPolicy indicates how we + will treat node taints when calculating pod + topology spread skew. Options are: - Honor: + nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. + All nodes are included. + + + If this value is nil, the behavior is equivalent + to the Ignore policy. This is a alpha-level + feature enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag.' + type: string + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", + and try to put balanced number of pods into + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes meet the requirements + of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. + type: string + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates how\ + \ to deal with a pod if it doesn't satisfy the\ + \ spread constraint. - DoNotSchedule (default)\ + \ tells the scheduler not to schedule it. -\ + \ ScheduleAnyway tells the scheduler to schedule\ + \ the pod in any location,\n but giving higher\ + \ precedence to topologies that would help reduce\ + \ the\n skew.\nA constraint is considered \"\ + Unsatisfiable\" for an incoming pod if and only\ + \ if every possible node assignment for that\ + \ pod would violate \"MaxSkew\" on some topology.\ + \ For example, in a 3-zone cluster, MaxSkew\ + \ is set to 1, and pods with the same labelSelector\ + \ spread as 3/1/1: | zone1 | zone2 | zone3 |\ + \ | P P P | P | P | If WhenUnsatisfiable\ + \ is set to DoNotSchedule, incoming pod can\ + \ only be scheduled to zone2(zone3) to become\ + \ 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)\ + \ satisfies MaxSkew(1). In other words, the\ + \ cluster can still be imbalanced, but scheduler\ + \ won't make it *more* imbalanced. It's a required\ + \ field.\n\n" + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + backup: + type: object + description: Backup Pod custom scheduling and affinity + configuration. + properties: + nodeSelector: + description: 'Node affinity is a group of node affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the + union of the results of one or more label + queries over a set of nodes; that is, it represents + the OR of the selectors represented by the + node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + tolerations: + description: 'Node affinity is a group of node affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the + union of the results of one or more label + queries over a set of nodes; that is, it represents + the OR of the selectors represented by the + node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + nodeAffinity: + description: 'Node affinity is a group of node affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most + preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit weight + 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the + union of the results of one or more label + queries over a set of nodes; that is, it represents + the OR of the selectors represented by the + node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that + the selector applies to. + type: string + operator: + description: 'Represents a key''s + relationship to a set of values. + Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, + and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator is + In or NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, + the values array must have + a single element, which will + be interpreted as an integer. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + priorityClassName: + type: string + description: 'Priority indicates the importance + of a Pod relative to other Pods. If a Pod cannot + be scheduled, the scheduler tries to preempt (evict) + lower priority Pods to make scheduling of the + pending Pod possible. + + ' + podAffinity: + description: 'Pod affinity is a group of inter pod + affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose + a node that violates one or more of the expressions. + The node that is most preferred is the one + with the greatest sum of weights, i.e. for + each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if the + node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label selector is a + label query over a set of resources. + The result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a + label query over a set of resources. + The result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, + the pod will not be scheduled onto the node. + If the affinity requirements specified by + this field cease to be met at some point during + pod execution (e.g. due to a pod label update), + the system may or may not try to eventually + evict the pod from its node. When there are + multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: 'Pod anti affinity is a group of inter + pod anti affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity + expressions specified by this field, but it + may choose a node that violates one or more + of the expressions. The node that is most + preferred is the one with the greatest sum + of weights, i.e. for each node that meets + all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating + through the elements of this field and adding + "weight" to the sum if the node has pods which + matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most + preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) with, + where co-located is defined as running + on a node whose value of the label with + key matches that of any + node on which a pod of the set of pods + is running + properties: + labelSelector: + description: A label selector is a + label query over a set of resources. + The result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a + label query over a set of resources. + The result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in + the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto the + node. If the anti-affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod label + update), the system may or may not try to + eventually evict the pod from its node. When + there are multiple elements, the lists of + nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is + defined as running on a node whose value + of the label with key matches + that of any node on which a pod of the set + of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions + are ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + managementPolicy: + type: string + description: "managementPolicy controls how pods are created\ + \ during initial scale up, when replacing pods\n on nodes,\ + \ or when scaling down. The default policy is `OrderedReady`,\ + \ where pods are created\n in increasing order (pod-0,\ + \ then pod-1, etc) and the controller will wait until\ + \ each pod is\n ready before continuing. When scaling\ + \ down, the pods are removed in the opposite order.\n\ + \ The alternative policy is `Parallel` which will create\ + \ pods in parallel to match the desired\n scale without\ + \ waiting, and on scale down will delete all pods at once.\n" + customVolumes: + type: array + description: "A list of custom volumes that may be used\ + \ along with any container defined in\n customInitContainers\ + \ or customContainers sections for the shards.\n\nThe\ + \ name used in this section will be prefixed with the\ + \ string `custom-` so that when\n referencing them in\ + \ the customInitContainers or customContainers sections\ + \ the name used\n have to be prepended with the same\ + \ prefix.\n\nOnly the following volume types are allowed:\ + \ configMap, downwardAPI, emptyDir,\n gitRepo, glusterfs,\ + \ hostPath, nfs, projected and secret\n\n**Changing this\ + \ field may require a restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#volume-v1-core\n" + items: + type: object + description: "A custom volume that may be used along with\ + \ any container defined in\n customInitContainers or\ + \ customContainers sections.\n\nThe name used in this\ + \ section will be prefixed with the string `custom-`\ + \ so that when\n referencing them in the customInitContainers\ + \ or customContainers sections the name used\n have\ + \ to be prepended with the same prefix.\n\nOnly the\ + \ following volume types are allowed: configMap, downwardAPI,\ + \ emptyDir,\n gitRepo, glusterfs, hostPath, nfs, projected\ + \ and secret\n\n**Changing this field may require a\ + \ restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#volume-v1-core\n" + properties: + name: + description: "Volumes name. Must be a DNS_LABEL and\ + \ unique within the pod.\n More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\n\ + \nThe name will be prefixed with the string `custom-`\ + \ so that when referencing them in the\n customInitContainers\ + \ or customContainers sections the name used have\ + \ to be prepended with\n the same prefix.\n" + type: string + configMap: + description: 'Adapts a ConfigMap into a volume. + + + The contents of the target ConfigMap''s Data field + will be presented in a volume as files using the + keys in the Data field as the file names, unless + the items element is populated with specific mappings + of keys to paths. ConfigMap volumes support ownership + management and SELinux relabeling.' + properties: + defaultMode: + description: 'Optional: mode bits used to set + permissions on created files by default. Must + be an octal value between 0000 and 0777 or a + decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires + decimal values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair + in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the ConfigMap, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to + set permissions on this file. Must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap or + its keys must be defined + type: boolean + type: object + downwardAPI: + description: DownwardAPIVolumeSource represents a + volume containing downward API info. Downward API + volumes support ownership management and SELinux + relabeling. + properties: + defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits + used to set permissions on created files by + default. Must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, + JSON requires decimal values for mode bits. + Defaults to 0644. Directories within the path + are not affected by this setting. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: ObjectFieldSelector selects + an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits used to + set permissions on this file, must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: ResourceFieldSelector represents + container resources (cpu, memory) and + their output format + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to\ + \ String() and AsInt64() accessors.\n\ + \nThe serialization format is:\n\n\ + ::= \n\ + \ (Note that may be empty,\ + \ from the \"\" case in .)\n\ + ::= 0 | 1 | ...\ + \ | 9 ::= \ + \ | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= \ + \ | | \ + \ ::= Ki | Mi |\ + \ Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k\ + \ | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't\ + \ choose the capitalization.)\n\ + \ ::= \"e\" | \"E\"\ + \ \n\nNo matter which\ + \ of the three exponent forms is used,\ + \ no quantity may represent a number\ + \ greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This\ + \ may be extended in the future if\ + \ we require larger or smaller quantities.\n\ + \nWhen a Quantity is parsed from a\ + \ string, it will remember the type\ + \ of suffix it had, and will use the\ + \ same type again when it is serialized.\n\ + \nBefore serializing, Quantity will\ + \ be put in \"canonical form\". This\ + \ means that Exponent/suffix will\ + \ be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa)\ + \ such that:\n a. No precision is\ + \ lost\n b. No fractional digits\ + \ will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\n\ + The sign will be omitted unless the\ + \ number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as \"1500m\"\ + \n 1.5Gi will be serialized as \"\ + 1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That\ + \ is the whole point of this exercise.\n\ + \nNon-canonical values will still\ + \ parse as long as they are well formed,\ + \ but will be re-emitted in their\ + \ canonical form. (So always use canonical\ + \ form, or don't diff.)\n\nThis format\ + \ is intended to make it difficult\ + \ to use these numbers without writing\ + \ some sort of special handling code\ + \ in the hopes that that will cause\ + \ implementors to also use a fixed\ + \ point implementation." + type: string + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: Represents an empty directory for a pod. + Empty directory volumes support ownership management + and SELinux relabeling. + properties: + medium: + description: 'What type of storage medium should + back this directory. The default is "" which + means to use the node''s default medium. Must + be an empty string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::= \n\ + \ (Note that may be empty, from the\ + \ \"\" case in .)\n \ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | . | .\ + \ | . ::= \"+\" |\ + \ \"-\" ::= | \ + \ ::= | \ + \ | ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G |\ + \ T | P | E\n (Note that 1024 = 1Ki but 1000\ + \ = 1k; I didn't choose the capitalization.)\n\ + ::= \"e\" |\ + \ \"E\" \n\nNo matter which of\ + \ the three exponent forms is used, no quantity\ + \ may represent a number greater than 2^63-1\ + \ in magnitude, nor may it have more than 3\ + \ decimal places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.: 0.1m\ + \ will rounded up to 1m.) This may be extended\ + \ in the future if we require larger or smaller\ + \ quantities.\n\nWhen a Quantity is parsed from\ + \ a string, it will remember the type of suffix\ + \ it had, and will use the same type again when\ + \ it is serialized.\n\nBefore serializing, Quantity\ + \ will be put in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted up or\ + \ down (with a corresponding increase or decrease\ + \ in Mantissa) such that:\n a. No precision\ + \ is lost\n b. No fractional digits will be\ + \ emitted\n c. The exponent (or suffix) is\ + \ as large as possible.\nThe sign will be omitted\ + \ unless the number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as \"1500m\"\n 1.5Gi\ + \ will be serialized as \"1536Mi\"\n\nNote that\ + \ the quantity will NEVER be internally represented\ + \ by a floating point number. That is the whole\ + \ point of this exercise.\n\nNon-canonical values\ + \ will still parse as long as they are well\ + \ formed, but will be re-emitted in their canonical\ + \ form. (So always use canonical form, or don't\ + \ diff.)\n\nThis format is intended to make\ + \ it difficult to use these numbers without\ + \ writing some sort of special handling code\ + \ in the hopes that that will cause implementors\ + \ to also use a fixed point implementation." + type: string + type: object + gitRepo: + description: 'Represents a volume that is populated + with the contents of a git repository. Git repo + volumes do not support ownership management. Git + repo volumes support SELinux relabeling. + + + DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into + an InitContainer that clones the repo using git, + then mount the EmptyDir into the Pod''s container.' + properties: + directory: + description: Target directory name. Must not contain + or start with '..'. If '.' is supplied, the + volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git + repository in the subdirectory with the given + name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: Represents a Glusterfs mount that lasts + the lifetime of a pod. Glusterfs volumes do not + support ownership management or SELinux relabeling. + properties: + endpoints: + description: 'EndpointsName is the endpoint name + that details Glusterfs topology. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the Glusterfs + volume to be mounted with read-only permissions. + Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: Represents a host path mapped into a + pod. Host path volumes do not support ownership + management or SELinux relabeling. + properties: + path: + description: 'Path of the directory on the host. + If the path is a symlink, it will follow the + link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + nfs: + description: Represents an NFS mount that lasts the + lifetime of a pod. NFS volumes do not support ownership + management or SELinux relabeling. + properties: + path: + description: 'Path that is exported by the NFS + server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the NFS + export to be mounted with read-only permissions. + Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or IP address + of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - server + - path + type: object + projected: + description: Represents a projected volume source + properties: + defaultMode: + description: Mode bits used to set permissions + on created files by default. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values + for mode bits. Directories within the path are + not affected by this setting. This might be + in conflict with other options that affect the + file mode, like fsGroup, and the result can + be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: 'Adapts a ConfigMap into a + projected volume. + + + The contents of the target ConfigMap''s + Data field will be presented in a projected + volume as files using the keys in the + Data field as the file names, unless the + items element is populated with specific + mappings of keys to paths. Note that this + is identical to a configmap volume source + without the default mode.' + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the + volume as a file whose name is the + key and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the ConfigMap, the volume setup + will error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits + used to set permissions on this + file. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If not + specified, the volume defaultMode + will be used. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path + of the file to map the key to. + May not be an absolute path. + May not contain the path element + '..'. May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: Represents downward API info + for projecting into a projected volume. + Note that this is identical to a downwardAPI + volume source without the default mode. + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile + represents information to create + the file containing the pod field + properties: + fieldRef: + description: ObjectFieldSelector + selects an APIVersioned field + of an object. + properties: + apiVersion: + description: Version of the + schema the FieldPath is + written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits + used to set permissions on this + file, must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If not + specified, the volume defaultMode + will be used. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. + Must be utf-8 encoded. The first + item of the relative path must + not start with ''..''' + type: string + resourceFieldRef: + description: ResourceFieldSelector + represents container resources + (cpu, memory) and their output + format + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + description: "Quantity is\ + \ a fixed-point representation\ + \ of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition\ + \ to String() and AsInt64()\ + \ accessors.\n\nThe serialization\ + \ format is:\n\n\ + \ ::= \n\ + \ (Note that may\ + \ be empty, from the \"\"\ + \ case in .)\n\ + ::= 0\ + \ | 1 | ... | 9 \ + \ ::= |\ + \ \ + \ ::= \ + \ | . |\ + \ . | .\ + \ ::=\ + \ \"+\" | \"-\" \ + \ ::= | \ + \ ::=\ + \ | \ + \ | \ + \ ::= Ki | Mi | Gi\ + \ | Ti | Pi | Ei\n (International\ + \ System of units; See:\ + \ http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m\ + \ | \"\" | k | M | G | T\ + \ | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 =\ + \ 1k; I didn't choose the\ + \ capitalization.)\n\ + \ ::= \"e\" \ + \ | \"E\" \n\ + \nNo matter which of the\ + \ three exponent forms is\ + \ used, no quantity may\ + \ represent a number greater\ + \ than 2^63-1 in magnitude,\ + \ nor may it have more than\ + \ 3 decimal places. Numbers\ + \ larger or more precise\ + \ will be capped or rounded\ + \ up. (E.g.: 0.1m will rounded\ + \ up to 1m.) This may be\ + \ extended in the future\ + \ if we require larger or\ + \ smaller quantities.\n\n\ + When a Quantity is parsed\ + \ from a string, it will\ + \ remember the type of suffix\ + \ it had, and will use the\ + \ same type again when it\ + \ is serialized.\n\nBefore\ + \ serializing, Quantity\ + \ will be put in \"canonical\ + \ form\". This means that\ + \ Exponent/suffix will be\ + \ adjusted up or down (with\ + \ a corresponding increase\ + \ or decrease in Mantissa)\ + \ such that:\n a. No precision\ + \ is lost\n b. No fractional\ + \ digits will be emitted\n\ + \ c. The exponent (or suffix)\ + \ is as large as possible.\n\ + The sign will be omitted\ + \ unless the number is negative.\n\ + \nExamples:\n 1.5 will\ + \ be serialized as \"1500m\"\ + \n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote\ + \ that the quantity will\ + \ NEVER be internally represented\ + \ by a floating point number.\ + \ That is the whole point\ + \ of this exercise.\n\n\ + Non-canonical values will\ + \ still parse as long as\ + \ they are well formed,\ + \ but will be re-emitted\ + \ in their canonical form.\ + \ (So always use canonical\ + \ form, or don't diff.)\n\ + \nThis format is intended\ + \ to make it difficult to\ + \ use these numbers without\ + \ writing some sort of special\ + \ handling code in the hopes\ + \ that that will cause implementors\ + \ to also use a fixed point\ + \ implementation." + type: string + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: 'Adapts a secret into a projected + volume. + + + The contents of the target Secret''s Data + field will be presented in a projected + volume as files using the keys in the + Data field as the file names. Note that + this is identical to a secret volume source + without the default mode.' + properties: + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the + volume as a file whose name is the + key and content is the value. If specified, + the listed keys will be projected + into the specified paths, and unlisted + keys will not be present. If a key + is specified which is not present + in the Secret, the volume setup will + error unless it is marked optional. + Paths must be relative and may not + contain the '..' path or start with + '..'. + items: + description: Maps a string key to + a path within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits + used to set permissions on this + file. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML + accepts both octal and decimal + values, JSON requires decimal + values for mode bits. If not + specified, the volume defaultMode + will be used. This might be + in conflict with other options + that affect the file mode, like + fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path + of the file to map the key to. + May not be an absolute path. + May not contain the path element + '..'. May not start with the + string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: ServiceAccountTokenProjection + represents a projected service account + token volume. This projection can be used + to insert a service account token into + the pods runtime filesystem for use against + APIs (Kubernetes API Server or otherwise). + properties: + audience: + description: Audience is the intended + audience of the token. A recipient + of a token must identify itself with + an identifier specified in the audience + of the token, and otherwise should + reject the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the + requested duration of validity of + the service account token. As the + token approaches expiration, the kubelet + volume plugin will proactively rotate + the service account token. The kubelet + will start trying to rotate the token + if the token is older than 80 percent + of its time to live or if the token + is older than 24 hours.Defaults to + 1 hour and must be at least 10 minutes. + format: int64 + type: integer + path: + description: Path is the path relative + to the mount point of the file to + project the token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + description: 'Adapts a Secret into a volume. + + + The contents of the target Secret''s Data field + will be presented in a volume as files using the + keys in the Data field as the file names. Secret + volumes support ownership management and SELinux + relabeling.' + properties: + defaultMode: + description: 'Optional: mode bits used to set + permissions on created files by default. Must + be an octal value between 0000 and 0777 or a + decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires + decimal values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict with + other options that affect the file mode, like + fsGroup, and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value pair + in the Data field of the referenced Secret will + be projected into the volume as a file whose + name is the key and content is the value. If + specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified which + is not present in the Secret, the volume setup + will error unless it is marked optional. Paths + must be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to + set permissions on this file. Must be + an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. If not specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can + be other mode bits set.' + format: int32 + type: integer + path: + description: The relative path of the file + to map the key to. May not be an absolute + path. May not contain the path element + '..'. May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret or its + keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s + namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + customInitContainers: + type: array + description: "A list of custom application init containers\ + \ that run within the coordinator cluster's Pods. The\n\ + \ custom init containers will run following the defined\ + \ sequence as the end of\n cluster's Pods init containers.\n\ + \nThe name used in this section will be prefixed with\ + \ the string `custom-` so that when\n referencing them\ + \ in the .spec.containers section of SGInstanceProfile\ + \ the name used\n have to be prepended with the same\ + \ prefix.\n\n**Changing this field may require a restart.**\n\ + \nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\n" + items: + type: object + description: "A custom application init container that\ + \ run within the cluster's Pods. The custom init\n containers\ + \ will run following the defined sequence as the end\ + \ of cluster's Pods init\n containers.\n\nThe name used\ + \ in this section will be prefixed with the string `custom-`\ + \ so that when\n referencing them in the .spec.containers\ + \ section of SGInstanceProfile the name used\n have\ + \ to be prepended with the same prefix.\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\\\ + n\n\n**Changing this field may require a restart.**\n" + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ + are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a variable + cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: EnvVarSource represents a source + for the value of an EnvVar. + properties: + configMapKeyRef: + description: Selects a key from a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: ObjectFieldSelector selects + an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: ResourceFieldSelector represents + container resources (cpu, memory) and + their output format + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to\ + \ String() and AsInt64() accessors.\n\ + \nThe serialization format is:\n\n\ + ::= \n\ + \ (Note that may be empty,\ + \ from the \"\" case in .)\n\ + ::= 0 | 1 | ...\ + \ | 9 ::= \ + \ | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= \ + \ | | \ + \ ::= Ki | Mi |\ + \ Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k\ + \ | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't\ + \ choose the capitalization.)\n\ + \ ::= \"e\" | \"E\"\ + \ \n\nNo matter which\ + \ of the three exponent forms is used,\ + \ no quantity may represent a number\ + \ greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This\ + \ may be extended in the future if\ + \ we require larger or smaller quantities.\n\ + \nWhen a Quantity is parsed from a\ + \ string, it will remember the type\ + \ of suffix it had, and will use the\ + \ same type again when it is serialized.\n\ + \nBefore serializing, Quantity will\ + \ be put in \"canonical form\". This\ + \ means that Exponent/suffix will\ + \ be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa)\ + \ such that:\n a. No precision is\ + \ lost\n b. No fractional digits\ + \ will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\n\ + The sign will be omitted unless the\ + \ number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as \"1500m\"\ + \n 1.5Gi will be serialized as \"\ + 1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That\ + \ is the whole point of this exercise.\n\ + \nNon-canonical values will still\ + \ parse as long as they are well formed,\ + \ but will be re-emitted in their\ + \ canonical form. (So always use canonical\ + \ form, or don't diff.)\n\nThis format\ + \ is intended to make it difficult\ + \ to use these numbers without writing\ + \ some sort of special handling code\ + \ in the hopes that that will cause\ + \ implementors to also use a fixed\ + \ point implementation." + type: string + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: SecretKeySelector selects a + key of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container + is starting. When a key exists in multiple sources, + the value associated with the last source will take + precedence. Values defined by an Env with a duplicate + key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: 'ConfigMapEnvSource selects a ConfigMap + to populate the environment variables with. + + + The contents of the target ConfigMap''s Data + field will represent the key-value pairs as + environment variables.' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: 'SecretEnvSource selects a Secret + to populate the environment variables with. + + + The contents of the target Secret''s Data + field will represent the key-value pairs as + environment variables.' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag + is specified, or IfNotPresent otherwise. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle describes actions that the + management system should take in response to container + lifecycle events. For the PostStart and PreStop + lifecycle handlers, management of the container + blocks until the action is complete, unless the + container process fails, in which case the handler + is aborted. + properties: + postStart: + description: Handler defines a specific action + that should be taken + properties: + exec: + description: ExecAction describes a "run in + container" action. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + preStop: + description: Handler defines a specific action + that should be taken + properties: + exec: + description: ExecAction describes a "run in + container" action. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: "Name of the container specified as a\ + \ DNS_LABEL. Each\n container in a pod must have\ + \ a unique name (DNS_LABEL). Cannot\n be updated.\n\ + \nThe name will be prefixed with the string `custom-`\ + \ so that when referencing it\n in the .spec.containers\ + \ section of SGInstanceProfile the name used have\ + \ to be\n prepended with the same prefix.\n" + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional + information about the network connections a container + uses, but is primarily informational. Not specifying + a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible + from the network. Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on the + pod's IP address. This must be a valid port + number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the + host. If specified, this must be a valid port + number, 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port + in a pod must have a unique name. Name for + the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, + TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::= \n\ + \ (Note that may be empty, from\ + \ the \"\" case in .)\n\ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" ::=\ + \ | \ + \ ::= | |\ + \ ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G\ + \ | T | P | E\n (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose the capitalization.)\n\ + ::= \"e\" \ + \ | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no\ + \ quantity may represent a number greater\ + \ than 2^63-1 in magnitude, nor may it have\ + \ more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded\ + \ up. (E.g.: 0.1m will rounded up to 1m.)\ + \ This may be extended in the future if we\ + \ require larger or smaller quantities.\n\n\ + When a Quantity is parsed from a string, it\ + \ will remember the type of suffix it had,\ + \ and will use the same type again when it\ + \ is serialized.\n\nBefore serializing, Quantity\ + \ will be put in \"canonical form\". This\ + \ means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n a.\ + \ No precision is lost\n b. No fractional\ + \ digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe\ + \ sign will be omitted unless the number is\ + \ negative.\n\nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by\ + \ a floating point number. That is the whole\ + \ point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they\ + \ are well formed, but will be re-emitted\ + \ in their canonical form. (So always use\ + \ canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult\ + \ to use these numbers without writing some\ + \ sort of special handling code in the hopes\ + \ that that will cause implementors to also\ + \ use a fixed point implementation." + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::= \n\ + \ (Note that may be empty, from\ + \ the \"\" case in .)\n\ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" ::=\ + \ | \ + \ ::= | |\ + \ ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G\ + \ | T | P | E\n (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose the capitalization.)\n\ + ::= \"e\" \ + \ | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no\ + \ quantity may represent a number greater\ + \ than 2^63-1 in magnitude, nor may it have\ + \ more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded\ + \ up. (E.g.: 0.1m will rounded up to 1m.)\ + \ This may be extended in the future if we\ + \ require larger or smaller quantities.\n\n\ + When a Quantity is parsed from a string, it\ + \ will remember the type of suffix it had,\ + \ and will use the same type again when it\ + \ is serialized.\n\nBefore serializing, Quantity\ + \ will be put in \"canonical form\". This\ + \ means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n a.\ + \ No precision is lost\n b. No fractional\ + \ digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe\ + \ sign will be omitted unless the number is\ + \ negative.\n\nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by\ + \ a floating point number. That is the whole\ + \ point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they\ + \ are well formed, but will be re-emitted\ + \ in their canonical form. (So always use\ + \ canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult\ + \ to use these numbers without writing some\ + \ sort of special handling code in the hopes\ + \ that that will cause implementors to also\ + \ use a fixed point implementation." + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. Some fields + are present in both SecurityContext and PodSecurityContext. When + both are set, the values in SecurityContext take + precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the + container process. AllowPrivilegeEscalation + is true always when the container is: 1) run + as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: Adds and removes POSIX capabilities + from running containers. + properties: + add: + description: Added capabilities + items: + type: string + type: array + drop: + description: Removed capabilities + items: + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults to + false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default + is DefaultProcMount which uses the container + runtime defaults for readonly paths and masked + paths. This requires the ProcMountType feature + flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of + the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must + run as a non-root user. If true, the Kubelet + will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail + to start the container if it does. If unset + or false, no such validation will be performed. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of + the container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: SELinuxOptions are the labels to + be applied to the container + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: SeccompProfile defines a pod/container's + seccomp profile settings. Only one profile source + may be set. + properties: + localhostProfile: + description: localhostProfile indicates a + profile defined in a file on the node should + be used. The profile must be preconfigured + on the node to work. Must be a descending + path, relative to the kubelet's configured + seccomp profile location. Must only be set + if type is "Localhost". + type: string + type: + description: 'type indicates which kind of + seccomp profile will be applied. Valid options + are: + + + Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile + should be used. Unconfined - no profile + should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: WindowsSecurityContextOptions contain + Windows-specific options and credentials. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only + be honored by components that enable the + WindowsHostProcessContainers feature flag. + Setting this field without the feature flag + will result in errors when validating the + Pod. All of a Pod's containers must have + the same effective HostProcess value (it + is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. + Defaults to the user specified in image + metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If + this is not set, reads from stdin in the container + will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach sessions. + If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client + attaches to stdin, and then remains open and accepts + data until the client disconnects, at which time + stdin is closed and remains closed until the container + is restarted. If this flag is false, a container + processes that reads from stdin will never receive + an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to + which the container''s termination message will + be written is mounted into the container''s filesystem. + Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output + if the termination message file is empty and the + container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of + a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - name + - devicePath + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of + a Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how + mounts are propagated from the host to container + and the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults + to false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should be + mounted. Behaves similarly to SubPath but + environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - name + - mountPath + type: object + type: array + workingDir: + description: Container's working directory. If not + specified, the container runtime's default will + be used, which might be configured in the container + image. Cannot be updated. + type: string + required: + - name + customContainers: + type: array + description: "A list of custom application containers that\ + \ run within the shards cluster's Pods.\n\nThe name used\ + \ in this section will be prefixed with the string `custom-`\ + \ so that when\n referencing them in the .spec.containers\ + \ section of SGInstanceProfile the name used\n have to\ + \ be prepended with the same prefix.\n\n**Changing this\ + \ field may require a restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\n" + items: + type: object + description: "A custom application container that run\ + \ within the cluster's Pods. The custom\n containers\ + \ will run following the defined sequence as the end\ + \ of cluster's Pods\n containers.\n\nThe name used in\ + \ this section will be prefixed with the string `custom-`\ + \ so that when\n referencing them in the .spec.containers\ + \ section of SGInstanceProfile the name used\n have\ + \ to be prepended with the same prefix.\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\\\ + n\n\n**Changing this field may require a restart.**\n" + properties: + args: + description: 'Arguments to the entrypoint. The docker + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed within + a shell. The docker image''s ENTRYPOINT is used + if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ + are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. + More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to set + in the container. Cannot be updated. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container and + any service environment variables. If a variable + cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: EnvVarSource represents a source + for the value of an EnvVar. + properties: + configMapKeyRef: + description: Selects a key from a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: ObjectFieldSelector selects + an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: ResourceFieldSelector represents + container resources (cpu, memory) and + their output format + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to\ + \ String() and AsInt64() accessors.\n\ + \nThe serialization format is:\n\n\ + ::= \n\ + \ (Note that may be empty,\ + \ from the \"\" case in .)\n\ + ::= 0 | 1 | ...\ + \ | 9 ::= \ + \ | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= \ + \ | | \ + \ ::= Ki | Mi |\ + \ Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k\ + \ | M | G | T | P | E\n (Note that\ + \ 1024 = 1Ki but 1000 = 1k; I didn't\ + \ choose the capitalization.)\n\ + \ ::= \"e\" | \"E\"\ + \ \n\nNo matter which\ + \ of the three exponent forms is used,\ + \ no quantity may represent a number\ + \ greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This\ + \ may be extended in the future if\ + \ we require larger or smaller quantities.\n\ + \nWhen a Quantity is parsed from a\ + \ string, it will remember the type\ + \ of suffix it had, and will use the\ + \ same type again when it is serialized.\n\ + \nBefore serializing, Quantity will\ + \ be put in \"canonical form\". This\ + \ means that Exponent/suffix will\ + \ be adjusted up or down (with a corresponding\ + \ increase or decrease in Mantissa)\ + \ such that:\n a. No precision is\ + \ lost\n b. No fractional digits\ + \ will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\n\ + The sign will be omitted unless the\ + \ number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as \"1500m\"\ + \n 1.5Gi will be serialized as \"\ + 1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That\ + \ is the whole point of this exercise.\n\ + \nNon-canonical values will still\ + \ parse as long as they are well formed,\ + \ but will be re-emitted in their\ + \ canonical form. (So always use canonical\ + \ form, or don't diff.)\n\nThis format\ + \ is intended to make it difficult\ + \ to use these numbers without writing\ + \ some sort of special handling code\ + \ in the hopes that that will cause\ + \ implementors to also use a fixed\ + \ point implementation." + type: string + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + secretKeyRef: + description: SecretKeySelector selects a + key of a Secret. + properties: + key: + description: The key of the secret to + select from. Must be a valid secret + key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined within + a source must be a C_IDENTIFIER. All invalid keys + will be reported as an event when the container + is starting. When a key exists in multiple sources, + the value associated with the last source will take + precedence. Values defined by an Env with a duplicate + key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the source + of a set of ConfigMaps + properties: + configMapRef: + description: 'ConfigMapEnvSource selects a ConfigMap + to populate the environment variables with. + + + The contents of the target ConfigMap''s Data + field will represent the key-value pairs as + environment variables.' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to prepend + to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: 'SecretEnvSource selects a Secret + to populate the environment variables with. + + + The contents of the target Secret''s Data + field will represent the key-value pairs as + environment variables.' + properties: + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images + in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag + is specified, or IfNotPresent otherwise. Cannot + be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle describes actions that the + management system should take in response to container + lifecycle events. For the PostStart and PreStop + lifecycle handlers, management of the container + blocks until the action is complete, unless the + container process fails, in which case the handler + is aborted. + properties: + postStart: + description: Handler defines a specific action + that should be taken + properties: + exec: + description: ExecAction describes a "run in + container" action. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + preStop: + description: Handler defines a specific action + that should be taken + properties: + exec: + description: ExecAction describes a "run in + container" action. + properties: + command: + description: Command is the command line + to execute inside the container, the + working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to explicitly + call out to that shell. Exit status + of 0 is treated as live/healthy and + non-zero is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a + custom header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: "Name of the container specified as a\ + \ DNS_LABEL. Each\n container in a pod must have\ + \ a unique name (DNS_LABEL). Cannot\n be updated.\n\ + \nThe name will be prefixed with the string `custom-`\ + \ so that when referencing it\n in the .spec.containers\ + \ section of SGInstanceProfile the name used have\ + \ to be\n prepended with the same prefix.\n" + type: string + ports: + description: List of ports to expose from the container. + Exposing a port here gives the system additional + information about the network connections a container + uses, but is primarily informational. Not specifying + a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default + "0.0.0.0" address inside a container will be accessible + from the network. Cannot be updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose on the + pod's IP address. This must be a valid port + number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the external + port to. + type: string + hostPort: + description: Number of port to expose on the + host. If specified, this must be a valid port + number, 0 < x < 65536. If HostNetwork is specified, + this must match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port + in a pod must have a unique name. Name for + the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, + TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: ResourceRequirements describes the compute + resource requirements. + properties: + limits: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::= \n\ + \ (Note that may be empty, from\ + \ the \"\" case in .)\n\ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" ::=\ + \ | \ + \ ::= | |\ + \ ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G\ + \ | T | P | E\n (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose the capitalization.)\n\ + ::= \"e\" \ + \ | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no\ + \ quantity may represent a number greater\ + \ than 2^63-1 in magnitude, nor may it have\ + \ more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded\ + \ up. (E.g.: 0.1m will rounded up to 1m.)\ + \ This may be extended in the future if we\ + \ require larger or smaller quantities.\n\n\ + When a Quantity is parsed from a string, it\ + \ will remember the type of suffix it had,\ + \ and will use the same type again when it\ + \ is serialized.\n\nBefore serializing, Quantity\ + \ will be put in \"canonical form\". This\ + \ means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n a.\ + \ No precision is lost\n b. No fractional\ + \ digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe\ + \ sign will be omitted unless the number is\ + \ negative.\n\nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by\ + \ a floating point number. That is the whole\ + \ point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they\ + \ are well formed, but will be re-emitted\ + \ in their canonical form. (So always use\ + \ canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult\ + \ to use these numbers without writing some\ + \ sort of special handling code in the hopes\ + \ that that will cause implementors to also\ + \ use a fixed point implementation." + type: string + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + description: "Quantity is a fixed-point representation\ + \ of a number. It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::= \n\ + \ (Note that may be empty, from\ + \ the \"\" case in .)\n\ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" ::=\ + \ | \ + \ ::= | |\ + \ ::= Ki | Mi\ + \ | Gi | Ti | Pi | Ei\n (International System\ + \ of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M | G\ + \ | T | P | E\n (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose the capitalization.)\n\ + ::= \"e\" \ + \ | \"E\" \n\nNo matter which\ + \ of the three exponent forms is used, no\ + \ quantity may represent a number greater\ + \ than 2^63-1 in magnitude, nor may it have\ + \ more than 3 decimal places. Numbers larger\ + \ or more precise will be capped or rounded\ + \ up. (E.g.: 0.1m will rounded up to 1m.)\ + \ This may be extended in the future if we\ + \ require larger or smaller quantities.\n\n\ + When a Quantity is parsed from a string, it\ + \ will remember the type of suffix it had,\ + \ and will use the same type again when it\ + \ is serialized.\n\nBefore serializing, Quantity\ + \ will be put in \"canonical form\". This\ + \ means that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n a.\ + \ No precision is lost\n b. No fractional\ + \ digits will be emitted\n c. The exponent\ + \ (or suffix) is as large as possible.\nThe\ + \ sign will be omitted unless the number is\ + \ negative.\n\nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented by\ + \ a floating point number. That is the whole\ + \ point of this exercise.\n\nNon-canonical\ + \ values will still parse as long as they\ + \ are well formed, but will be re-emitted\ + \ in their canonical form. (So always use\ + \ canonical form, or don't diff.)\n\nThis\ + \ format is intended to make it difficult\ + \ to use these numbers without writing some\ + \ sort of special handling code in the hopes\ + \ that that will cause implementors to also\ + \ use a fixed point implementation." + type: string + description: 'Requests describes the minimum amount + of compute resources required. If Requests is + omitted for a container, it defaults to Limits + if that is explicitly specified, otherwise to + an implementation-defined value. More info: + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security configuration + that will be applied to a container. Some fields + are present in both SecurityContext and PodSecurityContext. When + both are set, the values in SecurityContext take + precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges than + its parent process. This bool directly controls + if the no_new_privs flag will be set on the + container process. AllowPrivilegeEscalation + is true always when the container is: 1) run + as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: Adds and removes POSIX capabilities + from running containers. + properties: + add: + description: Added capabilities + items: + type: string + type: array + drop: + description: Removed capabilities + items: + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. + Processes in privileged containers are essentially + equivalent to root on the host. Defaults to + false. + type: boolean + procMount: + description: procMount denotes the type of proc + mount to use for the containers. The default + is DefaultProcMount which uses the container + runtime defaults for readonly paths and masked + paths. This requires the ProcMountType feature + flag to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of + the container process. Uses runtime default + if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must + run as a non-root user. If true, the Kubelet + will validate the image at runtime to ensure + that it does not run as UID 0 (root) and fail + to start the container if it does. If unset + or false, no such validation will be performed. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of + the container process. Defaults to user specified + in image metadata if unspecified. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: SELinuxOptions are the labels to + be applied to the container + properties: + level: + description: Level is SELinux level label + that applies to the container. + type: string + role: + description: Role is a SELinux role label + that applies to the container. + type: string + type: + description: Type is a SELinux type label + that applies to the container. + type: string + user: + description: User is a SELinux user label + that applies to the container. + type: string + type: object + seccompProfile: + description: SeccompProfile defines a pod/container's + seccomp profile settings. Only one profile source + may be set. + properties: + localhostProfile: + description: localhostProfile indicates a + profile defined in a file on the node should + be used. The profile must be preconfigured + on the node to work. Must be a descending + path, relative to the kubelet's configured + seccomp profile location. Must only be set + if type is "Localhost". + type: string + type: + description: 'type indicates which kind of + seccomp profile will be applied. Valid options + are: + + + Localhost - a profile defined in a file + on the node should be used. RuntimeDefault + - the container runtime default profile + should be used. Unconfined - no profile + should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: WindowsSecurityContextOptions contain + Windows-specific options and credentials. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the + GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the + name of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only + be honored by components that enable the + WindowsHostProcessContainers feature flag. + Setting this field without the feature flag + will result in errors when validating the + Pod. All of a Pod's containers must have + the same effective HostProcess value (it + is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run + the entrypoint of the container process. + Defaults to the user specified in image + metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probe describes a health check to be + performed against a container to determine whether + it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run in container" + action. + properties: + command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for + the probe to be considered failed after having + succeeded. Defaults to 3. Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an action + based on HTTP Get requests. + properties: + host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. + items: + description: HTTPHeader describes a custom + header to be used in HTTP probes + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum value + is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for + the probe to be considered successful after + having failed. Defaults to 1. Must be 1 for + liveness and startup. Minimum value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an action + based on opening a socket + properties: + host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that can + hold an int32 or a string. When used in + JSON or YAML marshalling and unmarshalling, + it produces or consumes the inner type. This + allows you to have, for example, a JSON + field that can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds the + pod needs to terminate gracefully upon probe + failure. The grace period is the duration in + seconds after the processes running in the pod + are sent a termination signal and the time when + the processes are forcibly halted with a kill + signal. Set this value longer than the expected + cleanup time for your process. If this value + is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value must + be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity + to shut down). This is a beta field and requires + enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which the + probe times out. Defaults to 1 second. Minimum + value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. If + this is not set, reads from stdin in the container + will always result in EOF. Default is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been opened + by a single attach. When stdin is true the stdin + stream will remain open across multiple attach sessions. + If stdinOnce is set to true, stdin is opened on + container start, is empty until the first client + attaches to stdin, and then remains open and accepts + data until the client disconnects, at which time + stdin is closed and remains closed until the container + is restarted. If this flag is false, a container + processes that reads from stdin will never receive + an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file to + which the container''s termination message will + be written is mounted into the container''s filesystem. + Message written is intended to be brief final status, + such as an assertion failure message. Will be truncated + by the node if greater than 4096 bytes. The total + message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot + be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the container + status message on both success and failure. FallbackToLogsOnError + will use the last chunk of container log output + if the termination message file is empty and the + container exited with an error. The log output is + limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to be true. + Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. + items: + description: volumeDevice describes a mapping of + a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside of + the container that the device will be mapped + to. + type: string + name: + description: name must match the name of a persistentVolumeClaim + in the pod + type: string + required: + - name + - devicePath + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting of + a Volume within a container. + properties: + mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. + type: string + mountPropagation: + description: mountPropagation determines how + mounts are propagated from the host to container + and the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults + to false. + type: boolean + subPath: + description: Path within the volume from which + the container's volume should be mounted. + Defaults to "" (volume's root). + type: string + subPathExpr: + description: Expanded path within the volume + from which the container's volume should be + mounted. Behaves similarly to SubPath but + environment variable references $(VAR_NAME) + are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr + and SubPath are mutually exclusive. + type: string + required: + - name + - mountPath + type: object + type: array + workingDir: + description: Container's working directory. If not + specified, the container runtime's default will + be used, which might be configured in the container + image. Cannot be updated. + type: string + required: + - name + required: + - persistentVolume + configurations: + type: object + description: 'Shards custom configurations. + + ' + properties: + sgPostgresConfig: + type: string + description: 'Name of the [SGPostgresConfig](https://stackgres.io/doc/latest/reference/crd/sgpgconfig) + used for the cluster. It must exist. When not set, a default + Postgres config, for the major version selected, is used. + + + **Changing this field may require a restart.** + + ' + sgPoolingConfig: + type: string + description: 'Name of the [SGPoolingConfig](https://stackgres.io/doc/latest/reference/crd/sgpoolconfig) + used for this cluster. Each pod contains a sidecar with + a connection pooler (currently: [PgBouncer](https://www.pgbouncer.org/)). + The connection pooler is implemented as a sidecar. + + + If not set, a default configuration will be used. Disabling + connection pooling altogether is possible if the disableConnectionPooling + property of the pods object is set to true. + + + **Changing this field may require a restart.** + + ' + replication: + type: object + description: "This section allows to configure the global Postgres\ + \ replication mode.\n\nThe main replication group is implicit\ + \ and contains the total number of instances less the sum\ + \ of all\n instances in other replication groups.\n\nThe\ + \ total number of instances is always specified by `.spec.instances`.\n" + properties: + mode: + type: string + description: "The replication mode applied to the whole\ + \ cluster.\nPossible values are:\n* `async` (default)\n\ + * `sync`\n* `strict-sync`\n* `sync-all`\n* `strict-sync-all`\n\ + \n**async**\n\nWhen in asynchronous mode the cluster is\ + \ allowed to lose some committed transactions.\n When\ + \ the primary server fails or becomes unavailable for\ + \ any other reason a sufficiently healthy standby\n will\ + \ automatically be promoted to primary. Any transactions\ + \ that have not been replicated to that standby\n remain\ + \ in a \"forked timeline\" on the primary, and are effectively\ + \ unrecoverable (the data is still there,\n but recovering\ + \ it requires a manual recovery effort by data recovery\ + \ specialists).\n\n**sync**\n\nWhen in synchronous mode\ + \ a standby will not be promoted unless it is certain\ + \ that the standby contains all\n transactions that may\ + \ have returned a successful commit status to client (clients\ + \ can change the behavior\n per transaction using PostgreSQL’s\ + \ `synchronous_commit` setting. Transactions with `synchronous_commit`\n\ + \ values of `off` and `local` may be lost on fail over,\ + \ but will not be blocked by replication delays). This\n\ + \ means that the system may be unavailable for writes\ + \ even though some servers are available. System\n administrators\ + \ can still use manual failover commands to promote a\ + \ standby even if it results in transaction\n loss.\n\ + \nSynchronous mode does not guarantee multi node durability\ + \ of commits under all circumstances. When no suitable\n\ + \ standby is available, primary server will still accept\ + \ writes, but does not guarantee their replication. When\n\ + \ the primary fails in this mode no standby will be promoted.\ + \ When the host that used to be the primary comes\n back\ + \ it will get promoted automatically, unless system administrator\ + \ performed a manual failover. This behavior\n makes\ + \ synchronous mode usable with 2 node clusters.\n\nWhen\ + \ synchronous mode is used and a standby crashes, commits\ + \ will block until the primary is switched to standalone\n\ + \ mode. Manually shutting down or restarting a standby\ + \ will not cause a commit service interruption. Standby\ + \ will\n signal the primary to release itself from synchronous\ + \ standby duties before PostgreSQL shutdown is initiated.\n\ + \n**strict-sync**\n\nWhen it is absolutely necessary to\ + \ guarantee that each write is stored durably on at least\ + \ two nodes, use the strict\n synchronous mode. This\ + \ mode prevents synchronous replication to be switched\ + \ off on the primary when no synchronous\n standby candidates\ + \ are available. As a downside, the primary will not be\ + \ available for writes (unless the Postgres\n transaction\ + \ explicitly turns off `synchronous_mode` parameter),\ + \ blocking all client write requests until at least one\n\ + \ synchronous replica comes up.\n\n**Note**: Because\ + \ of the way synchronous replication is implemented in\ + \ PostgreSQL it is still possible to lose\n transactions\ + \ even when using strict synchronous mode. If the PostgreSQL\ + \ backend is cancelled while waiting to acknowledge\n\ + \ replication (as a result of packet cancellation due\ + \ to client timeout or backend failure) transaction changes\ + \ become\n visible for other backends. Such changes are\ + \ not yet replicated and may be lost in case of standby\ + \ promotion.\n\n**sync-all**\n\nThe same as `sync` but\ + \ `syncInstances` is ignored and the number of synchronous\ + \ instances is equals to the total number\n of instances\ + \ less one.\n\n**strict-sync-all**\n\nThe same as `strict-sync`\ + \ but `syncInstances` is ignored and the number of synchronous\ + \ instances is equals to the total number\n of instances\ + \ less one.\n" + default: async + syncInstances: + type: integer + minimum: 1 + description: "Number of synchronous standby instances. Must\ + \ be less than the total number of instances. It is set\ + \ to 1 by default.\n Only setteable if mode is `sync`\ + \ or `strict-sync`.\n" + metadata: + type: object + description: Metadata information from shards cluster created + resources. + properties: + annotations: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + to be passed to resources created and managed by StackGres. + properties: + allResources: + type: object + description: Annotations to attach to any resource created + or managed by StackGres. + additionalProperties: + type: string + clusterPods: + type: object + description: Annotations to attach to pods created or + managed by StackGres. + additionalProperties: + type: string + services: + type: object + description: Annotations to attach to all services created + or managed by StackGres. + additionalProperties: + type: string + primaryService: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + passed to the `-primary` service. + additionalProperties: + type: string + replicasService: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + passed to the `-replicas` service. + additionalProperties: + type: string + labels: + type: object + description: Custom Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) + to be passed to resources created and managed by StackGres. + properties: + clusterPods: + type: object + description: Labels to attach to Pods created or managed + by StackGres. + additionalProperties: + type: string + services: + type: object + description: Labels to attach to Services and Endpoints + created or managed by StackGres. + additionalProperties: + type: string + overrides: + type: array + description: 'Any shard can be overriden by this section. + + ' + items: + type: object + description: 'Any shard can be overriden by this section. + + ' + properties: + index: + type: integer + minimum: 0 + maximum: 15 + description: 'Identifier of the shard StackGres cluster + to override (starting from 0) + + ' + instancesPerCluster: + type: integer + minimum: 1 + maximum: 16 + description: "Number of StackGres instances per shard's\ + \ StackGres cluster. Each instance contains one Postgres\ + \ server.\n Out of all of the Postgres servers, one\ + \ is elected as the primary, the rest remain as read-only\ + \ replicas.\n" + sgInstanceProfile: + type: string + description: 'Name of the [SGInstanceProfile](https://stackgres.io/doc/latest/04-postgres-cluster-management/03-resource-profiles/). + A SGInstanceProfile defines CPU and memory limits. Must + exist before creating a cluster. When no profile is + set, a default (currently: 1 core, 2 GiB RAM) one is + used. + + ' + managedSql: + type: object + description: 'This section allows to reference SQL scripts + that will be applied to the cluster live. + + ' + properties: + continueOnSGScriptError: + type: boolean + description: If true, when any entry of any `SGScript` + fail will not prevent subsequent `SGScript` from + being executed. By default is `false`. + scripts: + type: array + description: 'A list of script references that will + be executed in sequence. + + ' + items: + type: object + description: "A script reference. Each version of\ + \ each entry of the script referenced will be\ + \ executed exactly once following the sequence\ + \ defined\n in the referenced script and skipping\ + \ any script entry that have already been executed.\n" + properties: + id: + type: integer + description: The id is immutable and must be + unique across all the `SGScript` entries. + It is replaced by the operator and is used + to identify the `SGScript` entry. + sgScript: + type: string + description: A reference to an `SGScript` + pods: + type: object + description: Cluster pod's configuration. + properties: + persistentVolume: + type: object + description: Pod's persistent volume configuration. + properties: + size: + type: string + pattern: ^[0-9]+(\.[0-9]+)?(Mi|Gi|Ti)$ + description: 'Size of the PersistentVolume set + for each instance of the cluster. This size + is specified either in Mebibytes, Gibibytes + or Tebibytes (multiples of 2^20, 2^30 or 2^40, + respectively). + + ' + storageClass: + type: string + description: 'Name of an existing StorageClass + in the Kubernetes cluster, used to create the + PersistentVolumes for the instances of the cluster. + + ' + required: + - size + disableConnectionPooling: + type: boolean + description: 'If set to `true`, avoids creating a + connection pooling (using [PgBouncer](https://www.pgbouncer.org/)) + sidecar. + + + **Changing this field may require a restart.** + + ' + disableMetricsExporter: + type: boolean + description: If set to `true`, avoids creating the + Prometheus exporter sidecar. Recommended when there's + no intention to use Prometheus for monitoring. + disablePostgresUtil: + type: boolean + description: 'If set to `true`, avoids creating the + `postgres-util` sidecar. This sidecar contains usual + Postgres administration utilities *that are not + present in the main (`patroni`) container*, like + `psql`. Only disable if you know what you are doing. + + + **Changing this field may require a restart.** + + ' + resources: + type: object + description: Pod custom resources configuration. + properties: + enableClusterLimitsRequirements: + type: boolean + description: 'When enabled resource limits for + containers other than the patroni container + wil be set just like for patroni contianer as + specified in the SGInstanceProfile. + + + **Changing this field may require a restart.** + + ' + disableResourcesRequestsSplitFromTotal: + type: boolean + description: "When set to `true` the resources\ + \ requests values in fields `SGInstanceProfile.spec.requests.cpu`\ + \ and `SGInstanceProfile.spec.requests.memory`\ + \ will represent the resources\n requests of\ + \ the patroni container and the total resources\ + \ requests calculated by adding the resources\ + \ requests of all the containers (including\ + \ the patroni container).\n\n**Changing this\ + \ field may require a restart.**\n" + scheduling: + type: object + description: 'Pod custom scheduling, affinity and + topology spread constratins configuration. + + + **Changing this field may require a restart.** + + ' + properties: + nodeSelector: + type: object + additionalProperties: + type: string + description: 'NodeSelector is a selector which + must be true for the pod to fit on a node. Selector + which must match a node''s labels for the pod + to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + + ' + tolerations: + description: 'If specified, the pod''s tolerations. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + type: array + items: + description: 'The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + properties: + effect: + description: 'Effect indicates the taint + effect to match. Empty means match all + taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule + and NoExecute. + + + ' + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means + to match all values and all keys. + type: string + operator: + description: 'Operator represents a key''s + relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints + of a particular category. + + + ' + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. + By default, it is not set, which means + tolerate the taint forever (do not evict). + Zero and negative values will be treated + as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator + is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + nodeAffinity: + description: 'Node affinity is a group of node + affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: 'Represents a + key''s relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: 'Represents a + key''s relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the + union of the results of one or more label + queries over a set of nodes; that is, it + represents the OR of the selectors represented + by the node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: 'Represents a + key''s relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: 'Represents a + key''s relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + priorityClassName: + type: string + description: 'Priority indicates the importance + of a Pod relative to other Pods. If a Pod cannot + be scheduled, the scheduler tries to preempt + (evict) lower priority Pods to make scheduling + of the pending Pod possible. + + ' + podAffinity: + description: 'Pod affinity is a group of inter + pod affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label selector is + a label query over a set of resources. + The result of matchLabels and + matchExpressions are ANDed. An + empty label selector matches all + objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is + a label query over a set of resources. + The result of matchLabels and + matchExpressions are ANDed. An + empty label selector matches all + objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod + label update), the system may or may not + try to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The + result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The + result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: 'Pod anti affinity is a group of + inter pod anti affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with the + greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label selector is + a label query over a set of resources. + The result of matchLabels and + matchExpressions are ANDed. An + empty label selector matches all + objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is + a label query over a set of resources. + The result of matchLabels and + matchExpressions are ANDed. An + empty label selector matches all + objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system may + or may not try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The + result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label + query over a set of resources. The + result of matchLabels and matchExpressions + are ANDed. An empty label selector + matches all objects. A null label + selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + topologySpreadConstraints: + type: array + description: 'TopologySpreadConstraints describes + how a group of pods ought to spread across topology + domains. Scheduler will schedule pods in a way + which abides by the constraints. All topologySpreadConstraints + are ANDed. + + ' + items: + description: 'TopologySpreadConstraint specifies + how to spread matching pods among the given + topology. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#topologyspreadconstraint-v1-core + + ' + properties: + labelSelector: + description: A label selector is a label + query over a set of resources. The result + of matchLabels and matchExpressions are + ANDed. An empty label selector matches + all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + matchLabelKeys: + description: MatchLabelKeys is a set of + pod label keys to select the pods over + which spreading will be calculated. The + keys are used to lookup values from the + incoming pod labels, those key-value labels + are ANDed with labelSelector to select + the group of existing pods over which + spreading will be calculated for the incoming + pod. Keys that don't exist in the incoming + pod labels will be ignored. A null or + empty list means only match against labelSelector. + items: + type: string + type: array + maxSkew: + description: 'MaxSkew describes the degree + to which pods may be unevenly distributed. + When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference + between the number of matching pods in + the target topology and the global minimum. + The global minimum is the minimum number + of matching pods in an eligible domain + or zero if the number of eligible domains + is less than MinDomains. For example, + in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global + minimum is 1. | zone1 | zone2 | zone3 + | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled + to zone3 to become 2/2/2; scheduling it + onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - + if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to + topologies that satisfy it. It''s a required + field. Default value is 1 and 0 is not + allowed.' + format: int32 + type: integer + minDomains: + description: 'MinDomains indicates a minimum + number of eligible domains. When the number + of eligible domains with matching topology + keys is less than minDomains, Pod Topology + Spread treats "global minimum" as 0, and + then the calculation of Skew is performed. + And when the number of eligible domains + with matching topology keys equals or + greater than minDomains, this value has + no effect on scheduling. As a result, + when the number of eligible domains is + less than minDomains, scheduler won''t + schedule more than maxSkew Pods to those + domains. If value is nil, the constraint + behaves as if MinDomains is equal to 1. + Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. + + + For example, in a 3-zone cluster, MaxSkew + is set to 2, MinDomains is set to 5 and + pods with the same labelSelector spread + as 2/2/2: | zone1 | zone2 | zone3 | | P + P | P P | P P | The number of domains + is less than 5(MinDomains), so "global + minimum" is treated as 0. In this situation, + new pod with the same labelSelector cannot + be scheduled, because computed skew will + be 3(3 - 0) if new Pod is scheduled to + any of the three zones, it will violate + MaxSkew. + + + This is a beta field and requires the + MinDomainsInPodTopologySpread feature + gate to be enabled (enabled by default).' + format: int32 + type: integer + nodeAffinityPolicy: + description: 'NodeAffinityPolicy indicates + how we will treat Pod''s nodeAffinity/nodeSelector + when calculating pod topology spread skew. + Options are: - Honor: only nodes matching + nodeAffinity/nodeSelector are included + in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in + the calculations. + + + If this value is nil, the behavior is + equivalent to the Honor policy. This is + a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag.' + type: string + nodeTaintsPolicy: + description: 'NodeTaintsPolicy indicates + how we will treat node taints when calculating + pod topology spread skew. Options are: + - Honor: nodes without taints, along with + tainted nodes for which the incoming pod + has a toleration, are included. - Ignore: + node taints are ignored. All nodes are + included. + + + If this value is nil, the behavior is + equivalent to the Ignore policy. This + is a alpha-level feature enabled by the + NodeInclusionPolicyInPodTopologySpread + feature flag.' + type: string + topologyKey: + description: TopologyKey is the key of node + labels. Nodes that have a label with this + key and identical values are considered + to be in the same topology. We consider + each as a "bucket", and try + to put balanced number of pods into each + bucket. We define a domain as a particular + instance of a topology. Also, we define + an eligible domain as a domain whose nodes + meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey + is "kubernetes.io/hostname", each Node + is a domain of that topology. And, if + TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. + It's a required field. + type: string + whenUnsatisfiable: + description: "WhenUnsatisfiable indicates\ + \ how to deal with a pod if it doesn't\ + \ satisfy the spread constraint. - DoNotSchedule\ + \ (default) tells the scheduler not to\ + \ schedule it. - ScheduleAnyway tells\ + \ the scheduler to schedule the pod in\ + \ any location,\n but giving higher precedence\ + \ to topologies that would help reduce\ + \ the\n skew.\nA constraint is considered\ + \ \"Unsatisfiable\" for an incoming pod\ + \ if and only if every possible node assignment\ + \ for that pod would violate \"MaxSkew\"\ + \ on some topology. For example, in a\ + \ 3-zone cluster, MaxSkew is set to 1,\ + \ and pods with the same labelSelector\ + \ spread as 3/1/1: | zone1 | zone2 | zone3\ + \ | | P P P | P | P | If WhenUnsatisfiable\ + \ is set to DoNotSchedule, incoming pod\ + \ can only be scheduled to zone2(zone3)\ + \ to become 3/2/1(3/1/2) as ActualSkew(2-1)\ + \ on zone2(zone3) satisfies MaxSkew(1).\ + \ In other words, the cluster can still\ + \ be imbalanced, but scheduler won't make\ + \ it *more* imbalanced. It's a required\ + \ field.\n\n" + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + backup: + type: object + description: Backup Pod custom scheduling and + affinity configuration. + properties: + nodeSelector: + description: 'Node affinity is a group of + node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents + the union of the results of one or more + label queries over a set of nodes; that + is, it represents the OR of the selectors + represented by the node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + tolerations: + description: 'Node affinity is a group of + node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents + the union of the results of one or more + label queries over a set of nodes; that + is, it represents the OR of the selectors + represented by the node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + nodeAffinity: + description: 'Node affinity is a group of + node affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents + the union of the results of one or more + label queries over a set of nodes; that + is, it represents the OR of the selectors + represented by the node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: 'Represents + a key''s relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + + + ' + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + priorityClassName: + type: string + description: 'Priority indicates the importance + of a Pod relative to other Pods. If a Pod + cannot be scheduled, the scheduler tries + to preempt (evict) lower priority Pods to + make scheduling of the pending Pod possible. + + ' + podAffinity: + description: 'Pod affinity is a group of inter + pod affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector + is a label query over a set + of resources. The result of + matchLabels and matchExpressions + are ANDed. An empty label + selector matches all objects. + A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector + is a label query over a set + of resources. The result of + matchLabels and matchExpressions + are ANDed. An empty label + selector matches all objects. + A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label selector is + a label query over a set of resources. + The result of matchLabels and + matchExpressions are ANDed. An + empty label selector matches all + objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is + a label query over a set of resources. + The result of matchLabels and + matchExpressions are ANDed. An + empty label selector matches all + objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: 'Pod anti affinity is a group + of inter pod anti affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Defines a set of pods + (namely those matching the labelSelector + relative to the given namespace(s)) + that this pod should be co-located + (affinity) or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value + of the label with key + matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector + is a label query over a set + of resources. The result of + matchLabels and matchExpressions + are ANDed. An empty label + selector matches all objects. + A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector + is a label query over a set + of resources. The result of + matchLabels and matchExpressions + are ANDed. An empty label + selector matches all objects. + A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label selector is + a label query over a set of resources. + The result of matchLabels and + matchExpressions are ANDed. An + empty label selector matches all + objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is + a label query over a set of resources. + The result of matchLabels and + matchExpressions are ANDed. An + empty label selector matches all + objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + managementPolicy: + type: string + description: "managementPolicy controls how pods are\ + \ created during initial scale up, when replacing\ + \ pods\n on nodes, or when scaling down. The default\ + \ policy is `OrderedReady`, where pods are created\n\ + \ in increasing order (pod-0, then pod-1, etc)\ + \ and the controller will wait until each pod is\n\ + \ ready before continuing. When scaling down, the\ + \ pods are removed in the opposite order.\n The\ + \ alternative policy is `Parallel` which will create\ + \ pods in parallel to match the desired\n scale\ + \ without waiting, and on scale down will delete\ + \ all pods at once.\n" + customVolumes: + type: array + description: "A list of custom volumes that may be\ + \ used along with any container defined in\n customInitContainers\ + \ or customContainers sections for the shards.\n\ + \nThe name used in this section will be prefixed\ + \ with the string `custom-` so that when\n referencing\ + \ them in the customInitContainers or customContainers\ + \ sections the name used\n have to be prepended\ + \ with the same prefix.\n\nOnly the following volume\ + \ types are allowed: configMap, downwardAPI, emptyDir,\n\ + \ gitRepo, glusterfs, hostPath, nfs, projected\ + \ and secret\n\n**Changing this field may require\ + \ a restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#volume-v1-core\n" + items: + type: object + description: "A custom volume that may be used along\ + \ with any container defined in\n customInitContainers\ + \ or customContainers sections.\n\nThe name used\ + \ in this section will be prefixed with the string\ + \ `custom-` so that when\n referencing them in\ + \ the customInitContainers or customContainers\ + \ sections the name used\n have to be prepended\ + \ with the same prefix.\n\nOnly the following\ + \ volume types are allowed: configMap, downwardAPI,\ + \ emptyDir,\n gitRepo, glusterfs, hostPath, nfs,\ + \ projected and secret\n\n**Changing this field\ + \ may require a restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#volume-v1-core\n" + properties: + name: + description: "Volumes name. Must be a DNS_LABEL\ + \ and unique within the pod.\n More info:\ + \ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names\n\ + \nThe name will be prefixed with the string\ + \ `custom-` so that when referencing them\ + \ in the\n customInitContainers or customContainers\ + \ sections the name used have to be prepended\ + \ with\n the same prefix.\n" + type: string + configMap: + description: 'Adapts a ConfigMap into a volume. + + + The contents of the target ConfigMap''s Data + field will be presented in a volume as files + using the keys in the Data field as the file + names, unless the items element is populated + with specific mappings of keys to paths. ConfigMap + volumes support ownership management and SELinux + relabeling.' + properties: + defaultMode: + description: 'Optional: mode bits used to + set permissions on created files by default. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. Defaults to 0644. Directories + within the path are not affected by this + setting. This might be in conflict with + other options that affect the file mode, + like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + ConfigMap will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed + keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present + in the ConfigMap, the volume setup will + error unless it is marked optional. Paths + must be relative and may not contain the + '..' path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits + used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: The relative path of + the file to map the key to. May + not be an absolute path. May not + contain the path element '..'. May + not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + downwardAPI: + description: DownwardAPIVolumeSource represents + a volume containing downward API info. Downward + API volumes support ownership management and + SELinux relabeling. + properties: + defaultMode: + description: 'Optional: mode bits to use + on created files by default. Must be a + Optional: mode bits used to set permissions + on created files by default. Must be an + octal value between 0000 and 0777 or a + decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. Defaults to 0644. Directories within + the path are not affected by this setting. + This might be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits + set.' + format: int32 + type: integer + items: + description: Items is a list of downward + API volume file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: ObjectFieldSelector selects + an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: mode bits + used to set permissions on this + file, must be an octal value between + 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: ResourceFieldSelector + represents container resources (cpu, + memory) and their output format + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number.\ + \ It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition\ + \ to String() and AsInt64()\ + \ accessors.\n\nThe serialization\ + \ format is:\n\n \ + \ ::= \n\ + \ (Note that may be\ + \ empty, from the \"\" case\ + \ in .)\n\ + \ ::= 0 | 1 | ...\ + \ | 9 ::=\ + \ | \ + \ ::= \ + \ | . | .\ + \ | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= \ + \ | | \ + \ ::= Ki |\ + \ Mi | Gi | Ti | Pi | Ei\n \ + \ (International System of units;\ + \ See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\ + \" | k | M | G | T | P | E\n\ + \ (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose\ + \ the capitalization.)\n\ + \ ::= \"e\" |\ + \ \"E\" \n\nNo\ + \ matter which of the three\ + \ exponent forms is used, no\ + \ quantity may represent a number\ + \ greater than 2^63-1 in magnitude,\ + \ nor may it have more than\ + \ 3 decimal places. Numbers\ + \ larger or more precise will\ + \ be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.)\ + \ This may be extended in the\ + \ future if we require larger\ + \ or smaller quantities.\n\n\ + When a Quantity is parsed from\ + \ a string, it will remember\ + \ the type of suffix it had,\ + \ and will use the same type\ + \ again when it is serialized.\n\ + \nBefore serializing, Quantity\ + \ will be put in \"canonical\ + \ form\". This means that Exponent/suffix\ + \ will be adjusted up or down\ + \ (with a corresponding increase\ + \ or decrease in Mantissa) such\ + \ that:\n a. No precision is\ + \ lost\n b. No fractional digits\ + \ will be emitted\n c. The\ + \ exponent (or suffix) is as\ + \ large as possible.\nThe sign\ + \ will be omitted unless the\ + \ number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be\ + \ serialized as \"1536Mi\"\n\ + \nNote that the quantity will\ + \ NEVER be internally represented\ + \ by a floating point number.\ + \ That is the whole point of\ + \ this exercise.\n\nNon-canonical\ + \ values will still parse as\ + \ long as they are well formed,\ + \ but will be re-emitted in\ + \ their canonical form. (So\ + \ always use canonical form,\ + \ or don't diff.)\n\nThis format\ + \ is intended to make it difficult\ + \ to use these numbers without\ + \ writing some sort of special\ + \ handling code in the hopes\ + \ that that will cause implementors\ + \ to also use a fixed point\ + \ implementation." + type: string + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + description: Represents an empty directory for + a pod. Empty directory volumes support ownership + management and SELinux relabeling. + properties: + medium: + description: 'What type of storage medium + should back this directory. The default + is "" which means to use the node''s default + medium. Must be an empty string (default) + or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + type: string + sizeLimit: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling in\ + \ JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::=\ + \ \n (Note that\ + \ may be empty, from the \"\"\ + \ case in .)\n \ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= | \ + \ | ::=\ + \ Ki | Mi | Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k | M\ + \ | G | T | P | E\n (Note that 1024 =\ + \ 1Ki but 1000 = 1k; I didn't choose the\ + \ capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent\ + \ forms is used, no quantity may represent\ + \ a number greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This may\ + \ be extended in the future if we require\ + \ larger or smaller quantities.\n\nWhen\ + \ a Quantity is parsed from a string,\ + \ it will remember the type of suffix\ + \ it had, and will use the same type again\ + \ when it is serialized.\n\nBefore serializing,\ + \ Quantity will be put in \"canonical\ + \ form\". This means that Exponent/suffix\ + \ will be adjusted up or down (with a\ + \ corresponding increase or decrease in\ + \ Mantissa) such that:\n a. No precision\ + \ is lost\n b. No fractional digits will\ + \ be emitted\n c. The exponent (or suffix)\ + \ is as large as possible.\nThe sign will\ + \ be omitted unless the number is negative.\n\ + \nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That is\ + \ the whole point of this exercise.\n\n\ + Non-canonical values will still parse\ + \ as long as they are well formed, but\ + \ will be re-emitted in their canonical\ + \ form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is intended\ + \ to make it difficult to use these numbers\ + \ without writing some sort of special\ + \ handling code in the hopes that that\ + \ will cause implementors to also use\ + \ a fixed point implementation." + type: string + type: object + gitRepo: + description: 'Represents a volume that is populated + with the contents of a git repository. Git + repo volumes do not support ownership management. + Git repo volumes support SELinux relabeling. + + + DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir + into an InitContainer that clones the repo + using git, then mount the EmptyDir into the + Pod''s container.' + properties: + directory: + description: Target directory name. Must + not contain or start with '..'. If '.' + is supplied, the volume directory will + be the git repository. Otherwise, if + specified, the volume will contain the + git repository in the subdirectory with + the given name. + type: string + repository: + description: Repository URL + type: string + revision: + description: Commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: Represents a Glusterfs mount that + lasts the lifetime of a pod. Glusterfs volumes + do not support ownership management or SELinux + relabeling. + properties: + endpoints: + description: 'EndpointsName is the endpoint + name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + path: + description: 'Path is the Glusterfs volume + path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: string + readOnly: + description: 'ReadOnly here will force the + Glusterfs volume to be mounted with read-only + permissions. Defaults to false. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: Represents a host path mapped into + a pod. Host path volumes do not support ownership + management or SELinux relabeling. + properties: + path: + description: 'Path of the directory on the + host. If the path is a symlink, it will + follow the link to the real path. More + info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + type: + description: 'Type for HostPath Volume Defaults + to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' + type: string + required: + - path + type: object + nfs: + description: Represents an NFS mount that lasts + the lifetime of a pod. NFS volumes do not + support ownership management or SELinux relabeling. + properties: + path: + description: 'Path that is exported by the + NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + readOnly: + description: 'ReadOnly here will force the + NFS export to be mounted with read-only + permissions. Defaults to false. More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: boolean + server: + description: 'Server is the hostname or + IP address of the NFS server. More info: + https://kubernetes.io/docs/concepts/storage/volumes#nfs' + type: string + required: + - server + - path + type: object + projected: + description: Represents a projected volume source + properties: + defaultMode: + description: Mode bits used to set permissions + on created files by default. Must be an + octal value between 0000 and 0777 or a + decimal value between 0 and 511. YAML + accepts both octal and decimal values, + JSON requires decimal values for mode + bits. Directories within the path are + not affected by this setting. This might + be in conflict with other options that + affect the file mode, like fsGroup, and + the result can be other mode bits set. + format: int32 + type: integer + sources: + description: list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: 'Adapts a ConfigMap into + a projected volume. + + + The contents of the target ConfigMap''s + Data field will be presented in + a projected volume as files using + the keys in the Data field as the + file names, unless the items element + is populated with specific mappings + of keys to paths. Note that this + is identical to a configmap volume + source without the default mode.' + properties: + items: + description: If unspecified, each + key-value pair in the Data field + of the referenced ConfigMap + will be projected into the volume + as a file whose name is the + key and content is the value. + If specified, the listed keys + will be projected into the specified + paths, and unlisted keys will + not be present. If a key is + specified which is not present + in the ConfigMap, the volume + setup will error unless it is + marked optional. Paths must + be relative and may not contain + the '..' path or start with + '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: The key to + project. + type: string + mode: + description: 'Optional: + mode bits used to set + permissions on this file. + Must be an octal value + between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts + both octal and decimal + values, JSON requires + decimal values for mode + bits. If not specified, + the volume defaultMode + will be used. This might + be in conflict with other + options that affect the + file mode, like fsGroup, + and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative + path of the file to map + the key to. May not be + an absolute path. May + not contain the path element + '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the + ConfigMap or its keys must be + defined + type: boolean + type: object + downwardAPI: + description: Represents downward API + info for projecting into a projected + volume. Note that this is identical + to a downwardAPI volume source without + the default mode. + properties: + items: + description: Items is a list of + DownwardAPIVolume file + items: + description: DownwardAPIVolumeFile + represents information to + create the file containing + the pod field + properties: + fieldRef: + description: ObjectFieldSelector + selects an APIVersioned + field of an object. + properties: + apiVersion: + description: Version + of the schema the + FieldPath is written + in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of + the field to select + in the specified API + version. + type: string + required: + - fieldPath + type: object + mode: + description: 'Optional: + mode bits used to set + permissions on this file, + must be an octal value + between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts + both octal and decimal + values, JSON requires + decimal values for mode + bits. If not specified, + the volume defaultMode + will be used. This might + be in conflict with other + options that affect the + file mode, like fsGroup, + and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: 'Required: + Path is the relative + path name of the file + to be created. Must not + be absolute or contain + the ''..'' path. Must + be utf-8 encoded. The + first item of the relative + path must not start with + ''..''' + type: string + resourceFieldRef: + description: ResourceFieldSelector + represents container resources + (cpu, memory) and their + output format + properties: + containerName: + description: 'Container + name: required for + volumes, optional + for env vars' + type: string + divisor: + description: "Quantity\ + \ is a fixed-point\ + \ representation of\ + \ a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML,\ + \ in addition to String()\ + \ and AsInt64() accessors.\n\ + \nThe serialization\ + \ format is:\n\n\ + \ ::= \n\ + \ (Note that \ + \ may be empty, from\ + \ the \"\" case in\ + \ .)\n\ + \ + \ ::= 0 | 1 | ...\ + \ | 9 \ + \ ::= \ + \ | \ + \ \ + \ ::= |\ + \ .\ + \ | . | .\ + \ \ + \ ::= \"+\" | \"\ + -\" \ + \ ::= \ + \ | \ + \ \ + \ ::= \ + \ | \ + \ | \ + \ ::= Ki |\ + \ Mi | Gi | Ti | Pi\ + \ | Ei\n (International\ + \ System of units;\ + \ See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + \ + \ ::= m | \"\" | k\ + \ | M | G | T | P\ + \ | E\n (Note that\ + \ 1024 = 1Ki but 1000\ + \ = 1k; I didn't choose\ + \ the capitalization.)\n\ + \ + \ ::= \"e\" \ + \ | \"E\" \n\ + \nNo matter which\ + \ of the three exponent\ + \ forms is used, no\ + \ quantity may represent\ + \ a number greater\ + \ than 2^63-1 in magnitude,\ + \ nor may it have\ + \ more than 3 decimal\ + \ places. Numbers\ + \ larger or more precise\ + \ will be capped or\ + \ rounded up. (E.g.:\ + \ 0.1m will rounded\ + \ up to 1m.) This\ + \ may be extended\ + \ in the future if\ + \ we require larger\ + \ or smaller quantities.\n\ + \nWhen a Quantity\ + \ is parsed from a\ + \ string, it will\ + \ remember the type\ + \ of suffix it had,\ + \ and will use the\ + \ same type again\ + \ when it is serialized.\n\ + \nBefore serializing,\ + \ Quantity will be\ + \ put in \"canonical\ + \ form\". This means\ + \ that Exponent/suffix\ + \ will be adjusted\ + \ up or down (with\ + \ a corresponding\ + \ increase or decrease\ + \ in Mantissa) such\ + \ that:\n a. No precision\ + \ is lost\n b. No\ + \ fractional digits\ + \ will be emitted\n\ + \ c. The exponent\ + \ (or suffix) is as\ + \ large as possible.\n\ + The sign will be omitted\ + \ unless the number\ + \ is negative.\n\n\ + Examples:\n 1.5 will\ + \ be serialized as\ + \ \"1500m\"\n 1.5Gi\ + \ will be serialized\ + \ as \"1536Mi\"\n\n\ + Note that the quantity\ + \ will NEVER be internally\ + \ represented by a\ + \ floating point number.\ + \ That is the whole\ + \ point of this exercise.\n\ + \nNon-canonical values\ + \ will still parse\ + \ as long as they\ + \ are well formed,\ + \ but will be re-emitted\ + \ in their canonical\ + \ form. (So always\ + \ use canonical form,\ + \ or don't diff.)\n\ + \nThis format is intended\ + \ to make it difficult\ + \ to use these numbers\ + \ without writing\ + \ some sort of special\ + \ handling code in\ + \ the hopes that that\ + \ will cause implementors\ + \ to also use a fixed\ + \ point implementation." + type: string + resource: + description: 'Required: + resource to select' + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + description: 'Adapts a secret into + a projected volume. + + + The contents of the target Secret''s + Data field will be presented in + a projected volume as files using + the keys in the Data field as the + file names. Note that this is identical + to a secret volume source without + the default mode.' + properties: + items: + description: If unspecified, each + key-value pair in the Data field + of the referenced Secret will + be projected into the volume + as a file whose name is the + key and content is the value. + If specified, the listed keys + will be projected into the specified + paths, and unlisted keys will + not be present. If a key is + specified which is not present + in the Secret, the volume setup + will error unless it is marked + optional. Paths must be relative + and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key + to a path within a volume. + properties: + key: + description: The key to + project. + type: string + mode: + description: 'Optional: + mode bits used to set + permissions on this file. + Must be an octal value + between 0000 and 0777 + or a decimal value between + 0 and 511. YAML accepts + both octal and decimal + values, JSON requires + decimal values for mode + bits. If not specified, + the volume defaultMode + will be used. This might + be in conflict with other + options that affect the + file mode, like fsGroup, + and the result can be + other mode bits set.' + format: int32 + type: integer + path: + description: The relative + path of the file to map + the key to. May not be + an absolute path. May + not contain the path element + '..'. May not start with + the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + type: object + serviceAccountToken: + description: ServiceAccountTokenProjection + represents a projected service account + token volume. This projection can + be used to insert a service account + token into the pods runtime filesystem + for use against APIs (Kubernetes + API Server or otherwise). + properties: + audience: + description: Audience is the intended + audience of the token. A recipient + of a token must identify itself + with an identifier specified + in the audience of the token, + and otherwise should reject + the token. The audience defaults + to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds + is the requested duration of + validity of the service account + token. As the token approaches + expiration, the kubelet volume + plugin will proactively rotate + the service account token. The + kubelet will start trying to + rotate the token if the token + is older than 80 percent of + its time to live or if the token + is older than 24 hours.Defaults + to 1 hour and must be at least + 10 minutes. + format: int64 + type: integer + path: + description: Path is the path + relative to the mount point + of the file to project the token + into. + type: string + required: + - path + type: object + type: object + type: array + type: object + secret: + description: 'Adapts a Secret into a volume. + + + The contents of the target Secret''s Data + field will be presented in a volume as files + using the keys in the Data field as the file + names. Secret volumes support ownership management + and SELinux relabeling.' + properties: + defaultMode: + description: 'Optional: mode bits used to + set permissions on created files by default. + Must be an octal value between 0000 and + 0777 or a decimal value between 0 and + 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. Defaults to 0644. Directories + within the path are not affected by this + setting. This might be in conflict with + other options that affect the file mode, + like fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + items: + description: If unspecified, each key-value + pair in the Data field of the referenced + Secret will be projected into the volume + as a file whose name is the key and content + is the value. If specified, the listed + keys will be projected into the specified + paths, and unlisted keys will not be present. + If a key is specified which is not present + in the Secret, the volume setup will error + unless it is marked optional. Paths must + be relative and may not contain the '..' + path or start with '..'. + items: + description: Maps a string key to a path + within a volume. + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits + used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' + format: int32 + type: integer + path: + description: The relative path of + the file to map the key to. May + not be an absolute path. May not + contain the path element '..'. May + not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: Specify whether the Secret + or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the + pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + type: object + customInitContainers: + type: array + description: "A list of custom application init containers\ + \ that run within the coordinator cluster's Pods.\ + \ The\n custom init containers will run following\ + \ the defined sequence as the end of\n cluster's\ + \ Pods init containers.\n\nThe name used in this\ + \ section will be prefixed with the string `custom-`\ + \ so that when\n referencing them in the .spec.containers\ + \ section of SGInstanceProfile the name used\n \ + \ have to be prepended with the same prefix.\n\n\ + **Changing this field may require a restart.**\n\ + \nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\n" + items: + type: object + description: "A custom application init container\ + \ that run within the cluster's Pods. The custom\ + \ init\n containers will run following the defined\ + \ sequence as the end of cluster's Pods init\n\ + \ containers.\n\nThe name used in this section\ + \ will be prefixed with the string `custom-` so\ + \ that when\n referencing them in the .spec.containers\ + \ section of SGInstanceProfile the name used\n\ + \ have to be prepended with the same prefix.\n\ + \nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\\\ + n\n\n**Changing this field may require a restart.**\n" + properties: + args: + description: 'Arguments to the entrypoint. The + docker image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed + within a shell. The docker image''s ENTRYPOINT + is used if this is not provided. Variable + references $(VAR_NAME) are expanded using + the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to + a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: EnvVarSource represents a + source for the value of an EnvVar. + properties: + configMapKeyRef: + description: Selects a key from a + ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + fieldRef: + description: ObjectFieldSelector selects + an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: ResourceFieldSelector + represents container resources (cpu, + memory) and their output format + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number.\ + \ It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition\ + \ to String() and AsInt64()\ + \ accessors.\n\nThe serialization\ + \ format is:\n\n \ + \ ::= \n\ + \ (Note that may be\ + \ empty, from the \"\" case\ + \ in .)\n\ + \ ::= 0 | 1 | ...\ + \ | 9 ::=\ + \ | \ + \ ::= \ + \ | . | .\ + \ | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= \ + \ | | \ + \ ::= Ki |\ + \ Mi | Gi | Ti | Pi | Ei\n \ + \ (International System of units;\ + \ See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\ + \" | k | M | G | T | P | E\n\ + \ (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose\ + \ the capitalization.)\n\ + \ ::= \"e\" |\ + \ \"E\" \n\nNo\ + \ matter which of the three\ + \ exponent forms is used, no\ + \ quantity may represent a number\ + \ greater than 2^63-1 in magnitude,\ + \ nor may it have more than\ + \ 3 decimal places. Numbers\ + \ larger or more precise will\ + \ be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.)\ + \ This may be extended in the\ + \ future if we require larger\ + \ or smaller quantities.\n\n\ + When a Quantity is parsed from\ + \ a string, it will remember\ + \ the type of suffix it had,\ + \ and will use the same type\ + \ again when it is serialized.\n\ + \nBefore serializing, Quantity\ + \ will be put in \"canonical\ + \ form\". This means that Exponent/suffix\ + \ will be adjusted up or down\ + \ (with a corresponding increase\ + \ or decrease in Mantissa) such\ + \ that:\n a. No precision is\ + \ lost\n b. No fractional digits\ + \ will be emitted\n c. The\ + \ exponent (or suffix) is as\ + \ large as possible.\nThe sign\ + \ will be omitted unless the\ + \ number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be\ + \ serialized as \"1536Mi\"\n\ + \nNote that the quantity will\ + \ NEVER be internally represented\ + \ by a floating point number.\ + \ That is the whole point of\ + \ this exercise.\n\nNon-canonical\ + \ values will still parse as\ + \ long as they are well formed,\ + \ but will be re-emitted in\ + \ their canonical form. (So\ + \ always use canonical form,\ + \ or don't diff.)\n\nThis format\ + \ is intended to make it difficult\ + \ to use these numbers without\ + \ writing some sort of special\ + \ handling code in the hopes\ + \ that that will cause implementors\ + \ to also use a fixed point\ + \ implementation." + type: string + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: SecretKeySelector selects + a key of a Secret. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event + when the container is starting. When a key + exists in multiple sources, the value associated + with the last source will take precedence. + Values defined by an Env with a duplicate + key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: 'ConfigMapEnvSource selects + a ConfigMap to populate the environment + variables with. + + + The contents of the target ConfigMap''s + Data field will represent the key-value + pairs as environment variables.' + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: 'SecretEnvSource selects + a Secret to populate the environment + variables with. + + + The contents of the target Secret''s + Data field will represent the key-value + pairs as environment variables.' + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: + https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container + images in workload controllers like Deployments + and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if + :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle describes actions that + the management system should take in response + to container lifecycle events. For the PostStart + and PreStop lifecycle handlers, management + of the container blocks until the action is + complete, unless the container process fails, + in which case the handler is aborted. + properties: + postStart: + description: Handler defines a specific + action that should be taken + properties: + exec: + description: ExecAction describes a + "run in container" action. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The command + is simply exec'd, it is not run + inside a shell, so traditional + shell instructions ('|', etc) + won't work. To use a shell, you + need to explicitly call out to + that shell. Exit status of 0 is + treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes + an action based on HTTP Get requests. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: IntOrString is a type + that can hold an int32 or a string. When + used in JSON or YAML marshalling + and unmarshalling, it produces + or consumes the inner type. This + allows you to have, for example, + a JSON field that can accept a + name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes + an action based on opening a socket + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + description: IntOrString is a type + that can hold an int32 or a string. When + used in JSON or YAML marshalling + and unmarshalling, it produces + or consumes the inner type. This + allows you to have, for example, + a JSON field that can accept a + name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + preStop: + description: Handler defines a specific + action that should be taken + properties: + exec: + description: ExecAction describes a + "run in container" action. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The command + is simply exec'd, it is not run + inside a shell, so traditional + shell instructions ('|', etc) + won't work. To use a shell, you + need to explicitly call out to + that shell. Exit status of 0 is + treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes + an action based on HTTP Get requests. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: IntOrString is a type + that can hold an int32 or a string. When + used in JSON or YAML marshalling + and unmarshalling, it produces + or consumes the inner type. This + allows you to have, for example, + a JSON field that can accept a + name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes + an action based on opening a socket + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + description: IntOrString is a type + that can hold an int32 or a string. When + used in JSON or YAML marshalling + and unmarshalling, it produces + or consumes the inner type. This + allows you to have, for example, + a JSON field that can accept a + name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probe describes a health check + to be performed against a container to determine + whether it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run + in container" action. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an + action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: "Name of the container specified\ + \ as a DNS_LABEL. Each\n container in a pod\ + \ must have a unique name (DNS_LABEL). Cannot\n\ + \ be updated.\n\nThe name will be prefixed\ + \ with the string `custom-` so that when referencing\ + \ it\n in the .spec.containers section of\ + \ SGInstanceProfile the name used have to\ + \ be\n prepended with the same prefix.\n" + type: string + ports: + description: List of ports to expose from the + container. Exposing a port here gives the + system additional information about the network + connections a container uses, but is primarily + informational. Not specifying a port here + DOES NOT prevent that port from being exposed. + Any port which is listening on the default + "0.0.0.0" address inside a container will + be accessible from the network. Cannot be + updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose + on the pod's IP address. This must be + a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the + external port to. + type: string + hostPort: + description: Number of port to expose + on the host. If specified, this must + be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must + match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probe describes a health check + to be performed against a container to determine + whether it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run + in container" action. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an + action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: ResourceRequirements describes + the compute resource requirements. + properties: + limits: + additionalProperties: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::=\ + \ \n (Note that\ + \ may be empty, from the \"\ + \" case in .)\n \ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= | \ + \ | ::=\ + \ Ki | Mi | Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k |\ + \ M | G | T | P | E\n (Note that 1024\ + \ = 1Ki but 1000 = 1k; I didn't choose\ + \ the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent\ + \ forms is used, no quantity may represent\ + \ a number greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This\ + \ may be extended in the future if we\ + \ require larger or smaller quantities.\n\ + \nWhen a Quantity is parsed from a string,\ + \ it will remember the type of suffix\ + \ it had, and will use the same type\ + \ again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put\ + \ in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n\ + \ a. No precision is lost\n b. No\ + \ fractional digits will be emitted\n\ + \ c. The exponent (or suffix) is as\ + \ large as possible.\nThe sign will\ + \ be omitted unless the number is negative.\n\ + \nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That is\ + \ the whole point of this exercise.\n\ + \nNon-canonical values will still parse\ + \ as long as they are well formed, but\ + \ will be re-emitted in their canonical\ + \ form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is\ + \ intended to make it difficult to use\ + \ these numbers without writing some\ + \ sort of special handling code in the\ + \ hopes that that will cause implementors\ + \ to also use a fixed point implementation." + type: string + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::=\ + \ \n (Note that\ + \ may be empty, from the \"\ + \" case in .)\n \ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= | \ + \ | ::=\ + \ Ki | Mi | Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k |\ + \ M | G | T | P | E\n (Note that 1024\ + \ = 1Ki but 1000 = 1k; I didn't choose\ + \ the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent\ + \ forms is used, no quantity may represent\ + \ a number greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This\ + \ may be extended in the future if we\ + \ require larger or smaller quantities.\n\ + \nWhen a Quantity is parsed from a string,\ + \ it will remember the type of suffix\ + \ it had, and will use the same type\ + \ again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put\ + \ in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n\ + \ a. No precision is lost\n b. No\ + \ fractional digits will be emitted\n\ + \ c. The exponent (or suffix) is as\ + \ large as possible.\nThe sign will\ + \ be omitted unless the number is negative.\n\ + \nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That is\ + \ the whole point of this exercise.\n\ + \nNon-canonical values will still parse\ + \ as long as they are well formed, but\ + \ will be re-emitted in their canonical\ + \ form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is\ + \ intended to make it difficult to use\ + \ these numbers without writing some\ + \ sort of special handling code in the\ + \ hopes that that will cause implementors\ + \ to also use a fixed point implementation." + type: string + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security + configuration that will be applied to a container. + Some fields are present in both SecurityContext + and PodSecurityContext. When both are set, + the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: + 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: Adds and removes POSIX capabilities + from running containers. + properties: + add: + description: Added capabilities + items: + type: string + type: array + drop: + description: Removed capabilities + items: + type: string + type: array + type: object + privileged: + description: Run container in privileged + mode. Processes in privileged containers + are essentially equivalent to root on + the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type + of proc mount to use for the containers. + The default is DefaultProcMount which + uses the container runtime defaults for + readonly paths and masked paths. This + requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has + a read-only root filesystem. Default is + false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime + default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, + the Kubelet will validate the image at + runtime to ensure that it does not run + as UID 0 (root) and fail to start the + container if it does. If unset or false, + no such validation will be performed. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to + user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: SELinuxOptions are the labels + to be applied to the container + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: SeccompProfile defines a pod/container's + seccomp profile settings. Only one profile + source may be set. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the + node should be used. The profile must + be preconfigured on the node to work. + Must be a descending path, relative + to the kubelet's configured seccomp + profile location. Must only be set + if type is "Localhost". + type: string + type: + description: 'type indicates which kind + of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a + file on the node should be used. RuntimeDefault + - the container runtime default profile + should be used. Unconfined - no profile + should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: WindowsSecurityContextOptions + contain Windows-specific options and credentials. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines + if a container should be run as a + 'Host Process' container. This field + is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a + Pod's containers must have the same + effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows + to run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. + May also be set in PodSecurityContext. + If set in both SecurityContext and + PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probe describes a health check + to be performed against a container to determine + whether it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run + in container" action. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an + action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. + If this is not set, reads from stdin in the + container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been + opened by a single attach. When stdin is true + the stdin stream will remain open across multiple + attach sessions. If stdinOnce is set to true, + stdin is opened on container start, is empty + until the first client attaches to stdin, + and then remains open and accepts data until + the client disconnects, at which time stdin + is closed and remains closed until the container + is restarted. If this flag is false, a container + processes that reads from stdin will never + receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file + to which the container''s termination message + will be written is mounted into the container''s + filesystem. Message written is intended to + be brief final status, such as an assertion + failure message. Will be truncated by the + node if greater than 4096 bytes. The total + message length across all containers will + be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the + container status message on both success and + failure. FallbackToLogsOnError will use the + last chunk of container log output if the + termination message file is empty and the + container exited with an error. The log output + is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to + be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name + of a persistentVolumeClaim in the pod + type: string + required: + - name + - devicePath + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container + at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: Path within the volume from + which the container's volume should + be mounted. Defaults to "" (volume's + root). + type: string + subPathExpr: + description: Expanded path within the + volume from which the container's volume + should be mounted. Behaves similarly + to SubPath but environment variable + references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - name + - mountPath + type: object + type: array + workingDir: + description: Container's working directory. + If not specified, the container runtime's + default will be used, which might be configured + in the container image. Cannot be updated. + type: string + required: + - name + customContainers: + type: array + description: "A list of custom application containers\ + \ that run within the shards cluster's Pods.\n\n\ + The name used in this section will be prefixed with\ + \ the string `custom-` so that when\n referencing\ + \ them in the .spec.containers section of SGInstanceProfile\ + \ the name used\n have to be prepended with the\ + \ same prefix.\n\n**Changing this field may require\ + \ a restart.**\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\n" + items: + type: object + description: "A custom application container that\ + \ run within the cluster's Pods. The custom\n\ + \ containers will run following the defined sequence\ + \ as the end of cluster's Pods\n containers.\n\ + \nThe name used in this section will be prefixed\ + \ with the string `custom-` so that when\n referencing\ + \ them in the .spec.containers section of SGInstanceProfile\ + \ the name used\n have to be prepended with the\ + \ same prefix.\n\nSee: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#container-v1-core\\\ + n\n\n**Changing this field may require a restart.**\n" + properties: + args: + description: 'Arguments to the entrypoint. The + docker image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: + https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + command: + description: 'Entrypoint array. Not executed + within a shell. The docker image''s ENTRYPOINT + is used if this is not provided. Variable + references $(VAR_NAME) are expanded using + the container''s environment. If a variable + cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + items: + type: string + type: array + env: + description: List of environment variables to + set in the container. Cannot be updated. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to + a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: EnvVarSource represents a + source for the value of an EnvVar. + properties: + configMapKeyRef: + description: Selects a key from a + ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be + defined + type: boolean + required: + - key + type: object + fieldRef: + description: ObjectFieldSelector selects + an APIVersioned field of an object. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified API + version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: ResourceFieldSelector + represents container resources (cpu, + memory) and their output format + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + description: "Quantity is a fixed-point\ + \ representation of a number.\ + \ It provides convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition\ + \ to String() and AsInt64()\ + \ accessors.\n\nThe serialization\ + \ format is:\n\n \ + \ ::= \n\ + \ (Note that may be\ + \ empty, from the \"\" case\ + \ in .)\n\ + \ ::= 0 | 1 | ...\ + \ | 9 ::=\ + \ | \ + \ ::= \ + \ | . | .\ + \ | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= \ + \ | | \ + \ ::= Ki |\ + \ Mi | Gi | Ti | Pi | Ei\n \ + \ (International System of units;\ + \ See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\ + \" | k | M | G | T | P | E\n\ + \ (Note that 1024 = 1Ki but\ + \ 1000 = 1k; I didn't choose\ + \ the capitalization.)\n\ + \ ::= \"e\" |\ + \ \"E\" \n\nNo\ + \ matter which of the three\ + \ exponent forms is used, no\ + \ quantity may represent a number\ + \ greater than 2^63-1 in magnitude,\ + \ nor may it have more than\ + \ 3 decimal places. Numbers\ + \ larger or more precise will\ + \ be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.)\ + \ This may be extended in the\ + \ future if we require larger\ + \ or smaller quantities.\n\n\ + When a Quantity is parsed from\ + \ a string, it will remember\ + \ the type of suffix it had,\ + \ and will use the same type\ + \ again when it is serialized.\n\ + \nBefore serializing, Quantity\ + \ will be put in \"canonical\ + \ form\". This means that Exponent/suffix\ + \ will be adjusted up or down\ + \ (with a corresponding increase\ + \ or decrease in Mantissa) such\ + \ that:\n a. No precision is\ + \ lost\n b. No fractional digits\ + \ will be emitted\n c. The\ + \ exponent (or suffix) is as\ + \ large as possible.\nThe sign\ + \ will be omitted unless the\ + \ number is negative.\n\nExamples:\n\ + \ 1.5 will be serialized as\ + \ \"1500m\"\n 1.5Gi will be\ + \ serialized as \"1536Mi\"\n\ + \nNote that the quantity will\ + \ NEVER be internally represented\ + \ by a floating point number.\ + \ That is the whole point of\ + \ this exercise.\n\nNon-canonical\ + \ values will still parse as\ + \ long as they are well formed,\ + \ but will be re-emitted in\ + \ their canonical form. (So\ + \ always use canonical form,\ + \ or don't diff.)\n\nThis format\ + \ is intended to make it difficult\ + \ to use these numbers without\ + \ writing some sort of special\ + \ handling code in the hopes\ + \ that that will cause implementors\ + \ to also use a fixed point\ + \ implementation." + type: string + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: SecretKeySelector selects + a key of a Secret. + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + description: List of sources to populate environment + variables in the container. The keys defined + within a source must be a C_IDENTIFIER. All + invalid keys will be reported as an event + when the container is starting. When a key + exists in multiple sources, the value associated + with the last source will take precedence. + Values defined by an Env with a duplicate + key will take precedence. Cannot be updated. + items: + description: EnvFromSource represents the + source of a set of ConfigMaps + properties: + configMapRef: + description: 'ConfigMapEnvSource selects + a ConfigMap to populate the environment + variables with. + + + The contents of the target ConfigMap''s + Data field will represent the key-value + pairs as environment variables.' + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the ConfigMap + must be defined + type: boolean + type: object + prefix: + description: An optional identifier to + prepend to each key in the ConfigMap. + Must be a C_IDENTIFIER. + type: string + secretRef: + description: 'SecretEnvSource selects + a Secret to populate the environment + variables with. + + + The contents of the target Secret''s + Data field will represent the key-value + pairs as environment variables.' + properties: + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + optional: + description: Specify whether the Secret + must be defined + type: boolean + type: object + type: object + type: array + image: + description: 'Docker image name. More info: + https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level + config management to default or override container + images in workload controllers like Deployments + and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, + Never, IfNotPresent. Defaults to Always if + :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + lifecycle: + description: Lifecycle describes actions that + the management system should take in response + to container lifecycle events. For the PostStart + and PreStop lifecycle handlers, management + of the container blocks until the action is + complete, unless the container process fails, + in which case the handler is aborted. + properties: + postStart: + description: Handler defines a specific + action that should be taken + properties: + exec: + description: ExecAction describes a + "run in container" action. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The command + is simply exec'd, it is not run + inside a shell, so traditional + shell instructions ('|', etc) + won't work. To use a shell, you + need to explicitly call out to + that shell. Exit status of 0 is + treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes + an action based on HTTP Get requests. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: IntOrString is a type + that can hold an int32 or a string. When + used in JSON or YAML marshalling + and unmarshalling, it produces + or consumes the inner type. This + allows you to have, for example, + a JSON field that can accept a + name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes + an action based on opening a socket + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + description: IntOrString is a type + that can hold an int32 or a string. When + used in JSON or YAML marshalling + and unmarshalling, it produces + or consumes the inner type. This + allows you to have, for example, + a JSON field that can accept a + name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + preStop: + description: Handler defines a specific + action that should be taken + properties: + exec: + description: ExecAction describes a + "run in container" action. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the + command is root ('/') in the + container's filesystem. The command + is simply exec'd, it is not run + inside a shell, so traditional + shell instructions ('|', etc) + won't work. To use a shell, you + need to explicitly call out to + that shell. Exit status of 0 is + treated as live/healthy and non-zero + is unhealthy. + items: + type: string + type: array + type: object + httpGet: + description: HTTPGetAction describes + an action based on HTTP Get requests. + properties: + host: + description: Host name to connect + to, defaults to the pod IP. You + probably want to set "Host" in + httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set + in the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in + HTTP probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the + HTTP server. + type: string + port: + description: IntOrString is a type + that can hold an int32 or a string. When + used in JSON or YAML marshalling + and unmarshalling, it produces + or consumes the inner type. This + allows you to have, for example, + a JSON field that can accept a + name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + tcpSocket: + description: TCPSocketAction describes + an action based on opening a socket + properties: + host: + description: 'Optional: Host name + to connect to, defaults to the + pod IP.' + type: string + port: + description: IntOrString is a type + that can hold an int32 or a string. When + used in JSON or YAML marshalling + and unmarshalling, it produces + or consumes the inner type. This + allows you to have, for example, + a JSON field that can accept a + name or number. + format: int-or-string + type: string + required: + - port + type: object + type: object + type: object + livenessProbe: + description: Probe describes a health check + to be performed against a container to determine + whether it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run + in container" action. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an + action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + name: + description: "Name of the container specified\ + \ as a DNS_LABEL. Each\n container in a pod\ + \ must have a unique name (DNS_LABEL). Cannot\n\ + \ be updated.\n\nThe name will be prefixed\ + \ with the string `custom-` so that when referencing\ + \ it\n in the .spec.containers section of\ + \ SGInstanceProfile the name used have to\ + \ be\n prepended with the same prefix.\n" + type: string + ports: + description: List of ports to expose from the + container. Exposing a port here gives the + system additional information about the network + connections a container uses, but is primarily + informational. Not specifying a port here + DOES NOT prevent that port from being exposed. + Any port which is listening on the default + "0.0.0.0" address inside a container will + be accessible from the network. Cannot be + updated. + items: + description: ContainerPort represents a network + port in a single container. + properties: + containerPort: + description: Number of port to expose + on the pod's IP address. This must be + a valid port number, 0 < x < 65536. + format: int32 + type: integer + hostIP: + description: What host IP to bind the + external port to. + type: string + hostPort: + description: Number of port to expose + on the host. If specified, this must + be a valid port number, 0 < x < 65536. + If HostNetwork is specified, this must + match ContainerPort. Most containers + do not need this. + format: int32 + type: integer + name: + description: If specified, this must be + an IANA_SVC_NAME and unique within the + pod. Each named port in a pod must have + a unique name. Name for the port that + can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be + UDP, TCP, or SCTP. Defaults to "TCP". + type: string + required: + - containerPort + type: object + type: array + readinessProbe: + description: Probe describes a health check + to be performed against a container to determine + whether it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run + in container" action. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an + action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + resources: + description: ResourceRequirements describes + the compute resource requirements. + properties: + limits: + additionalProperties: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::=\ + \ \n (Note that\ + \ may be empty, from the \"\ + \" case in .)\n \ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= | \ + \ | ::=\ + \ Ki | Mi | Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k |\ + \ M | G | T | P | E\n (Note that 1024\ + \ = 1Ki but 1000 = 1k; I didn't choose\ + \ the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent\ + \ forms is used, no quantity may represent\ + \ a number greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This\ + \ may be extended in the future if we\ + \ require larger or smaller quantities.\n\ + \nWhen a Quantity is parsed from a string,\ + \ it will remember the type of suffix\ + \ it had, and will use the same type\ + \ again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put\ + \ in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n\ + \ a. No precision is lost\n b. No\ + \ fractional digits will be emitted\n\ + \ c. The exponent (or suffix) is as\ + \ large as possible.\nThe sign will\ + \ be omitted unless the number is negative.\n\ + \nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That is\ + \ the whole point of this exercise.\n\ + \nNon-canonical values will still parse\ + \ as long as they are well formed, but\ + \ will be re-emitted in their canonical\ + \ form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is\ + \ intended to make it difficult to use\ + \ these numbers without writing some\ + \ sort of special handling code in the\ + \ hopes that that will cause implementors\ + \ to also use a fixed point implementation." + type: string + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + description: "Quantity is a fixed-point\ + \ representation of a number. It provides\ + \ convenient marshaling/unmarshaling\ + \ in JSON and YAML, in addition to String()\ + \ and AsInt64() accessors.\n\nThe serialization\ + \ format is:\n\n ::=\ + \ \n (Note that\ + \ may be empty, from the \"\ + \" case in .)\n \ + \ ::= 0 | 1 | ... | 9 \ + \ ::= | \ + \ ::= | .\ + \ | . | . \ + \ ::= \"+\" | \"-\" \ + \ ::= | \ + \ ::= | \ + \ | ::=\ + \ Ki | Mi | Gi | Ti | Pi | Ei\n (International\ + \ System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\ + ::= m | \"\" | k |\ + \ M | G | T | P | E\n (Note that 1024\ + \ = 1Ki but 1000 = 1k; I didn't choose\ + \ the capitalization.)\n\ + \ ::= \"e\" | \"E\" \n\ + \nNo matter which of the three exponent\ + \ forms is used, no quantity may represent\ + \ a number greater than 2^63-1 in magnitude,\ + \ nor may it have more than 3 decimal\ + \ places. Numbers larger or more precise\ + \ will be capped or rounded up. (E.g.:\ + \ 0.1m will rounded up to 1m.) This\ + \ may be extended in the future if we\ + \ require larger or smaller quantities.\n\ + \nWhen a Quantity is parsed from a string,\ + \ it will remember the type of suffix\ + \ it had, and will use the same type\ + \ again when it is serialized.\n\nBefore\ + \ serializing, Quantity will be put\ + \ in \"canonical form\". This means\ + \ that Exponent/suffix will be adjusted\ + \ up or down (with a corresponding increase\ + \ or decrease in Mantissa) such that:\n\ + \ a. No precision is lost\n b. No\ + \ fractional digits will be emitted\n\ + \ c. The exponent (or suffix) is as\ + \ large as possible.\nThe sign will\ + \ be omitted unless the number is negative.\n\ + \nExamples:\n 1.5 will be serialized\ + \ as \"1500m\"\n 1.5Gi will be serialized\ + \ as \"1536Mi\"\n\nNote that the quantity\ + \ will NEVER be internally represented\ + \ by a floating point number. That is\ + \ the whole point of this exercise.\n\ + \nNon-canonical values will still parse\ + \ as long as they are well formed, but\ + \ will be re-emitted in their canonical\ + \ form. (So always use canonical form,\ + \ or don't diff.)\n\nThis format is\ + \ intended to make it difficult to use\ + \ these numbers without writing some\ + \ sort of special handling code in the\ + \ hopes that that will cause implementors\ + \ to also use a fixed point implementation." + type: string + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + securityContext: + description: SecurityContext holds security + configuration that will be applied to a container. + Some fields are present in both SecurityContext + and PodSecurityContext. When both are set, + the values in SecurityContext take precedence. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls + whether a process can gain more privileges + than its parent process. This bool directly + controls if the no_new_privs flag will + be set on the container process. AllowPrivilegeEscalation + is true always when the container is: + 1) run as Privileged 2) has CAP_SYS_ADMIN' + type: boolean + capabilities: + description: Adds and removes POSIX capabilities + from running containers. + properties: + add: + description: Added capabilities + items: + type: string + type: array + drop: + description: Removed capabilities + items: + type: string + type: array + type: object + privileged: + description: Run container in privileged + mode. Processes in privileged containers + are essentially equivalent to root on + the host. Defaults to false. + type: boolean + procMount: + description: procMount denotes the type + of proc mount to use for the containers. + The default is DefaultProcMount which + uses the container runtime defaults for + readonly paths and masked paths. This + requires the ProcMountType feature flag + to be enabled. + type: string + readOnlyRootFilesystem: + description: Whether this container has + a read-only root filesystem. Default is + false. + type: boolean + runAsGroup: + description: The GID to run the entrypoint + of the container process. Uses runtime + default if unset. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container + must run as a non-root user. If true, + the Kubelet will validate the image at + runtime to ensure that it does not run + as UID 0 (root) and fail to start the + container if it does. If unset or false, + no such validation will be performed. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint + of the container process. Defaults to + user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext + takes precedence. + format: int64 + type: integer + seLinuxOptions: + description: SELinuxOptions are the labels + to be applied to the container + properties: + level: + description: Level is SELinux level + label that applies to the container. + type: string + role: + description: Role is a SELinux role + label that applies to the container. + type: string + type: + description: Type is a SELinux type + label that applies to the container. + type: string + user: + description: User is a SELinux user + label that applies to the container. + type: string + type: object + seccompProfile: + description: SeccompProfile defines a pod/container's + seccomp profile settings. Only one profile + source may be set. + properties: + localhostProfile: + description: localhostProfile indicates + a profile defined in a file on the + node should be used. The profile must + be preconfigured on the node to work. + Must be a descending path, relative + to the kubelet's configured seccomp + profile location. Must only be set + if type is "Localhost". + type: string + type: + description: 'type indicates which kind + of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a + file on the node should be used. RuntimeDefault + - the container runtime default profile + should be used. Unconfined - no profile + should be applied.' + type: string + required: + - type + type: object + windowsOptions: + description: WindowsSecurityContextOptions + contain Windows-specific options and credentials. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where + the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName + field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName + is the name of the GMSA credential + spec to use. + type: string + hostProcess: + description: HostProcess determines + if a container should be run as a + 'Host Process' container. This field + is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a + Pod's containers must have the same + effective HostProcess value (it is + not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows + to run the entrypoint of the container + process. Defaults to the user specified + in image metadata if unspecified. + May also be set in PodSecurityContext. + If set in both SecurityContext and + PodSecurityContext, the value specified + in SecurityContext takes precedence. + type: string + type: object + type: object + startupProbe: + description: Probe describes a health check + to be performed against a container to determine + whether it is alive or ready to receive traffic. + properties: + exec: + description: ExecAction describes a "run + in container" action. + properties: + command: + description: Command is the command + line to execute inside the container, + the working directory for the command is + root ('/') in the container's filesystem. + The command is simply exec'd, it is + not run inside a shell, so traditional + shell instructions ('|', etc) won't + work. To use a shell, you need to + explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures + for the probe to be considered failed + after having succeeded. Defaults to 3. + Minimum value is 1. + format: int32 + type: integer + httpGet: + description: HTTPGetAction describes an + action based on HTTP Get requests. + properties: + host: + description: Host name to connect to, + defaults to the pod IP. You probably + want to set "Host" in httpHeaders + instead. + type: string + httpHeaders: + description: Custom headers to set in + the request. HTTP allows repeated + headers. + items: + description: HTTPHeader describes + a custom header to be used in HTTP + probes + properties: + name: + description: The header field + name + type: string + value: + description: The header field + value + type: string + required: + - name + - value + type: object + type: array + path: + description: Path to access on the HTTP + server. + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. + type: string + required: + - port + type: object + initialDelaySeconds: + description: 'Number of seconds after the + container has started before liveness + probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform + the probe. Default to 10 seconds. Minimum + value is 1. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes + for the probe to be considered successful + after having failed. Defaults to 1. Must + be 1 for liveness and startup. Minimum + value is 1. + format: int32 + type: integer + tcpSocket: + description: TCPSocketAction describes an + action based on opening a socket + properties: + host: + description: 'Optional: Host name to + connect to, defaults to the pod IP.' + type: string + port: + description: IntOrString is a type that + can hold an int32 or a string. When + used in JSON or YAML marshalling and + unmarshalling, it produces or consumes + the inner type. This allows you to + have, for example, a JSON field that + can accept a name or number. + format: int-or-string + type: string + required: + - port + type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully + upon probe failure. The grace period is + the duration in seconds after the processes + running in the pod are sent a termination + signal and the time when the processes + are forcibly halted with a kill signal. + Set this value longer than the expected + cleanup time for your process. If this + value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer + timeoutSeconds: + description: 'Number of seconds after which + the probe times out. Defaults to 1 second. + Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + format: int32 + type: integer + type: object + stdin: + description: Whether this container should allocate + a buffer for stdin in the container runtime. + If this is not set, reads from stdin in the + container will always result in EOF. Default + is false. + type: boolean + stdinOnce: + description: Whether the container runtime should + close the stdin channel after it has been + opened by a single attach. When stdin is true + the stdin stream will remain open across multiple + attach sessions. If stdinOnce is set to true, + stdin is opened on container start, is empty + until the first client attaches to stdin, + and then remains open and accepts data until + the client disconnects, at which time stdin + is closed and remains closed until the container + is restarted. If this flag is false, a container + processes that reads from stdin will never + receive an EOF. Default is false + type: boolean + terminationMessagePath: + description: 'Optional: Path at which the file + to which the container''s termination message + will be written is mounted into the container''s + filesystem. Message written is intended to + be brief final status, such as an assertion + failure message. Will be truncated by the + node if greater than 4096 bytes. The total + message length across all containers will + be limited to 12kb. Defaults to /dev/termination-log. + Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message + should be populated. File will use the contents + of terminationMessagePath to populate the + container status message on both success and + failure. FallbackToLogsOnError will use the + last chunk of container log output if the + termination message file is empty and the + container exited with an error. The log output + is limited to 2048 bytes or 80 lines, whichever + is smaller. Defaults to File. Cannot be updated. + type: string + tty: + description: Whether this container should allocate + a TTY for itself, also requires 'stdin' to + be true. Default is false. + type: boolean + volumeDevices: + description: volumeDevices is the list of block + devices to be used by the container. + items: + description: volumeDevice describes a mapping + of a raw block device within a container. + properties: + devicePath: + description: devicePath is the path inside + of the container that the device will + be mapped to. + type: string + name: + description: name must match the name + of a persistentVolumeClaim in the pod + type: string + required: + - name + - devicePath + type: object + type: array + volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. + items: + description: VolumeMount describes a mounting + of a Volume within a container. + properties: + mountPath: + description: Path within the container + at which the volume should be mounted. Must + not contain ':'. + type: string + mountPropagation: + description: mountPropagation determines + how mounts are propagated from the host + to container and the other way around. + When not set, MountPropagationNone is + used. This field is beta in 1.10. + type: string + name: + description: This must match the Name + of a Volume. + type: string + readOnly: + description: Mounted read-only if true, + read-write otherwise (false or unspecified). + Defaults to false. + type: boolean + subPath: + description: Path within the volume from + which the container's volume should + be mounted. Defaults to "" (volume's + root). + type: string + subPathExpr: + description: Expanded path within the + volume from which the container's volume + should be mounted. Behaves similarly + to SubPath but environment variable + references $(VAR_NAME) are expanded + using the container's environment. Defaults + to "" (volume's root). SubPathExpr and + SubPath are mutually exclusive. + type: string + required: + - name + - mountPath + type: object + type: array + workingDir: + description: Container's working directory. + If not specified, the container runtime's + default will be used, which might be configured + in the container image. Cannot be updated. + type: string + required: + - name + configurations: + type: object + description: 'Shards custom configurations. + + ' + properties: + sgPostgresConfig: + type: string + description: 'Name of the [SGPostgresConfig](https://stackgres.io/doc/latest/reference/crd/sgpgconfig) + used for the cluster. It must exist. When not set, + a default Postgres config, for the major version + selected, is used. + + ' + sgPoolingConfig: + type: string + description: 'Name of the [SGPoolingConfig](https://stackgres.io/doc/latest/reference/crd/sgpoolconfig) + used for this cluster. Each pod contains a sidecar + with a connection pooler (currently: [PgBouncer](https://www.pgbouncer.org/)). + The connection pooler is implemented as a sidecar. + + + If not set, a default configuration will be used. + Disabling connection pooling altogether is possible + if the disableConnectionPooling property of the + pods object is set to true. + + ' + replication: + type: object + description: "This section allows to configure the global\ + \ Postgres replication mode.\n\nThe main replication\ + \ group is implicit and contains the total number of\ + \ instances less the sum of all\n instances in other\ + \ replication groups.\n\nThe total number of instances\ + \ is always specified by `.spec.instances`.\n" + properties: + mode: + type: string + description: "The replication mode applied to the\ + \ whole cluster.\nPossible values are:\n* `async`\ + \ (default)\n* `sync`\n* `strict-sync`\n* `sync-all`\n\ + * `strict-sync-all`\n\n**async**\n\nWhen in asynchronous\ + \ mode the cluster is allowed to lose some committed\ + \ transactions.\n When the primary server fails\ + \ or becomes unavailable for any other reason a\ + \ sufficiently healthy standby\n will automatically\ + \ be promoted to primary. Any transactions that\ + \ have not been replicated to that standby\n remain\ + \ in a \"forked timeline\" on the primary, and are\ + \ effectively unrecoverable (the data is still there,\n\ + \ but recovering it requires a manual recovery\ + \ effort by data recovery specialists).\n\n**sync**\n\ + \nWhen in synchronous mode a standby will not be\ + \ promoted unless it is certain that the standby\ + \ contains all\n transactions that may have returned\ + \ a successful commit status to client (clients\ + \ can change the behavior\n per transaction using\ + \ PostgreSQL’s `synchronous_commit` setting. Transactions\ + \ with `synchronous_commit`\n values of `off` and\ + \ `local` may be lost on fail over, but will not\ + \ be blocked by replication delays). This\n means\ + \ that the system may be unavailable for writes\ + \ even though some servers are available. System\n\ + \ administrators can still use manual failover\ + \ commands to promote a standby even if it results\ + \ in transaction\n loss.\n\nSynchronous mode does\ + \ not guarantee multi node durability of commits\ + \ under all circumstances. When no suitable\n standby\ + \ is available, primary server will still accept\ + \ writes, but does not guarantee their replication.\ + \ When\n the primary fails in this mode no standby\ + \ will be promoted. When the host that used to be\ + \ the primary comes\n back it will get promoted\ + \ automatically, unless system administrator performed\ + \ a manual failover. This behavior\n makes synchronous\ + \ mode usable with 2 node clusters.\n\nWhen synchronous\ + \ mode is used and a standby crashes, commits will\ + \ block until the primary is switched to standalone\n\ + \ mode. Manually shutting down or restarting a\ + \ standby will not cause a commit service interruption.\ + \ Standby will\n signal the primary to release\ + \ itself from synchronous standby duties before\ + \ PostgreSQL shutdown is initiated.\n\n**strict-sync**\n\ + \nWhen it is absolutely necessary to guarantee that\ + \ each write is stored durably on at least two nodes,\ + \ use the strict\n synchronous mode. This mode\ + \ prevents synchronous replication to be switched\ + \ off on the primary when no synchronous\n standby\ + \ candidates are available. As a downside, the primary\ + \ will not be available for writes (unless the Postgres\n\ + \ transaction explicitly turns off `synchronous_mode`\ + \ parameter), blocking all client write requests\ + \ until at least one\n synchronous replica comes\ + \ up.\n\n**Note**: Because of the way synchronous\ + \ replication is implemented in PostgreSQL it is\ + \ still possible to lose\n transactions even when\ + \ using strict synchronous mode. If the PostgreSQL\ + \ backend is cancelled while waiting to acknowledge\n\ + \ replication (as a result of packet cancellation\ + \ due to client timeout or backend failure) transaction\ + \ changes become\n visible for other backends.\ + \ Such changes are not yet replicated and may be\ + \ lost in case of standby promotion.\n\n**sync-all**\n\ + \nThe same as `sync` but `syncInstances` is ignored\ + \ and the number of synchronous instances is equals\ + \ to the total number\n of instances less one.\n\ + \n**strict-sync-all**\n\nThe same as `strict-sync`\ + \ but `syncInstances` is ignored and the number\ + \ of synchronous instances is equals to the total\ + \ number\n of instances less one.\n" + default: async + syncInstances: + type: integer + minimum: 1 + description: "Number of synchronous standby instances.\ + \ Must be less than the total number of instances.\ + \ It is set to 1 by default.\n Only setteable if\ + \ mode is `sync` or `strict-sync`.\n" + metadata: + type: object + description: Metadata information from shards cluster + created resources. + properties: + annotations: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + to be passed to resources created and managed by + StackGres. + properties: + allResources: + type: object + description: Annotations to attach to any resource + created or managed by StackGres. + additionalProperties: + type: string + clusterPods: + type: object + description: Annotations to attach to pods created + or managed by StackGres. + additionalProperties: + type: string + services: + type: object + description: Annotations to attach to all services + created or managed by StackGres. + additionalProperties: + type: string + primaryService: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + passed to the `-primary` service. + additionalProperties: + type: string + replicasService: + type: object + description: Custom Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + passed to the `-replicas` service. + additionalProperties: + type: string + labels: + type: object + description: Custom Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) + to be passed to resources created and managed by + StackGres. + properties: + clusterPods: + type: object + description: Labels to attach to Pods created + or managed by StackGres. + additionalProperties: + type: string + services: + type: object + description: Labels to attach to Services and + Endpoints created or managed by StackGres. + additionalProperties: + type: string + required: + - index + required: + - clusters + - instancesPerCluster + - pods + prometheusAutobind: + type: boolean + description: 'If enabled, a ServiceMonitor is created for each Prometheus + instance found in order to collect metrics. + + ' + distributedLogs: + type: object + description: "StackGres features a functionality for all pods to\ + \ send Postgres, Patroni and PgBouncer logs to a central (distributed)\ + \ location, which is in turn another Postgres database. Logs can\ + \ then be accessed via SQL interface or from the web UI. This\ + \ section controls whether to enable this feature or not. If not\ + \ enabled, logs are send to the pod's standard output.\n\n**Example:**\n\ + \n```yaml\napiVersion: stackgres.io/v1alpha1\nkind: SGShardedCluster\n\ + metadata:\n name: stackgres\nspec:\n distributedLogs:\n sgDistributedLogs:\ + \ distributedlogs\n```\n" + properties: + sgDistributedLogs: + type: string + description: 'Name of the [SGDistributedLogs](https://stackgres.io/doc/latest/reference/crd/sgdistributedlogs/) + to use for this cluster. It must exist. + + ' + retention: + type: string + pattern: ^[0-9]+ (minutes?|hours?|days?|months?) + description: "Define a retention window with the syntax `\ + \ (minutes|hours|days|months)` in which log entries are kept.\n\ + \ Log entries will be removed when they get older more than\ + \ the double of the specified retention window.\n\nWhen this\ + \ field is changed the retention will be applied only to log\ + \ entries that are newer than the end of\n the retention\ + \ window previously specified. If no retention window was\ + \ previously specified it is considered\n to be of 7 days.\ + \ This means that if previous retention window is of `7 days`\ + \ new retention configuration will\n apply after UTC timestamp\ + \ calculated with: `SELECT date_trunc('days', now() at time\ + \ zone 'UTC') - INTERVAL '7 days'`.\n" + nonProductionOptions: + type: object + properties: + disableClusterPodAntiAffinity: + type: boolean + description: 'It is a best practice, on non-containerized environments, + when running production workloads, to run each database server + on a different server (virtual or physical), i.e., not to + co-locate more than one database server per host. + + + The same best practice applies to databases on containers. + By default, StackGres will not allow to run more than one + StackGres pod on a given Kubernetes node. Set this property + to true to allow more than one StackGres pod per node. + + + This property default value may be changed depending on the + value of field `.spec.profile`. + + + This property default value may be changed depending on the + value of field `.spec.profile`. + + ' + disablePatroniResourceRequirements: + type: boolean + description: 'It is a best practice, on containerized environments, + when running production workloads, to enforce container''s + resources requirements. + + + The same best practice applies to databases on containers. + By default, StackGres will configure resource requirements + for patroni container. Set this property to true to prevent + StackGres from setting patroni container''s resources requirement. + + + This property default value may be changed depending on the + value of field `.spec.profile`. + + ' + disableClusterResourceRequirements: + type: boolean + description: 'It is a best practice, on containerized environments, + when running production workloads, to enforce container''s + resources requirements. + + + By default, StackGres will configure resource requirements + for all the containers. Set this property to true to prevent + StackGres from setting container''s resources requirements + (except for patroni container, see `disablePatroniResourceRequirements`). + + + This property default value may be changed depending on the + value of field `.spec.profile`. + + ' + enableSetPatroniCpuRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ cpu requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less cpu than\ + \ it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs\ + \ on the node.\n\nBy default, StackGres will configure cpu\ + \ requirements to have the same limit and request for the\ + \ patroni container. Set this property to true to prevent\ + \ StackGres from setting patroni container's cpu requirements\ + \ request equals to the limit\n when `.spec.requests.cpu`\ + \ is configured in the referenced `SGInstanceProfile`.\n" + default: false + enableSetClusterCpuRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ cpu requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less cpu than\ + \ it requires. It also allow to set [static CPU management\ + \ policy](https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy)\ + \ that allows to guarantee a pod the usage exclusive CPUs\ + \ on the node.\n\nBy default, StackGres will configure cpu\ + \ requirements to have the same limit and request for all\ + \ the containers. Set this property to true to prevent StackGres\ + \ from setting container's cpu requirements request equals\ + \ to the limit (except for patroni container, see `enablePatroniCpuRequests`)\n\ + \ when `.spec.requests.containers..cpu` `.spec.requests.initContainers..cpu` is configured in the referenced `SGInstanceProfile`.\n" + default: false + enableSetPatroniMemoryRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ memory requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less memory\ + \ than it requires.\n\nBy default, StackGres will configure\ + \ memory requirements to have the same limit and request for\ + \ the patroni container. Set this property to true to prevent\ + \ StackGres from setting patroni container's memory requirements\ + \ request equals to the limit\n when `.spec.requests.memory`\ + \ is configured in the referenced `SGInstanceProfile`.\n" + default: false + enableSetClusterMemoryRequests: + type: boolean + description: "**Deprecated** this value is ignored and you can\ + \ consider it as always `true`.\n\nOn containerized environments,\ + \ when running production workloads, enforcing container's\ + \ memory requirements request to be equals to the limit allow\ + \ to achieve the highest level of performance. Doing so, reduces\ + \ the chances of leaving\n the workload with less memory\ + \ than it requires.\n\nBy default, StackGres will configure\ + \ memory requirements to have the same limit and request for\ + \ all the containers. Set this property to true to prevent\ + \ StackGres from setting container's memory requirements request\ + \ equals to the limit (except for patroni container, see `enablePatroniCpuRequests`)\n\ + \ when `.spec.requests.containers..memory`\ + \ `.spec.requests.initContainers..memory`\ + \ is configured in the referenced `SGInstanceProfile`.\n" + default: false + enabledFeatureGates: + type: array + description: 'A list of StackGres feature gates to enable (not + suitable for a production environment). + + + Available feature gates are: + + * `babelfish-flavor`: Allow to use `babelfish` flavor. + + ' + items: + type: string + description: The name of the fature gate to enable. + initialData: + type: object + description: 'Sharded cluster initialization data options. Sharded + cluster may be initialized empty, or from a sharded backup restoration. + + + **This field can only be set on creation.** + + ' + properties: + restore: + type: object + description: 'This section allows to restore a sharded cluster + from an existing copy of the metadata and data. + + ' + properties: + fromBackup: + type: object + description: "From which sharded backup to restore and how\ + \ the process is configured\n\n**Example:**\n\n```yaml\n\ + apiVersion: stackgres.io/v1\nkind: SGShardedCluster\n\ + metadata:\n name: stackgres\nspec:\n initialData:\n\ + \ restore:\n fromBackup:\n name: stackgres-backup\n\ + \ downloadDiskConcurrency: 1\n```\n" + properties: + name: + type: string + description: "When set to the name of an existing [SGShardedBackup](https://stackgres.io/doc/latest/reference/crd/sgshardedbackup),\ + \ the sharded cluster is initialized by restoring\ + \ the\n backup data to it. If not set, the sharded\ + \ cluster is initialized empty. The selected sharded\ + \ backup must be in the same namespace.\n" + targetInclusive: + type: boolean + description: "Specify the [recovery_target_inclusive](https://postgresqlco.nf/doc/en/param/recovery_target_timeline/)\ + \ to stop recovery just after the specified\n recovery\ + \ target (true), or just before the recovery target\ + \ (false). Applies when targetLsn, pointInTimeRecovery,\ + \ or targetXid is specified. This\n setting controls\ + \ whether transactions having exactly the target WAL\ + \ location (LSN), commit time, or transaction ID,\ + \ respectively, will be included\n in the recovery.\ + \ Default is true.\n" + pointInTimeRecovery: + type: object + description: "It is possible to restore the database\ + \ to its state at any time since your backup was taken\ + \ using Point-in-Time Recovery (PITR) as long as another\n\ + \ backup newer than the PITR requested restoration\ + \ date does not exists.\n\nPoint In Time Recovery\ + \ (PITR). PITR allow to restore the database state\ + \ to an arbitrary point of time in the past, as long\ + \ as you specify a backup\n older than the PITR requested\ + \ restoration date and does not exists a backup newer\ + \ than the same restoration date.\n\nSee also: https://www.postgresql.org/docs/current/continuous-archiving.html\n" + properties: + restoreToTimestamp: + type: string + description: 'An ISO 8601 date, that holds UTC date + indicating at which point-in-time the database + have to be restored. + + ' + downloadDiskConcurrency: + type: integer + minimum: 1 + description: 'The backup fetch process may fetch several + streams in parallel. Parallel fetching is enabled when + set to a value larger than one. + + + If not specified it will be interpreted as latest. + + ' + required: + - database + - postgres + - coordinator + - shards + status: + type: object + description: Current status of a StackGres sharded cluster. + properties: + conditions: + type: array + items: + type: object + properties: + lastTransitionTime: + description: Last time the condition transitioned from one + status to another. + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + type: string + type: + description: Type of deployment condition. + type: string + clusterStatuses: + type: array + description: The list of cluster statuses. + items: + type: object + properties: + name: + type: string + description: The name of the cluster. + pendingRestart: + type: boolean + description: Indicates if the cluster requires restart + required: + - name + toInstallPostgresExtensions: + type: array + description: The list of Postgres extensions to install + items: + type: object + properties: + name: + type: string + description: The name of the extension to install. + publisher: + type: string + description: The id of the publisher of the extension to install. + version: + type: string + description: The version of the extension to install. + repository: + type: string + description: The repository base URL from where the extension + will be installed from. + postgresVersion: + type: string + description: The postgres major version of the extension to + install. + build: + type: string + description: The build version of the extension to install. + extraMounts: + type: array + description: The extra mounts of the extension to install. + items: + type: string + description: The extra mount of the installed extension. + required: + - name + - publisher + - version + - repository + - postgresVersion + binding: + type: object + description: 'This section follow the schema specified in [Service + Binding spec for provisioned service](https://servicebinding.io/spec/core/1.0.0/#provisioned-service). + + + For more information see https://servicebinding.io/spec/core/1.0.0/ + + ' + properties: + name: + type: string + description: The name of the Secret as specified in [Service + Binding spec for provisioned service](https://servicebinding.io/spec/core/1.0.0/#provisioned-service). + sgBackups: + type: array + description: 'The list of SGBackups that compose the SGShardedBackup + used to restore the sharded cluster. + + ' + items: + type: string + description: 'One of the SGBackups that compose the SGShardedBackup + used to restore the sharded cluster. + + ' + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgshardedcluster + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/manifests/stackgres.io_sgshardeddbops.yaml b/operators/stackgres/1.6.0/manifests/stackgres.io_sgshardeddbops.yaml new file mode 100644 index 00000000000..152591e9f75 --- /dev/null +++ b/operators/stackgres/1.6.0/manifests/stackgres.io_sgshardeddbops.yaml @@ -0,0 +1,1214 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sgshardeddbops.stackgres.io +spec: + group: stackgres.io + scope: Namespaced + names: + kind: SGShardedDbOps + listKind: SGShardedDbOpsList + plural: sgshardeddbops + singular: sgshardeddbops + shortNames: + - sgsdo + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - name: cluster + type: string + jsonPath: .spec.sgShardedCluster + - name: operation + type: string + jsonPath: .spec.op + - name: status + type: string + jsonPath: .status.conditions[?(@.status=="True")].reason + - name: started-at + type: string + jsonPath: .status.opStarted + priority: 1 + - name: retries + type: string + jsonPath: .status.opRetries + priority: 1 + schema: + openAPIV3Schema: + required: + - metadata + - spec + type: object + properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 57 + pattern: ^[a-z]([-a-z0-9]*[a-z0-9])?$ + description: 'Name of the Sharded Database Operation. A database + operation represents a ""kind"" of operation on a StackGres cluster, + classified by a given name. The operation reference one SGCluster + by its name. Following [Kubernetes naming conventions](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md), + it must be an rfc1035/rfc1123 `label`, an alphanumeric (a-z, and + 0-9) string, with the ''-'' character allowed anywhere except + the first or last character. + + + The name must be unique across all database operations in the + same namespace." + + ' + spec: + type: object + properties: + sgShardedCluster: + type: string + description: 'The name of SGShardedCluster on which the operation + will be performed. + + ' + scheduling: + type: object + description: Pod custom node scheduling and affinity configuration + properties: + nodeSelector: + type: object + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match a + node''s labels for the pod to be scheduled on that node. More + info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + + ' + tolerations: + description: 'If specified, the pod''s tolerations. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + type: array + items: + description: 'The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#toleration-v1-core + + ' + properties: + effect: + description: 'Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + + + ' + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: 'Operator represents a key''s relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + + + ' + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + nodeAffinity: + description: 'Node affinity is a group of node affinity scheduling + rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#nodeaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - preference + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: A node selector represents the union of the + results of one or more label queries over a set of nodes; + that is, it represents the OR of the selectors represented + by the node selector terms. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: 'Represents a key''s relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + + + ' + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + priorityClassName: + type: string + description: 'Priority indicates the importance of a Pod relative + to other Pods. If a Pod cannot be scheduled, the scheduler + tries to preempt (evict) lower priority Pods to make scheduling + of the pending Pod possible. + + ' + podAffinity: + description: 'Pod affinity is a group of inter pod affinity + scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: 'Pod anti affinity is a group of inter pod anti + affinity scheduling rules. + + + See: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#podantiaffinity-v1-core + + ' + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query + over a set of resources. The result of matchLabels + and matchExpressions are ANDed. An empty label + selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - weight + - podAffinityTerm + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label selector is a label query over + a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector + matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + op: + type: string + description: 'The kind of operation that will be performed on the + SGCluster. Available operations are: + + + * `resharding`: perform a resharding of the cluster. + + * `restart`: perform a restart of the cluster. + + ' + runAt: + type: string + description: 'An ISO 8601 date, that holds UTC scheduled date of + the operation execution. + + + If not specified or if the date it''s in the past, it will be + interpreted ASAP. + + ' + timeout: + type: string + description: 'An ISO 8601 duration in the format `PnDTnHnMn.nS`, + that specifies a timeout after which the operation execution will + be canceled. + + + If the operation can not be performed due to timeout expiration, + the condition `Failed` will have a status of `True` and the reason + will be `OperationTimedOut`. + + + If not specified the operation will never fail for timeout expiration. + + ' + maxRetries: + type: integer + description: 'The maximum number of retries the operation is allowed + to do after a failure. + + + A value of `0` (zero) means no retries are made. Can not be greater + than `10`. Defaults to: `0`. + + ' + resharding: + type: object + description: "Configuration for resharding. Resharding a sharded\ + \ cluster is the operation that moves the data among shards in\ + \ order to try to\n balance the disk space used in each shard.\ + \ See also https://docs.citusdata.com/en/stable/develop/api_udf.html#citus-rebalance-start\n" + properties: + citus: + type: object + description: 'Citus specific resharding parameters + + ' + properties: + threshold: + type: number + description: 'A float number between 0.0 and 1.0 which indicates + the maximum difference ratio of node utilization from + average utilization. + + See also https://docs.citusdata.com/en/stable/develop/api_udf.html#citus-rebalance-start + + ' + drainOnly: + type: boolean + description: 'A float number between 0.0 and 1.0 which indicates + the maximum difference ratio of node utilization from + average utilization. + + See also https://docs.citusdata.com/en/stable/develop/api_udf.html#citus-rebalance-start + + ' + rebalanceStrategy: + type: string + description: 'The name of a strategy in Rebalancer strategy + table. Will pick a default one if not specified + + See also https://docs.citusdata.com/en/stable/develop/api_udf.html#citus-rebalance-start + + ' + restart: + type: object + description: 'Configuration of restart + + ' + properties: + method: + type: string + description: "The method used to perform the restart operation.\ + \ Available methods are:\n\n* `InPlace`: the in-place method\ + \ does not require more resources than those that are available.\n\ + \ In case only an instance of the StackGres cluster for the\ + \ coordinator or any shard is present\n this mean the service\ + \ disruption will last longer so we encourage use the reduced\ + \ impact restart\n and especially for a production environment.\n\ + * `ReducedImpact`: this procedure is the same as the in-place\ + \ method but require additional\n resources in order to spawn\ + \ a new updated replica that will be removed when the procedure\ + \ completes.\n" + onlyPendingRestart: + type: boolean + description: "By default all Pods are restarted. Setting this\ + \ option to `true` allow to restart only those Pods which\n\ + \ are in pending restart state as detected by the operation.\ + \ Defaults to: `false`.\n" + required: + - sgShardedCluster + - op + status: + type: object + properties: + conditions: + type: array + description: 'Possible conditions are: + + + * Running: to indicate when the operation is actually running + + * Completed: to indicate when the operation has completed successfully + + * Failed: to indicate when the operation has failed + + ' + items: + type: object + properties: + lastTransitionTime: + description: Last time the condition transitioned from one + status to another. + type: string + message: + description: A human-readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition last transition. + type: string + status: + description: Status of the condition, one of `True`, `False` + or `Unknown`. + type: string + type: + description: Type of deployment condition. + type: string + opRetries: + type: integer + description: 'The number of retries performed by the operation + + ' + opStarted: + type: string + description: 'The ISO 8601 timestamp of when the operation started + running + + ' + restart: + type: object + description: 'The results of a restart + + ' + properties: + pendingToRestartSgClusters: + type: array + description: 'The SGClusters that are pending to be restarted + + ' + items: + type: string + restartedSgClusters: + type: array + description: 'The SGClusters that have been restarted + + ' + items: + type: string + failure: + type: string + description: 'A failure message (when available) + + ' + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + namespace: system + name: stackgres-operator + path: /stackgres/conversion/sgshardeddbops + conversionReviewVersions: + - v1 diff --git a/operators/stackgres/1.6.0/metadata/annotations.yaml b/operators/stackgres/1.6.0/metadata/annotations.yaml new file mode 100644 index 00000000000..694a0468af8 --- /dev/null +++ b/operators/stackgres/1.6.0/metadata/annotations.yaml @@ -0,0 +1,12 @@ +annotations: + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: stackgres + operators.operatorframework.io.bundle.channels.v1: stable,candidate,fast + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.29.0 + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: quarkus.javaoperatorsdk.io/v1-alpha + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ diff --git a/operators/stackgres/1.6.0/tests/scorecard/config.yaml b/operators/stackgres/1.6.0/tests/scorecard/config.yaml new file mode 100644 index 00000000000..a13269842bd --- /dev/null +++ b/operators/stackgres/1.6.0/tests/scorecard/config.yaml @@ -0,0 +1,70 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: + - parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: basic + test: basic-check-spec-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: olm + test: olm-bundle-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: olm + test: olm-crds-have-validation-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: olm + test: olm-crds-have-resources-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: olm + test: olm-spec-descriptors-test + storage: + spec: + mountPath: {} + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.26.0 + labels: + suite: olm + test: olm-status-descriptors-test + storage: + spec: + mountPath: {} +storage: + spec: + mountPath: {}