VirtualMachine: Implement virtual machines using KubeVirt
Auto adds new VM into given user's Tailscale network
Change-Id: I16847a0b9eacc17b0e794d3b4913eb1d80a93f0a
diff --git a/charts/appmanager/Chart.yaml b/charts/appmanager/Chart.yaml
index a37113d..e7ff245 100644
--- a/charts/appmanager/Chart.yaml
+++ b/charts/appmanager/Chart.yaml
@@ -2,5 +2,5 @@
name: welcome
description: A Helm chart for PCloud App Manager
type: application
-version: 0.0.1
-appVersion: "0.0.1"
+version: 0.0.2
+appVersion: "0.0.2"
diff --git a/charts/appmanager/templates/install.yaml b/charts/appmanager/templates/install.yaml
index 96d6b08..ba50e10 100644
--- a/charts/appmanager/templates/install.yaml
+++ b/charts/appmanager/templates/install.yaml
@@ -90,6 +90,7 @@
- appmanager
- --repo-addr={{ .Values.repoAddr }}
- --ssh-key=/pcloud/ssh-key/private
+ - --headscale-api-addr={{ .Values.headscaleAPIAddr }}
- --port=8080
{{- if .Values.appRepoAddr }}
- --app-repo-addr={{ .Values.appRepoAddr }}
diff --git a/charts/appmanager/values.yaml b/charts/appmanager/values.yaml
index b1a2a5d..d570f51 100644
--- a/charts/appmanager/values.yaml
+++ b/charts/appmanager/values.yaml
@@ -11,3 +11,4 @@
clusterRoleName: example-welcome
appRepoAddr: ""
portName: http
+headscaleAPIAddr: ""
diff --git a/charts/kubevirt/Chart.yaml b/charts/kubevirt/Chart.yaml
new file mode 100644
index 0000000..377018c
--- /dev/null
+++ b/charts/kubevirt/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: kubevirt
+description: A Helm chart for KubeVirt
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/kubevirt/templates/cdi-cr.yaml b/charts/kubevirt/templates/cdi-cr.yaml
new file mode 100644
index 0000000..76cd20d
--- /dev/null
+++ b/charts/kubevirt/templates/cdi-cr.yaml
@@ -0,0 +1,18 @@
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: CDI
+metadata:
+ name: cdi
+spec:
+ config:
+ featureGates:
+ - HonorWaitForFirstConsumer
+ imagePullPolicy: IfNotPresent
+ infra:
+ nodeSelector:
+ kubernetes.io/os: linux
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+ workload:
+ nodeSelector:
+ kubernetes.io/os: linux
diff --git a/charts/kubevirt/templates/cdi-operator.yaml b/charts/kubevirt/templates/cdi-operator.yaml
new file mode 100644
index 0000000..e70e4b2
--- /dev/null
+++ b/charts/kubevirt/templates/cdi-operator.yaml
@@ -0,0 +1,5761 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ cdi.kubevirt.io: ""
+ name: cdi
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: cdis.cdi.kubevirt.io
+spec:
+ group: cdi.kubevirt.io
+ names:
+ kind: CDI
+ listKind: CDIList
+ plural: cdis
+ shortNames:
+ - cdi
+ - cdis
+ singular: cdi
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: CDI is the CDI Operator CRD
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CDISpec defines our specification for the CDI installation
+ properties:
+ certConfig:
+ description: certificate configuration
+ properties:
+ ca:
+ description: |-
+ CA configuration
+ CA certs are kept in the CA bundle as long as they are valid
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the
+ Certificate.
+ type: string
+ renewBefore:
+ description: |-
+ The amount of time before the currently issued certificate's `notAfter`
+ time that we will begin to attempt to renew the certificate.
+ type: string
+ type: object
+ client:
+ description: |-
+ Client configuration
+ Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the
+ Certificate.
+ type: string
+ renewBefore:
+ description: |-
+ The amount of time before the currently issued certificate's `notAfter`
+ time that we will begin to attempt to renew the certificate.
+ type: string
+ type: object
+ server:
+ description: |-
+ Server configuration
+ Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the
+ Certificate.
+ type: string
+ renewBefore:
+ description: |-
+ The amount of time before the currently issued certificate's `notAfter`
+ time that we will begin to attempt to renew the certificate.
+ type: string
+ type: object
+ type: object
+ cloneStrategyOverride:
+ description: 'Clone strategy override: should we use a host-assisted
+ copy even if snapshots are available?'
+ enum:
+ - copy
+ - snapshot
+ - csi-clone
+ type: string
+ config:
+ description: CDIConfig at CDI level
+ properties:
+ dataVolumeTTLSeconds:
+ description: DataVolumeTTLSeconds is the time in seconds after
+ DataVolume completion it can be garbage collected. Disabled
+ by default.
+ format: int32
+ type: integer
+ featureGates:
+ description: FeatureGates are a list of specific enabled feature
+ gates
+ items:
+ type: string
+ type: array
+ filesystemOverhead:
+ description: FilesystemOverhead describes the space reserved for
+ overhead when using Filesystem volumes. A value is between 0
+ and 1, if not defined it is 0.055 (5.5% overhead)
+ properties:
+ global:
+ description: Global is how much space of a Filesystem volume
+ should be reserved for overhead. This value is used unless
+ overridden by a more specific value (per storageClass)
+ pattern: ^(0(?:\.\d{1,3})?|1)$
+ type: string
+ storageClass:
+ additionalProperties:
+ description: |-
+ Percent is a string that can only be a value between [0,1)
+ (Note: we actually rely on reconcile to reject invalid values)
+ pattern: ^(0(?:\.\d{1,3})?|1)$
+ type: string
+ description: StorageClass specifies how much space of a Filesystem
+ volume should be reserved for safety. The keys are the storageClass
+ and the values are the overhead. This value overrides the
+ global value
+ type: object
+ type: object
+ imagePullSecrets:
+ description: The imagePullSecrets used to pull the container images
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ importProxy:
+ description: ImportProxy contains importer pod proxy configuration.
+ properties:
+ HTTPProxy:
+ description: HTTPProxy is the URL http://<username>:<pswd>@<ip>:<port>
+ of the import proxy for HTTP requests. Empty means unset
+ and will not result in the import pod env var.
+ type: string
+ HTTPSProxy:
+ description: HTTPSProxy is the URL https://<username>:<pswd>@<ip>:<port>
+ of the import proxy for HTTPS requests. Empty means unset
+ and will not result in the import pod env var.
+ type: string
+ noProxy:
+ description: NoProxy is a comma-separated list of hostnames
+ and/or CIDRs for which the proxy should not be used. Empty
+ means unset and will not result in the import pod env var.
+ type: string
+ trustedCAProxy:
+ description: "TrustedCAProxy is the name of a ConfigMap in
+ the cdi namespace that contains a user-provided trusted
+ certificate authority (CA) bundle.\nThe TrustedCAProxy ConfigMap
+ is consumed by the DataImportCron controller for creating
+ cronjobs, and by the import controller referring a copy
+ of the ConfigMap in the import namespace.\nHere is an example
+ of the ConfigMap (in yaml):\n\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n
+ \ name: my-ca-proxy-cm\n namespace: cdi\ndata:\n ca.pem:
+ |\n -----BEGIN CERTIFICATE-----\n\t ... <base64 encoded
+ cert> ...\n\t -----END CERTIFICATE-----"
+ type: string
+ type: object
+ insecureRegistries:
+ description: InsecureRegistries is a list of TLS disabled registries
+ items:
+ type: string
+ type: array
+ logVerbosity:
+ description: LogVerbosity overrides the default verbosity level
+ used to initialize loggers
+ format: int32
+ type: integer
+ podResourceRequirements:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ preallocation:
+ description: Preallocation controls whether storage for DataVolumes
+ should be allocated in advance.
+ type: boolean
+ scratchSpaceStorageClass:
+ description: 'Override the storage class to used for scratch space
+ during transfer operations. The scratch space storage class
+ is determined in the following order: 1. value of scratchSpaceStorageClass,
+ if that doesn''t exist, use the default storage class, if there
+ is no default storage class, use the storage class of the DataVolume,
+ if no storage class specified, use no storage class for scratch
+ space'
+ type: string
+ tlsSecurityProfile:
+ description: TLSSecurityProfile is used by operators to apply
+ cluster-wide TLS security settings to operands.
+ properties:
+ custom:
+ description: |-
+ custom is a user-defined TLS security profile. Be extremely careful using a custom
+ profile as invalid configurations can be catastrophic. An example custom profile
+ looks like this:
+
+
+ ciphers:
+ - ECDHE-ECDSA-CHACHA20-POLY1305
+ - ECDHE-RSA-CHACHA20-POLY1305
+ - ECDHE-RSA-AES128-GCM-SHA256
+ - ECDHE-ECDSA-AES128-GCM-SHA256
+ minTLSVersion: VersionTLS11
+ nullable: true
+ properties:
+ ciphers:
+ description: |-
+ ciphers is used to specify the cipher algorithms that are negotiated
+ during the TLS handshake. Operators may remove entries their operands
+ do not support. For example, to use DES-CBC3-SHA (yaml):
+
+
+ ciphers:
+ - DES-CBC3-SHA
+ items:
+ type: string
+ type: array
+ minTLSVersion:
+ description: |-
+ minTLSVersion is used to specify the minimal version of the TLS protocol
+ that is negotiated during the TLS handshake. For example, to use TLS
+ versions 1.1, 1.2 and 1.3 (yaml):
+
+
+ minTLSVersion: VersionTLS11
+
+
+ NOTE: currently the highest minTLSVersion allowed is VersionTLS12
+ enum:
+ - VersionTLS10
+ - VersionTLS11
+ - VersionTLS12
+ - VersionTLS13
+ type: string
+ required:
+ - ciphers
+ - minTLSVersion
+ type: object
+ intermediate:
+ description: |-
+ intermediate is a TLS security profile based on:
+
+
+ https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
+
+
+ and looks like this (yaml):
+
+
+ ciphers:
+ - TLS_AES_128_GCM_SHA256
+ - TLS_AES_256_GCM_SHA384
+ - TLS_CHACHA20_POLY1305_SHA256
+ - ECDHE-ECDSA-AES128-GCM-SHA256
+ - ECDHE-RSA-AES128-GCM-SHA256
+ - ECDHE-ECDSA-AES256-GCM-SHA384
+ - ECDHE-RSA-AES256-GCM-SHA384
+ - ECDHE-ECDSA-CHACHA20-POLY1305
+ - ECDHE-RSA-CHACHA20-POLY1305
+ - DHE-RSA-AES128-GCM-SHA256
+ - DHE-RSA-AES256-GCM-SHA384
+ minTLSVersion: VersionTLS12
+ nullable: true
+ type: object
+ modern:
+ description: |-
+ modern is a TLS security profile based on:
+
+
+ https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+
+
+ and looks like this (yaml):
+
+
+ ciphers:
+ - TLS_AES_128_GCM_SHA256
+ - TLS_AES_256_GCM_SHA384
+ - TLS_CHACHA20_POLY1305_SHA256
+ minTLSVersion: VersionTLS13
+
+
+ NOTE: Currently unsupported.
+ nullable: true
+ type: object
+ old:
+ description: |-
+ old is a TLS security profile based on:
+
+
+ https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
+
+
+ and looks like this (yaml):
+
+
+ ciphers:
+ - TLS_AES_128_GCM_SHA256
+ - TLS_AES_256_GCM_SHA384
+ - TLS_CHACHA20_POLY1305_SHA256
+ - ECDHE-ECDSA-AES128-GCM-SHA256
+ - ECDHE-RSA-AES128-GCM-SHA256
+ - ECDHE-ECDSA-AES256-GCM-SHA384
+ - ECDHE-RSA-AES256-GCM-SHA384
+ - ECDHE-ECDSA-CHACHA20-POLY1305
+ - ECDHE-RSA-CHACHA20-POLY1305
+ - DHE-RSA-AES128-GCM-SHA256
+ - DHE-RSA-AES256-GCM-SHA384
+ - DHE-RSA-CHACHA20-POLY1305
+ - ECDHE-ECDSA-AES128-SHA256
+ - ECDHE-RSA-AES128-SHA256
+ - ECDHE-ECDSA-AES128-SHA
+ - ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
+ - ECDHE-ECDSA-AES256-SHA
+ - ECDHE-RSA-AES256-SHA
+ - DHE-RSA-AES128-SHA256
+ - DHE-RSA-AES256-SHA256
+ - AES128-GCM-SHA256
+ - AES256-GCM-SHA384
+ - AES128-SHA256
+ - AES256-SHA256
+ - AES128-SHA
+ - AES256-SHA
+ - DES-CBC3-SHA
+ minTLSVersion: VersionTLS10
+ nullable: true
+ type: object
+ type:
+ description: |-
+ type is one of Old, Intermediate, Modern or Custom. Custom provides
+ the ability to specify individual TLS security profile parameters.
+ Old, Intermediate and Modern are TLS security profiles based on:
+
+
+ https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+
+
+ The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
+ are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be
+ reduced.
+
+
+ Note that the Modern profile is currently not supported because it is not
+ yet well adopted by common software libraries.
+ enum:
+ - Old
+ - Intermediate
+ - Modern
+ - Custom
+ type: string
+ type: object
+ uploadProxyURLOverride:
+ description: Override the URL used when uploading to a DataVolume
+ type: string
+ type: object
+ customizeComponents:
+ description: CustomizeComponents defines patches for components deployed
+ by the CDI operator.
+ properties:
+ flags:
+ description: Configure the value used for deployment and daemonset
+ resources
+ properties:
+ api:
+ additionalProperties:
+ type: string
+ type: object
+ controller:
+ additionalProperties:
+ type: string
+ type: object
+ uploadProxy:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ patches:
+ items:
+ description: CustomizeComponentsPatch defines a patch for some
+ resource.
+ properties:
+ patch:
+ type: string
+ resourceName:
+ minLength: 1
+ type: string
+ resourceType:
+ minLength: 1
+ type: string
+ type:
+ description: PatchType defines the patch type.
+ type: string
+ required:
+ - patch
+ - resourceName
+ - resourceType
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ imagePullPolicy:
+ description: PullPolicy describes a policy for if/when to pull a container
+ image
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ infra:
+ description: Selectors and tolerations that should apply to cdi infrastructure
+ components
+ properties:
+ affinity:
+ description: |-
+ affinity enables pod affinity/anti-affinity placement expanding the types of constraints
+ that can be expressed with nodeSelector.
+ affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector
+ See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ apiServerReplicas:
+ description: ApiserverReplicas set Replicas for cdi-apiserver
+ format: int32
+ type: integer
+ deploymentReplicas:
+ description: DeploymentReplicas set Replicas for cdi-deployment
+ format: int32
+ type: integer
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to the relevant kind of pods
+ It specifies a map of key-value pairs: for the pod to be eligible to run on a node,
+ the node must have each of the indicated key-value pairs as labels
+ (it can have additional labels as well).
+ See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to the relevant kind of pods
+ See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.
+ These are additional tolerations other than default ones.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple <key,value,effect> using the matching operator <operator>.
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ uploadProxyReplicas:
+ description: UploadproxyReplicas set Replicas for cdi-uploadproxy
+ format: int32
+ type: integer
+ type: object
+ priorityClass:
+ description: PriorityClass of the CDI control plane
+ type: string
+ uninstallStrategy:
+ description: CDIUninstallStrategy defines the state to leave CDI on
+ uninstall
+ enum:
+ - RemoveWorkloads
+ - BlockUninstallIfWorkloadsExist
+ type: string
+ workload:
+ description: Restrict on which nodes CDI workload pods will be scheduled
+ properties:
+ affinity:
+ description: |-
+ affinity enables pod affinity/anti-affinity placement expanding the types of constraints
+ that can be expressed with nodeSelector.
+ affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector
+ See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to the relevant kind of pods
+ It specifies a map of key-value pairs: for the pod to be eligible to run on a node,
+ the node must have each of the indicated key-value pairs as labels
+ (it can have additional labels as well).
+ See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to the relevant kind of pods
+ See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.
+ These are additional tolerations other than default ones.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple <key,value,effect> using the matching operator <operator>.
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ status:
+ description: CDIStatus defines the status of the installation
+ properties:
+ conditions:
+ description: A list of current conditions of the resource
+ items:
+ description: |-
+ Condition represents the state of the operator's
+ reconciliation functionality.
+ properties:
+ lastHeartbeatTime:
+ format: date-time
+ type: string
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ description: ConditionType is the state of the operator's reconciliation
+ functionality.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedVersion:
+ description: The observed version of the resource
+ type: string
+ operatorVersion:
+ description: The version of the resource as defined by the operator
+ type: string
+ phase:
+ description: Phase is the current phase of the deployment
+ type: string
+ targetVersion:
+ description: The desired version of the resource
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: false
+ subresources: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: CDI is the CDI Operator CRD
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CDISpec defines our specification for the CDI installation
+ properties:
+ certConfig:
+ description: certificate configuration
+ properties:
+ ca:
+ description: |-
+ CA configuration
+ CA certs are kept in the CA bundle as long as they are valid
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the
+ Certificate.
+ type: string
+ renewBefore:
+ description: |-
+ The amount of time before the currently issued certificate's `notAfter`
+ time that we will begin to attempt to renew the certificate.
+ type: string
+ type: object
+ client:
+ description: |-
+ Client configuration
+ Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the
+ Certificate.
+ type: string
+ renewBefore:
+ description: |-
+ The amount of time before the currently issued certificate's `notAfter`
+ time that we will begin to attempt to renew the certificate.
+ type: string
+ type: object
+ server:
+ description: |-
+ Server configuration
+ Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime) of the
+ Certificate.
+ type: string
+ renewBefore:
+ description: |-
+ The amount of time before the currently issued certificate's `notAfter`
+ time that we will begin to attempt to renew the certificate.
+ type: string
+ type: object
+ type: object
+ cloneStrategyOverride:
+ description: 'Clone strategy override: should we use a host-assisted
+ copy even if snapshots are available?'
+ enum:
+ - copy
+ - snapshot
+ - csi-clone
+ type: string
+ config:
+ description: CDIConfig at CDI level
+ properties:
+ dataVolumeTTLSeconds:
+ description: DataVolumeTTLSeconds is the time in seconds after
+ DataVolume completion it can be garbage collected. Disabled
+ by default.
+ format: int32
+ type: integer
+ featureGates:
+ description: FeatureGates are a list of specific enabled feature
+ gates
+ items:
+ type: string
+ type: array
+ filesystemOverhead:
+ description: FilesystemOverhead describes the space reserved for
+ overhead when using Filesystem volumes. A value is between 0
+ and 1, if not defined it is 0.055 (5.5% overhead)
+ properties:
+ global:
+ description: Global is how much space of a Filesystem volume
+ should be reserved for overhead. This value is used unless
+ overridden by a more specific value (per storageClass)
+ pattern: ^(0(?:\.\d{1,3})?|1)$
+ type: string
+ storageClass:
+ additionalProperties:
+ description: |-
+ Percent is a string that can only be a value between [0,1)
+ (Note: we actually rely on reconcile to reject invalid values)
+ pattern: ^(0(?:\.\d{1,3})?|1)$
+ type: string
+ description: StorageClass specifies how much space of a Filesystem
+ volume should be reserved for safety. The keys are the storageClass
+ and the values are the overhead. This value overrides the
+ global value
+ type: object
+ type: object
+ imagePullSecrets:
+ description: The imagePullSecrets used to pull the container images
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ importProxy:
+ description: ImportProxy contains importer pod proxy configuration.
+ properties:
+ HTTPProxy:
+ description: HTTPProxy is the URL http://<username>:<pswd>@<ip>:<port>
+ of the import proxy for HTTP requests. Empty means unset
+ and will not result in the import pod env var.
+ type: string
+ HTTPSProxy:
+ description: HTTPSProxy is the URL https://<username>:<pswd>@<ip>:<port>
+ of the import proxy for HTTPS requests. Empty means unset
+ and will not result in the import pod env var.
+ type: string
+ noProxy:
+ description: NoProxy is a comma-separated list of hostnames
+ and/or CIDRs for which the proxy should not be used. Empty
+ means unset and will not result in the import pod env var.
+ type: string
+ trustedCAProxy:
+ description: "TrustedCAProxy is the name of a ConfigMap in
+ the cdi namespace that contains a user-provided trusted
+ certificate authority (CA) bundle.\nThe TrustedCAProxy ConfigMap
+ is consumed by the DataImportCron controller for creating
+ cronjobs, and by the import controller referring a copy
+ of the ConfigMap in the import namespace.\nHere is an example
+ of the ConfigMap (in yaml):\n\n\napiVersion: v1\nkind: ConfigMap\nmetadata:\n
+ \ name: my-ca-proxy-cm\n namespace: cdi\ndata:\n ca.pem:
+ |\n -----BEGIN CERTIFICATE-----\n\t ... <base64 encoded
+ cert> ...\n\t -----END CERTIFICATE-----"
+ type: string
+ type: object
+ insecureRegistries:
+ description: InsecureRegistries is a list of TLS disabled registries
+ items:
+ type: string
+ type: array
+ logVerbosity:
+ description: LogVerbosity overrides the default verbosity level
+ used to initialize loggers
+ format: int32
+ type: integer
+ podResourceRequirements:
+ description: ResourceRequirements describes the compute resource
+ requirements.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ preallocation:
+ description: Preallocation controls whether storage for DataVolumes
+ should be allocated in advance.
+ type: boolean
+ scratchSpaceStorageClass:
+ description: 'Override the storage class to used for scratch space
+ during transfer operations. The scratch space storage class
+ is determined in the following order: 1. value of scratchSpaceStorageClass,
+ if that doesn''t exist, use the default storage class, if there
+ is no default storage class, use the storage class of the DataVolume,
+ if no storage class specified, use no storage class for scratch
+ space'
+ type: string
+ tlsSecurityProfile:
+ description: TLSSecurityProfile is used by operators to apply
+ cluster-wide TLS security settings to operands.
+ properties:
+ custom:
+ description: |-
+ custom is a user-defined TLS security profile. Be extremely careful using a custom
+ profile as invalid configurations can be catastrophic. An example custom profile
+ looks like this:
+
+
+ ciphers:
+ - ECDHE-ECDSA-CHACHA20-POLY1305
+ - ECDHE-RSA-CHACHA20-POLY1305
+ - ECDHE-RSA-AES128-GCM-SHA256
+ - ECDHE-ECDSA-AES128-GCM-SHA256
+ minTLSVersion: VersionTLS11
+ nullable: true
+ properties:
+ ciphers:
+ description: |-
+ ciphers is used to specify the cipher algorithms that are negotiated
+ during the TLS handshake. Operators may remove entries their operands
+ do not support. For example, to use DES-CBC3-SHA (yaml):
+
+
+ ciphers:
+ - DES-CBC3-SHA
+ items:
+ type: string
+ type: array
+ minTLSVersion:
+ description: |-
+ minTLSVersion is used to specify the minimal version of the TLS protocol
+ that is negotiated during the TLS handshake. For example, to use TLS
+ versions 1.1, 1.2 and 1.3 (yaml):
+
+
+ minTLSVersion: VersionTLS11
+
+
+ NOTE: currently the highest minTLSVersion allowed is VersionTLS12
+ enum:
+ - VersionTLS10
+ - VersionTLS11
+ - VersionTLS12
+ - VersionTLS13
+ type: string
+ required:
+ - ciphers
+ - minTLSVersion
+ type: object
+ intermediate:
+ description: |-
+ intermediate is a TLS security profile based on:
+
+
+ https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29
+
+
+ and looks like this (yaml):
+
+
+ ciphers:
+ - TLS_AES_128_GCM_SHA256
+ - TLS_AES_256_GCM_SHA384
+ - TLS_CHACHA20_POLY1305_SHA256
+ - ECDHE-ECDSA-AES128-GCM-SHA256
+ - ECDHE-RSA-AES128-GCM-SHA256
+ - ECDHE-ECDSA-AES256-GCM-SHA384
+ - ECDHE-RSA-AES256-GCM-SHA384
+ - ECDHE-ECDSA-CHACHA20-POLY1305
+ - ECDHE-RSA-CHACHA20-POLY1305
+ - DHE-RSA-AES128-GCM-SHA256
+ - DHE-RSA-AES256-GCM-SHA384
+ minTLSVersion: VersionTLS12
+ nullable: true
+ type: object
+ modern:
+ description: |-
+ modern is a TLS security profile based on:
+
+
+ https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
+
+
+ and looks like this (yaml):
+
+
+ ciphers:
+ - TLS_AES_128_GCM_SHA256
+ - TLS_AES_256_GCM_SHA384
+ - TLS_CHACHA20_POLY1305_SHA256
+ minTLSVersion: VersionTLS13
+
+
+ NOTE: Currently unsupported.
+ nullable: true
+ type: object
+ old:
+ description: |-
+ old is a TLS security profile based on:
+
+
+ https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility
+
+
+ and looks like this (yaml):
+
+
+ ciphers:
+ - TLS_AES_128_GCM_SHA256
+ - TLS_AES_256_GCM_SHA384
+ - TLS_CHACHA20_POLY1305_SHA256
+ - ECDHE-ECDSA-AES128-GCM-SHA256
+ - ECDHE-RSA-AES128-GCM-SHA256
+ - ECDHE-ECDSA-AES256-GCM-SHA384
+ - ECDHE-RSA-AES256-GCM-SHA384
+ - ECDHE-ECDSA-CHACHA20-POLY1305
+ - ECDHE-RSA-CHACHA20-POLY1305
+ - DHE-RSA-AES128-GCM-SHA256
+ - DHE-RSA-AES256-GCM-SHA384
+ - DHE-RSA-CHACHA20-POLY1305
+ - ECDHE-ECDSA-AES128-SHA256
+ - ECDHE-RSA-AES128-SHA256
+ - ECDHE-ECDSA-AES128-SHA
+ - ECDHE-RSA-AES128-SHA
+ - ECDHE-ECDSA-AES256-SHA384
+ - ECDHE-RSA-AES256-SHA384
+ - ECDHE-ECDSA-AES256-SHA
+ - ECDHE-RSA-AES256-SHA
+ - DHE-RSA-AES128-SHA256
+ - DHE-RSA-AES256-SHA256
+ - AES128-GCM-SHA256
+ - AES256-GCM-SHA384
+ - AES128-SHA256
+ - AES256-SHA256
+ - AES128-SHA
+ - AES256-SHA
+ - DES-CBC3-SHA
+ minTLSVersion: VersionTLS10
+ nullable: true
+ type: object
+ type:
+ description: |-
+ type is one of Old, Intermediate, Modern or Custom. Custom provides
+ the ability to specify individual TLS security profile parameters.
+ Old, Intermediate and Modern are TLS security profiles based on:
+
+
+ https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations
+
+
+ The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers
+ are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be
+ reduced.
+
+
+ Note that the Modern profile is currently not supported because it is not
+ yet well adopted by common software libraries.
+ enum:
+ - Old
+ - Intermediate
+ - Modern
+ - Custom
+ type: string
+ type: object
+ uploadProxyURLOverride:
+ description: Override the URL used when uploading to a DataVolume
+ type: string
+ type: object
+ customizeComponents:
+ description: CustomizeComponents defines patches for components deployed
+ by the CDI operator.
+ properties:
+ flags:
+ description: Configure the value used for deployment and daemonset
+ resources
+ properties:
+ api:
+ additionalProperties:
+ type: string
+ type: object
+ controller:
+ additionalProperties:
+ type: string
+ type: object
+ uploadProxy:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ patches:
+ items:
+ description: CustomizeComponentsPatch defines a patch for some
+ resource.
+ properties:
+ patch:
+ type: string
+ resourceName:
+ minLength: 1
+ type: string
+ resourceType:
+ minLength: 1
+ type: string
+ type:
+ description: PatchType defines the patch type.
+ type: string
+ required:
+ - patch
+ - resourceName
+ - resourceType
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ imagePullPolicy:
+ description: PullPolicy describes a policy for if/when to pull a container
+ image
+ enum:
+ - Always
+ - IfNotPresent
+ - Never
+ type: string
+ infra:
+ description: Selectors and tolerations that should apply to cdi infrastructure
+ components
+ properties:
+ affinity:
+ description: |-
+ affinity enables pod affinity/anti-affinity placement expanding the types of constraints
+ that can be expressed with nodeSelector.
+ affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector
+ See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ apiServerReplicas:
+ description: ApiserverReplicas set Replicas for cdi-apiserver
+ format: int32
+ type: integer
+ deploymentReplicas:
+ description: DeploymentReplicas set Replicas for cdi-deployment
+ format: int32
+ type: integer
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to the relevant kind of pods
+ It specifies a map of key-value pairs: for the pod to be eligible to run on a node,
+ the node must have each of the indicated key-value pairs as labels
+ (it can have additional labels as well).
+ See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to the relevant kind of pods
+ See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.
+ These are additional tolerations other than default ones.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple <key,value,effect> using the matching operator <operator>.
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ uploadProxyReplicas:
+ description: UploadproxyReplicas set Replicas for cdi-uploadproxy
+ format: int32
+ type: integer
+ type: object
+ priorityClass:
+ description: PriorityClass of the CDI control plane
+ type: string
+ uninstallStrategy:
+ description: CDIUninstallStrategy defines the state to leave CDI on
+ uninstall
+ enum:
+ - RemoveWorkloads
+ - BlockUninstallIfWorkloadsExist
+ type: string
+ workload:
+ description: Restrict on which nodes CDI workload pods will be scheduled
+ properties:
+ affinity:
+ description: |-
+ affinity enables pod affinity/anti-affinity placement expanding the types of constraints
+ that can be expressed with nodeSelector.
+ affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector
+ See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to the relevant kind of pods
+ It specifies a map of key-value pairs: for the pod to be eligible to run on a node,
+ the node must have each of the indicated key-value pairs as labels
+ (it can have additional labels as well).
+ See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to the relevant kind of pods
+ See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.
+ These are additional tolerations other than default ones.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple <key,value,effect> using the matching operator <operator>.
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ status:
+ description: CDIStatus defines the status of the installation
+ properties:
+ conditions:
+ description: A list of current conditions of the resource
+ items:
+ description: |-
+ Condition represents the state of the operator's
+ reconciliation functionality.
+ properties:
+ lastHeartbeatTime:
+ format: date-time
+ type: string
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ description: ConditionType is the state of the operator's reconciliation
+ functionality.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedVersion:
+ description: The observed version of the resource
+ type: string
+ operatorVersion:
+ description: The version of the resource as defined by the operator
+ type: string
+ phase:
+ description: Phase is the current phase of the deployment
+ type: string
+ targetVersion:
+ description: The desired version of the resource
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ operator.cdi.kubevirt.io: ""
+ name: cdi-operator-cluster
+rules:
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterrolebindings
+ - clusterroles
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+- apiGroups:
+ - security.openshift.io
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - create
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ - customresourcedefinitions/status
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+- apiGroups:
+ - cdi.kubevirt.io
+ - upload.cdi.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - create
+ - list
+ - watch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resourceNames:
+ - cdi-api-dataimportcron-validate
+ - cdi-api-populator-validate
+ - cdi-api-datavolume-validate
+ - cdi-api-validate
+ - objecttransfer-api-validate
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - update
+ - delete
+- apiGroups:
+ - admissionregistration.k8s.io
+ resourceNames:
+ - cdi-api-datavolume-mutate
+ - cdi-api-pvc-mutate
+ resources:
+ - mutatingwebhookconfigurations
+ verbs:
+ - get
+ - update
+ - delete
+- apiGroups:
+ - apiregistration.k8s.io
+ resources:
+ - apiservices
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+- apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - volumesnapshots
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - datavolumes
+ verbs:
+ - list
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - datasources
+ verbs:
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - volumeclonesources
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - storageprofiles
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - cdis
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - cdiconfigs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - cdis/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+ - deletecollection
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumes
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims/finalizers
+ - pods/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - create
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ - csidrivers
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - config.openshift.io
+ resources:
+ - proxies
+ - infrastructures
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - config.openshift.io
+ resources:
+ - clusterversions
+ verbs:
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - volumesnapshots
+ - volumesnapshotclasses
+ - volumesnapshotcontents
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+- apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - volumesnapshots
+ verbs:
+ - update
+ - deletecollection
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - scheduling.k8s.io
+ resources:
+ - priorityclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - image.openshift.io
+ resources:
+ - imagestreams
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - forklift.cdi.kubevirt.io
+ resources:
+ - ovirtvolumepopulators
+ - openstackvolumepopulators
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - dataimportcrons
+ verbs:
+ - get
+ - list
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ operator.cdi.kubevirt.io: ""
+ name: cdi-operator
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cdi-operator-cluster
+subjects:
+- kind: ServiceAccount
+ name: cdi-operator
+ namespace: cdi
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ operator.cdi.kubevirt.io: ""
+ name: cdi-operator
+ namespace: cdi
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app: containerized-data-importer
+ app.kubernetes.io/component: storage
+ app.kubernetes.io/managed-by: cdi-operator
+ cdi.kubevirt.io: ""
+ name: cdi-operator
+ namespace: cdi
+rules:
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - rolebindings
+ - roles
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ - configmaps
+ - events
+ - secrets
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - deployments/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+- apiGroups:
+ - route.openshift.io
+ resources:
+ - routes
+ - routes/custom-host
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+- apiGroups:
+ - config.openshift.io
+ resources:
+ - proxies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - servicemonitors
+ - prometheusrules
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - update
+ - patch
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - create
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - batch
+ resources:
+ - cronjobs
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - deletecollection
+- apiGroups:
+ - batch
+ resources:
+ - jobs
+ verbs:
+ - create
+ - deletecollection
+ - list
+ - watch
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - create
+ - update
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - route.openshift.io
+ resources:
+ - routes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - services
+ - endpoints
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app: containerized-data-importer
+ app.kubernetes.io/component: storage
+ app.kubernetes.io/managed-by: cdi-operator
+ cdi.kubevirt.io: ""
+ name: cdi-operator
+ namespace: cdi
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: cdi-operator
+subjects:
+- kind: ServiceAccount
+ name: cdi-operator
+ namespace: cdi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ cdi.kubevirt.io: cdi-operator
+ name: cdi-operator
+ operator.cdi.kubevirt.io: ""
+ prometheus.cdi.kubevirt.io: "true"
+ name: cdi-operator
+ namespace: cdi
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ name: cdi-operator
+ operator.cdi.kubevirt.io: ""
+ strategy: {}
+ template:
+ metadata:
+ labels:
+ cdi.kubevirt.io: cdi-operator
+ name: cdi-operator
+ operator.cdi.kubevirt.io: ""
+ prometheus.cdi.kubevirt.io: "true"
+ spec:
+ affinity:
+ podAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: cdi.kubevirt.io
+ operator: In
+ values:
+ - cdi-operator
+ topologyKey: kubernetes.io/hostname
+ weight: 1
+ containers:
+ - env:
+ - name: DEPLOY_CLUSTER_RESOURCES
+ value: "true"
+ - name: OPERATOR_VERSION
+ value: v1.60.2
+ - name: CONTROLLER_IMAGE
+ value: quay.io/kubevirt/cdi-controller:v1.60.2
+ - name: IMPORTER_IMAGE
+ value: quay.io/kubevirt/cdi-importer:v1.60.2
+ - name: CLONER_IMAGE
+ value: quay.io/kubevirt/cdi-cloner:v1.60.2
+ - name: OVIRT_POPULATOR_IMAGE
+ value: quay.io/kubevirt/cdi-importer:v1.60.2
+ - name: APISERVER_IMAGE
+ value: quay.io/kubevirt/cdi-apiserver:v1.60.2
+ - name: UPLOAD_SERVER_IMAGE
+ value: quay.io/kubevirt/cdi-uploadserver:v1.60.2
+ - name: UPLOAD_PROXY_IMAGE
+ value: quay.io/kubevirt/cdi-uploadproxy:v1.60.2
+ - name: VERBOSITY
+ value: "1"
+ - name: PULL_POLICY
+ value: IfNotPresent
+ - name: MONITORING_NAMESPACE
+ image: quay.io/kubevirt/cdi-operator:v1.60.2
+ imagePullPolicy: IfNotPresent
+ name: cdi-operator
+ ports:
+ - containerPort: 8080
+ name: metrics
+ protocol: TCP
+ resources:
+ requests:
+ cpu: 100m
+ memory: 150Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ nodeSelector:
+ kubernetes.io/os: linux
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: cdi-operator
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
diff --git a/charts/kubevirt/templates/kubevirt-cr.yaml b/charts/kubevirt/templates/kubevirt-cr.yaml
new file mode 100644
index 0000000..32db65b
--- /dev/null
+++ b/charts/kubevirt/templates/kubevirt-cr.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: kubevirt.io/v1
+kind: KubeVirt
+metadata:
+ name: kubevirt
+ namespace: kubevirt
+spec:
+ certificateRotateStrategy: {}
+ configuration:
+ developerConfiguration:
+ featureGates: []
+ customizeComponents: {}
+ imagePullPolicy: IfNotPresent
+ workloadUpdateStrategy: {}
diff --git a/charts/kubevirt/templates/kubevirt-operator.yaml b/charts/kubevirt/templates/kubevirt-operator.yaml
new file mode 100644
index 0000000..381dc5b
--- /dev/null
+++ b/charts/kubevirt/templates/kubevirt-operator.yaml
@@ -0,0 +1,7958 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ kubevirt.io: ""
+ pod-security.kubernetes.io/enforce: "privileged"
+ name: kubevirt
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ operator.kubevirt.io: ""
+ name: kubevirts.kubevirt.io
+spec:
+ group: kubevirt.io
+ names:
+ categories:
+ - all
+ kind: KubeVirt
+ plural: kubevirts
+ shortNames:
+ - kv
+ - kvs
+ singular: kubevirt
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KubeVirt represents the object deploying all KubeVirt resources
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ certificateRotateStrategy:
+ properties:
+ selfSigned:
+ properties:
+ ca:
+ description: |-
+ CA configuration
+ CA certs are kept in the CA bundle as long as they are valid
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: |-
+ The amount of time before the currently issued certificate's "notAfter"
+ time that we will begin to attempt to renew the certificate.
+ type: string
+ type: object
+ caOverlapInterval:
+ description: Deprecated. Use CA.Duration and CA.RenewBefore
+ instead
+ type: string
+ caRotateInterval:
+ description: Deprecated. Use CA.Duration instead
+ type: string
+ certRotateInterval:
+ description: Deprecated. Use Server.Duration instead
+ type: string
+ server:
+ description: |-
+ Server configuration
+ Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: |-
+ The amount of time before the currently issued certificate's "notAfter"
+ time that we will begin to attempt to renew the certificate.
+ type: string
+ type: object
+ type: object
+ type: object
+ configuration:
+ description: |-
+ holds kubevirt configurations.
+ same as the virt-configMap
+ properties:
+ additionalGuestMemoryOverheadRatio:
+ description: |-
+ AdditionalGuestMemoryOverheadRatio can be used to increase the virtualization infrastructure
+ overhead. This is useful, since the calculation of this overhead is not accurate and cannot
+ be entirely known in advance. The ratio that is being set determines by which factor to increase
+ the overhead calculated by Kubevirt. A higher ratio means that the VMs would be less compromised
+ by node pressures, but would mean that fewer VMs could be scheduled to a node.
+ If not set, the default is 1.
+ type: string
+ apiConfiguration:
+ description: |-
+ ReloadableComponentConfiguration holds all generic k8s configuration options which can
+ be reloaded by components without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: |-
+ Maximum burst for throttle.
+ If it's zero, the component default will be used
+ type: integer
+ qps:
+ description: |-
+ QPS indicates the maximum QPS to the apiserver from this client.
+ If it's zero, the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ architectureConfiguration:
+ properties:
+ amd64:
+ properties:
+ emulatedMachines:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ machineType:
+ type: string
+ ovmfPath:
+ type: string
+ type: object
+ arm64:
+ properties:
+ emulatedMachines:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ machineType:
+ type: string
+ ovmfPath:
+ type: string
+ type: object
+ defaultArchitecture:
+ type: string
+ ppc64le:
+ properties:
+ emulatedMachines:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ machineType:
+ type: string
+ ovmfPath:
+ type: string
+ type: object
+ type: object
+ autoCPULimitNamespaceLabelSelector:
+ description: |-
+ When set, AutoCPULimitNamespaceLabelSelector will set a CPU limit on virt-launcher for VMIs running inside
+ namespaces that match the label selector.
+ The CPU limit will equal the number of requested vCPUs.
+ This setting does not apply to VMIs with dedicated CPUs.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ controllerConfiguration:
+ description: |-
+ ReloadableComponentConfiguration holds all generic k8s configuration options which can
+ be reloaded by components without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: |-
+ Maximum burst for throttle.
+ If it's zero, the component default will be used
+ type: integer
+ qps:
+ description: |-
+ QPS indicates the maximum QPS to the apiserver from this client.
+ If it's zero, the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ cpuModel:
+ type: string
+ cpuRequest:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ defaultRuntimeClass:
+ type: string
+ developerConfiguration:
+ description: DeveloperConfiguration holds developer options
+ properties:
+ cpuAllocationRatio:
+ description: |-
+ For each requested virtual CPU, CPUAllocationRatio defines how much physical CPU to request per VMI
+ from the hosting node. The value is in fraction of a CPU thread (or core on non-hyperthreaded nodes).
+ For example, a value of 1 means 1 physical CPU thread per VMI CPU thread.
+ A value of 100 would be 1% of a physical thread allocated for each requested VMI thread.
+ This option has no effect on VMIs that request dedicated CPUs. More information at:
+ https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio
+ Defaults to 10
+ type: integer
+ diskVerification:
+ description: DiskVerification holds container disks verification
+ limits
+ properties:
+ memoryLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - memoryLimit
+ type: object
+ featureGates:
+ description: FeatureGates is the list of experimental features
+ to enable. Defaults to none
+ items:
+ type: string
+ type: array
+ logVerbosity:
+ description: LogVerbosity sets log verbosity level of various
+ components
+ properties:
+ nodeVerbosity:
+ additionalProperties:
+ type: integer
+ description: NodeVerbosity represents a map of nodes with
+ a specific verbosity level
+ type: object
+ virtAPI:
+ type: integer
+ virtController:
+ type: integer
+ virtHandler:
+ type: integer
+ virtLauncher:
+ type: integer
+ virtOperator:
+ type: integer
+ type: object
+ memoryOvercommit:
+ description: |-
+ MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount
+ given to its parent pod (virt-launcher). For example, a value of 102 means the VMI will
+ "see" 2% more memory than its parent pod. Values under 100 are effectively "undercommits".
+ Overcommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully.
+ Defaults to 100
+ type: integer
+ minimumClusterTSCFrequency:
+ description: |-
+ Allow overriding the automatically determined minimum TSC frequency of the cluster
+ and fixate the minimum to this frequency.
+ format: int64
+ type: integer
+ minimumReservePVCBytes:
+ description: |-
+ MinimumReservePVCBytes is the amount of space, in bytes, to leave unused on disks.
+ Defaults to 131072 (128KiB)
+ format: int64
+ type: integer
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelectors allows restricting VMI creation to nodes that match a set of labels.
+ Defaults to none
+ type: object
+ pvcTolerateLessSpaceUpToPercent:
+ description: |-
+ LessPVCSpaceToleration determines how much smaller, in percentage, disk PVCs are
+ allowed to be compared to the requested size (to account for various overheads).
+ Defaults to 10
+ type: integer
+ useEmulation:
+ description: |-
+ UseEmulation can be set to true to allow fallback to software emulation
+ in case hardware-assisted emulation is not available. Defaults to false
+ type: boolean
+ type: object
+ emulatedMachines:
+ description: Deprecated. Use architectureConfiguration instead.
+ items:
+ type: string
+ type: array
+ evictionStrategy:
+ description: |-
+ EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be
+ migrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific
+ field is set it overrides the cluster level one.
+ type: string
+ handlerConfiguration:
+ description: |-
+ ReloadableComponentConfiguration holds all generic k8s configuration options which can
+ be reloaded by components without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: |-
+ Maximum burst for throttle.
+ If it's zero, the component default will be used
+ type: integer
+ qps:
+ description: |-
+ QPS indicates the maximum QPS to the apiserver from this client.
+ If it's zero, the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ imagePullPolicy:
+ description: PullPolicy describes a policy for if/when to pull
+ a container image
+ type: string
+ ksmConfiguration:
+ description: KSMConfiguration holds the information regarding
+ the enabling the KSM in the nodes (if available).
+ properties:
+ nodeLabelSelector:
+ description: |-
+ NodeLabelSelector is a selector that filters in which nodes the KSM will be enabled.
+ Empty NodeLabelSelector will enable ksm for every node.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ liveUpdateConfiguration:
+ description: LiveUpdateConfiguration holds defaults for live update
+ features
+ properties:
+ maxCpuSockets:
+ description: MaxCpuSockets holds the maximum amount of sockets
+ that can be hotplugged
+ format: int32
+ type: integer
+ maxGuest:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ MaxGuest defines the maximum amount memory that can be allocated
+ to the guest using hotplug.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ maxHotplugRatio:
+ description: |-
+ MaxHotplugRatio is the ratio used to define the max amount
+ of a hotplug resource that can be made available to a VM
+ when the specific Max* setting is not defined (MaxCpuSockets, MaxGuest)
+ Example: VM is configured with 512Mi of guest memory, if MaxGuest is not
+ defined and MaxHotplugRatio is 2 then MaxGuest = 1Gi
+ defaults to 4
+ format: int32
+ type: integer
+ type: object
+ machineType:
+ description: Deprecated. Use architectureConfiguration instead.
+ type: string
+ mediatedDevicesConfiguration:
+ description: MediatedDevicesConfiguration holds information about
+ MDEV types to be defined, if available
+ properties:
+ mediatedDeviceTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mediatedDevicesTypes:
+ description: Deprecated. Use mediatedDeviceTypes instead.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeMediatedDeviceTypes:
+ items:
+ description: NodeMediatedDeviceTypesConfig holds information
+ about MDEV types to be defined in a specific node that
+ matches the NodeSelector field.
+ properties:
+ mediatedDeviceTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mediatedDevicesTypes:
+ description: Deprecated. Use mediatedDeviceTypes instead.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the vmi to fit on a node.
+ Selector which must match a node's labels for the vmi to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ required:
+ - nodeSelector
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ memBalloonStatsPeriod:
+ format: int32
+ type: integer
+ migrations:
+ description: |-
+ MigrationConfiguration holds migration options.
+ Can be overridden for specific groups of VMs though migration policies.
+ Visit https://kubevirt.io/user-guide/operations/migration_policies/ for more information.
+ properties:
+ allowAutoConverge:
+ description: |-
+ AllowAutoConverge allows the platform to compromise performance/availability of VMIs to
+ guarantee successful VMI live migrations. Defaults to false
+ type: boolean
+ allowPostCopy:
+ description: |-
+ AllowPostCopy enables post-copy live migrations. Such migrations allow even the busiest VMIs
+ to successfully live-migrate. However, events like a network failure can cause a VMI crash.
+ If set to true, migrations will still start in pre-copy, but switch to post-copy when
+ CompletionTimeoutPerGiB triggers. Defaults to false
+ type: boolean
+ bandwidthPerMigration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ BandwidthPerMigration limits the amount of network bandwidth live migrations are allowed to use.
+ The value is in quantity per second. Defaults to 0 (no limit)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ completionTimeoutPerGiB:
+ description: |-
+ CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
+ If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
+ the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800
+ format: int64
+ type: integer
+ disableTLS:
+ description: |-
+ When set to true, DisableTLS will disable the additional layer of live migration encryption
+ provided by KubeVirt. This is usually a bad idea. Defaults to false
+ type: boolean
+ matchSELinuxLevelOnMigration:
+ description: |-
+ By default, the SELinux level of target virt-launcher pods is forced to the level of the source virt-launcher.
+ When set to true, MatchSELinuxLevelOnMigration lets the CRI auto-assign a random level to the target.
+ That will ensure the target virt-launcher doesn't share categories with another pod on the node.
+ However, migrations will fail when using RWX volumes that don't automatically deal with SELinux levels.
+ type: boolean
+ network:
+ description: |-
+ Network is the name of the CNI network to use for live migrations. By default, migrations go
+ through the pod network.
+ type: string
+ nodeDrainTaintKey:
+ description: |-
+ NodeDrainTaintKey defines the taint key that indicates a node should be drained.
+ Note: this option relies on the deprecated node taint feature. Default: kubevirt.io/drain
+ type: string
+ parallelMigrationsPerCluster:
+ description: |-
+ ParallelMigrationsPerCluster is the total number of concurrent live migrations
+ allowed cluster-wide. Defaults to 5
+ format: int32
+ type: integer
+ parallelOutboundMigrationsPerNode:
+ description: |-
+ ParallelOutboundMigrationsPerNode is the maximum number of concurrent outgoing live migrations
+ allowed per node. Defaults to 2
+ format: int32
+ type: integer
+ progressTimeout:
+ description: |-
+ ProgressTimeout is the maximum number of seconds a live migration is allowed to make no progress.
+ Hitting this timeout means a migration transferred 0 data for that many seconds. The migration is
+ then considered stuck and therefore cancelled. Defaults to 150
+ format: int64
+ type: integer
+ unsafeMigrationOverride:
+ description: |-
+ UnsafeMigrationOverride allows live migrations to occur even if the compatibility check
+ indicates the migration will be unsafe to the guest. Defaults to false
+ type: boolean
+ type: object
+ minCPUModel:
+ type: string
+ network:
+ description: NetworkConfiguration holds network options
+ properties:
+ binding:
+ additionalProperties:
+ properties:
+ computeResourceOverhead:
+ description: |-
+ ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding.
+ version: v1alphav1
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ domainAttachmentType:
+ description: |-
+ DomainAttachmentType is a standard domain network attachment method kubevirt supports.
+ Supported values: "tap".
+ The standard domain attachment can be used instead or in addition to the sidecarImage.
+ version: 1alphav1
+ type: string
+ downwardAPI:
+ description: |-
+ DownwardAPI specifies what kind of data should be exposed to the binding plugin sidecar.
+ Supported values: "device-info"
+ version: v1alphav1
+ type: string
+ migration:
+ description: |-
+ Migration means the VM using the plugin can be safely migrated
+ version: 1alphav1
+ properties:
+ method:
+ description: |-
+ Method defines a pre-defined migration methodology
+ version: 1alphav1
+ type: string
+ type: object
+ networkAttachmentDefinition:
+ description: |-
+ NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object.
+ Format: <name>, <namespace>/<name>.
+ If namespace is not specified, VMI namespace is assumed.
+ version: 1alphav1
+ type: string
+ sidecarImage:
+ description: |-
+ SidecarImage references a container image that runs in the virt-launcher pod.
+ The sidecar handles (libvirt) domain configuration and optional services.
+ version: 1alphav1
+ type: string
+ type: object
+ type: object
+ defaultNetworkInterface:
+ type: string
+ permitBridgeInterfaceOnPodNetwork:
+ type: boolean
+ permitSlirpInterface:
+ description: |-
+ DeprecatedPermitSlirpInterface is an alias for the deprecated PermitSlirpInterface.
+ Deprecated: Removed in v1.3.
+ type: boolean
+ type: object
+ obsoleteCPUModels:
+ additionalProperties:
+ type: boolean
+ type: object
+ ovmfPath:
+ description: Deprecated. Use architectureConfiguration instead.
+ type: string
+ permittedHostDevices:
+ description: PermittedHostDevices holds information about devices
+ allowed for passthrough
+ properties:
+ mediatedDevices:
+ items:
+ description: MediatedHostDevice represents a host mediated
+ device allowed for passthrough
+ properties:
+ externalResourceProvider:
+ type: boolean
+ mdevNameSelector:
+ type: string
+ resourceName:
+ type: string
+ required:
+ - mdevNameSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ pciHostDevices:
+ items:
+ description: PciHostDevice represents a host PCI device
+ allowed for passthrough
+ properties:
+ externalResourceProvider:
+ description: |-
+ If true, KubeVirt will leave the allocation and monitoring to an
+ external device plugin
+ type: boolean
+ pciVendorSelector:
+ description: The vendor_id:product_id tuple of the PCI
+ device
+ type: string
+ resourceName:
+ description: |-
+ The name of the resource that is representing the device. Exposed by
+ a device plugin and requested by VMs. Typically of the form
+ vendor.com/product_name
+ type: string
+ required:
+ - pciVendorSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ usb:
+ items:
+ properties:
+ externalResourceProvider:
+ description: |-
+ If true, KubeVirt will leave the allocation and monitoring to an
+ external device plugin
+ type: boolean
+ resourceName:
+ description: |-
+ Identifies the list of USB host devices.
+ e.g: kubevirt.io/storage, kubevirt.io/bootable-usb, etc
+ type: string
+ selectors:
+ items:
+ properties:
+ product:
+ type: string
+ vendor:
+ type: string
+ required:
+ - product
+ - vendor
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ seccompConfiguration:
+ description: SeccompConfiguration holds Seccomp configuration
+ for Kubevirt components
+ properties:
+ virtualMachineInstanceProfile:
+ description: VirtualMachineInstanceProfile defines what profile
+ should be used with virt-launcher. Defaults to none
+ properties:
+ customProfile:
+ description: CustomProfile allows to request arbitrary
+ profile for virt-launcher
+ properties:
+ localhostProfile:
+ type: string
+ runtimeDefaultProfile:
+ type: boolean
+ type: object
+ type: object
+ type: object
+ selinuxLauncherType:
+ type: string
+ smbios:
+ properties:
+ family:
+ type: string
+ manufacturer:
+ type: string
+ product:
+ type: string
+ sku:
+ type: string
+ version:
+ type: string
+ type: object
+ supportContainerResources:
+ description: SupportContainerResources specifies the resource
+ requirements for various types of supporting containers such
+ as container disks/virtiofs/sidecars and hotplug attachment
+ pods. If omitted a sensible default will be supplied.
+ items:
+ description: SupportContainerResources are used to specify the
+ cpu/memory request and limits for the containers that support
+ various features of Virtual Machines. These containers are
+ usually idle and don't require a lot of memory or cpu.
+ properties:
+ resources:
+ description: ResourceRequirements describes the compute
+ resource requirements.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ type:
+ type: string
+ required:
+ - resources
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ supportedGuestAgentVersions:
+ description: deprecated
+ items:
+ type: string
+ type: array
+ tlsConfiguration:
+ description: TLSConfiguration holds TLS options
+ properties:
+ ciphers:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ minTLSVersion:
+ description: |-
+ MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections.
+ Protocol versions are based on the following most common TLS configurations:
+
+
+ https://ssl-config.mozilla.org/
+
+
+ Note that SSLv3.0 is not a supported protocol version due to well known
+ vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE
+ enum:
+ - VersionTLS10
+ - VersionTLS11
+ - VersionTLS12
+ - VersionTLS13
+ type: string
+ type: object
+ virtualMachineInstancesPerNode:
+ type: integer
+ virtualMachineOptions:
+ description: VirtualMachineOptions holds the cluster level information
+ regarding the virtual machine.
+ properties:
+ disableFreePageReporting:
+ description: |-
+ DisableFreePageReporting disable the free page reporting of
+ memory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device.
+ This will have effect only if AutoattachMemBalloon is not false and the vmi is not
+ requesting any high performance feature (dedicatedCPU/realtime/hugePages), in which free page reporting is always disabled.
+ type: object
+ disableSerialConsoleLog:
+ description: |-
+ DisableSerialConsoleLog disables logging the auto-attached default serial console.
+ If not set, serial console logs will be written to a file and then streamed from a container named 'guest-console-log'.
+ The value can be individually overridden for each VM, not relevant if AutoattachSerialConsole is disabled.
+ type: object
+ type: object
+ vmRolloutStrategy:
+ description: VMRolloutStrategy defines how changes to a VM object
+ propagate to its VMI
+ enum:
+ - Stage
+ - LiveUpdate
+ nullable: true
+ type: string
+ vmStateStorageClass:
+ description: |-
+ VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM.
+ The storage class must support RWX in filesystem mode.
+ type: string
+ webhookConfiguration:
+ description: |-
+ ReloadableComponentConfiguration holds all generic k8s configuration options which can
+ be reloaded by components without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: |-
+ Maximum burst for throttle.
+ If it's zero, the component default will be used
+ type: integer
+ qps:
+ description: |-
+ QPS indicates the maximum QPS to the apiserver from this client.
+ If it's zero, the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ type: object
+ customizeComponents:
+ properties:
+ flags:
+ description: Configure the value used for deployment and daemonset
+ resources
+ properties:
+ api:
+ additionalProperties:
+ type: string
+ type: object
+ controller:
+ additionalProperties:
+ type: string
+ type: object
+ handler:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ patches:
+ items:
+ properties:
+ patch:
+ type: string
+ resourceName:
+ minLength: 1
+ type: string
+ resourceType:
+ minLength: 1
+ type: string
+ type:
+ type: string
+ required:
+ - patch
+ - resourceName
+ - resourceType
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ imagePullPolicy:
+ description: The ImagePullPolicy to use.
+ type: string
+ imagePullSecrets:
+ description: |-
+ The imagePullSecrets to pull the container images from
+ Defaults to none
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ imageRegistry:
+ description: |-
+ The image registry to pull the container images from
+ Defaults to the same registry the operator's container image is pulled from.
+ type: string
+ imageTag:
+ description: |-
+ The image tag to use for the continer images installed.
+ Defaults to the same tag as the operator's container image.
+ type: string
+ infra:
+ description: selectors and tolerations that should apply to KubeVirt
+ infrastructure components
+ properties:
+ nodePlacement:
+ description: |-
+ nodePlacement describes scheduling configuration for specific
+ KubeVirt components
+ properties:
+ affinity:
+ description: |-
+ affinity enables pod affinity/anti-affinity placement expanding the types of constraints
+ that can be expressed with nodeSelector.
+ affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector
+ See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to the relevant kind of pods
+ It specifies a map of key-value pairs: for the pod to be eligible to run on a node,
+ the node must have each of the indicated key-value pairs as labels
+ (it can have additional labels as well).
+ See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to the relevant kind of pods
+ See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.
+ These are additional tolerations other than default ones.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple <key,value,effect> using the matching operator <operator>.
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: |-
+ replicas indicates how many replicas should be created for each KubeVirt infrastructure
+ component (like virt-api or virt-controller). Defaults to 2.
+ WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution!
+ type: integer
+ type: object
+ monitorAccount:
+ description: |-
+ The name of the Prometheus service account that needs read-access to KubeVirt endpoints
+ Defaults to prometheus-k8s
+ type: string
+ monitorNamespace:
+ description: |-
+ The namespace Prometheus is deployed in
+ Defaults to openshift-monitor
+ type: string
+ productComponent:
+ description: |-
+ Designate the apps.kubevirt.io/component label for KubeVirt components.
+ Useful if KubeVirt is included as part of a product.
+ If ProductComponent is not specified, the component label default value is kubevirt.
+ type: string
+ productName:
+ description: |-
+ Designate the apps.kubevirt.io/part-of label for KubeVirt components.
+ Useful if KubeVirt is included as part of a product.
+ If ProductName is not specified, the part-of label will be omitted.
+ type: string
+ productVersion:
+ description: |-
+ Designate the apps.kubevirt.io/version label for KubeVirt components.
+ Useful if KubeVirt is included as part of a product.
+ If ProductVersion is not specified, KubeVirt's version will be used.
+ type: string
+ serviceMonitorNamespace:
+ description: |-
+ The namespace the service monitor will be deployed
+ When ServiceMonitorNamespace is set, then we'll install the service monitor object in that namespace
+ otherwise we will use the monitoring namespace.
+ type: string
+ uninstallStrategy:
+ description: |-
+ Specifies if kubevirt can be deleted if workloads are still present.
+ This is mainly a precaution to avoid accidental data loss
+ type: string
+ workloadUpdateStrategy:
+ description: |-
+ WorkloadUpdateStrategy defines at the cluster level how to handle
+ automated workload updates
+ properties:
+ batchEvictionInterval:
+ description: |-
+ BatchEvictionInterval Represents the interval to wait before issuing the next
+ batch of shutdowns
+
+
+ Defaults to 1 minute
+ type: string
+ batchEvictionSize:
+ description: |-
+ BatchEvictionSize Represents the number of VMIs that can be forced updated per
+ the BatchShutdownInteral interval
+
+
+ Defaults to 10
+ type: integer
+ workloadUpdateMethods:
+ description: |-
+ WorkloadUpdateMethods defines the methods that can be used to disrupt workloads
+ during automated workload updates.
+ When multiple methods are present, the least disruptive method takes
+ precedence over more disruptive methods. For example if both LiveMigrate and Shutdown
+ methods are listed, only VMs which are not live migratable will be restarted/shutdown
+
+
+ An empty list defaults to no automated workload updating
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ workloads:
+ description: selectors and tolerations that should apply to KubeVirt
+ workloads
+ properties:
+ nodePlacement:
+ description: |-
+ nodePlacement describes scheduling configuration for specific
+ KubeVirt components
+ properties:
+ affinity:
+ description: |-
+ affinity enables pod affinity/anti-affinity placement expanding the types of constraints
+ that can be expressed with nodeSelector.
+ affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector
+ See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to the relevant kind of pods
+ It specifies a map of key-value pairs: for the pod to be eligible to run on a node,
+ the node must have each of the indicated key-value pairs as labels
+ (it can have additional labels as well).
+ See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to the relevant kind of pods
+ See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.
+ These are additional tolerations other than default ones.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple <key,value,effect> using the matching operator <operator>.
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: |-
+ replicas indicates how many replicas should be created for each KubeVirt infrastructure
+ component (like virt-api or virt-controller). Defaults to 2.
+ WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution!
+ type: integer
+ type: object
+ type: object
+ status:
+ description: KubeVirtStatus represents information pertaining to a KubeVirt
+ deployment.
+ properties:
+ conditions:
+ items:
+ description: KubeVirtCondition represents a condition of a KubeVirt
+ deployment
+ properties:
+ lastProbeTime:
+ format: date-time
+ nullable: true
+ type: string
+ lastTransitionTime:
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ defaultArchitecture:
+ type: string
+ generations:
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - lastGeneration
+ - name
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedDeploymentConfig:
+ type: string
+ observedDeploymentID:
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ observedKubeVirtRegistry:
+ type: string
+ observedKubeVirtVersion:
+ type: string
+ operatorVersion:
+ type: string
+ outdatedVirtualMachineInstanceWorkloads:
+ type: integer
+ phase:
+ description: KubeVirtPhase is a label for the phase of a KubeVirt
+ deployment at the current time.
+ type: string
+ targetDeploymentConfig:
+ type: string
+ targetDeploymentID:
+ type: string
+ targetKubeVirtRegistry:
+ type: string
+ targetKubeVirtVersion:
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ deprecated: true
+ deprecationWarning: kubevirt.io/v1alpha3 is now deprecated and will be removed
+ in a future release.
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: KubeVirt represents the object deploying all KubeVirt resources
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ certificateRotateStrategy:
+ properties:
+ selfSigned:
+ properties:
+ ca:
+ description: |-
+ CA configuration
+ CA certs are kept in the CA bundle as long as they are valid
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: |-
+ The amount of time before the currently issued certificate's "notAfter"
+ time that we will begin to attempt to renew the certificate.
+ type: string
+ type: object
+ caOverlapInterval:
+ description: Deprecated. Use CA.Duration and CA.RenewBefore
+ instead
+ type: string
+ caRotateInterval:
+ description: Deprecated. Use CA.Duration instead
+ type: string
+ certRotateInterval:
+ description: Deprecated. Use Server.Duration instead
+ type: string
+ server:
+ description: |-
+ Server configuration
+ Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: |-
+ The amount of time before the currently issued certificate's "notAfter"
+ time that we will begin to attempt to renew the certificate.
+ type: string
+ type: object
+ type: object
+ type: object
+ configuration:
+ description: |-
+ holds kubevirt configurations.
+ same as the virt-configMap
+ properties:
+ additionalGuestMemoryOverheadRatio:
+ description: |-
+ AdditionalGuestMemoryOverheadRatio can be used to increase the virtualization infrastructure
+ overhead. This is useful, since the calculation of this overhead is not accurate and cannot
+ be entirely known in advance. The ratio that is being set determines by which factor to increase
+ the overhead calculated by Kubevirt. A higher ratio means that the VMs would be less compromised
+ by node pressures, but would mean that fewer VMs could be scheduled to a node.
+ If not set, the default is 1.
+ type: string
+ apiConfiguration:
+ description: |-
+ ReloadableComponentConfiguration holds all generic k8s configuration options which can
+ be reloaded by components without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: |-
+ Maximum burst for throttle.
+ If it's zero, the component default will be used
+ type: integer
+ qps:
+ description: |-
+ QPS indicates the maximum QPS to the apiserver from this client.
+ If it's zero, the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ architectureConfiguration:
+ properties:
+ amd64:
+ properties:
+ emulatedMachines:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ machineType:
+ type: string
+ ovmfPath:
+ type: string
+ type: object
+ arm64:
+ properties:
+ emulatedMachines:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ machineType:
+ type: string
+ ovmfPath:
+ type: string
+ type: object
+ defaultArchitecture:
+ type: string
+ ppc64le:
+ properties:
+ emulatedMachines:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ machineType:
+ type: string
+ ovmfPath:
+ type: string
+ type: object
+ type: object
+ autoCPULimitNamespaceLabelSelector:
+ description: |-
+ When set, AutoCPULimitNamespaceLabelSelector will set a CPU limit on virt-launcher for VMIs running inside
+ namespaces that match the label selector.
+ The CPU limit will equal the number of requested vCPUs.
+ This setting does not apply to VMIs with dedicated CPUs.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ controllerConfiguration:
+ description: |-
+ ReloadableComponentConfiguration holds all generic k8s configuration options which can
+ be reloaded by components without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: |-
+ Maximum burst for throttle.
+ If it's zero, the component default will be used
+ type: integer
+ qps:
+ description: |-
+ QPS indicates the maximum QPS to the apiserver from this client.
+ If it's zero, the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ cpuModel:
+ type: string
+ cpuRequest:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ defaultRuntimeClass:
+ type: string
+ developerConfiguration:
+ description: DeveloperConfiguration holds developer options
+ properties:
+ cpuAllocationRatio:
+ description: |-
+ For each requested virtual CPU, CPUAllocationRatio defines how much physical CPU to request per VMI
+ from the hosting node. The value is in fraction of a CPU thread (or core on non-hyperthreaded nodes).
+ For example, a value of 1 means 1 physical CPU thread per VMI CPU thread.
+ A value of 100 would be 1% of a physical thread allocated for each requested VMI thread.
+ This option has no effect on VMIs that request dedicated CPUs. More information at:
+ https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio
+ Defaults to 10
+ type: integer
+ diskVerification:
+ description: DiskVerification holds container disks verification
+ limits
+ properties:
+ memoryLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - memoryLimit
+ type: object
+ featureGates:
+ description: FeatureGates is the list of experimental features
+ to enable. Defaults to none
+ items:
+ type: string
+ type: array
+ logVerbosity:
+ description: LogVerbosity sets log verbosity level of various
+ components
+ properties:
+ nodeVerbosity:
+ additionalProperties:
+ type: integer
+ description: NodeVerbosity represents a map of nodes with
+ a specific verbosity level
+ type: object
+ virtAPI:
+ type: integer
+ virtController:
+ type: integer
+ virtHandler:
+ type: integer
+ virtLauncher:
+ type: integer
+ virtOperator:
+ type: integer
+ type: object
+ memoryOvercommit:
+ description: |-
+ MemoryOvercommit is the percentage of memory we want to give VMIs compared to the amount
+ given to its parent pod (virt-launcher). For example, a value of 102 means the VMI will
+ "see" 2% more memory than its parent pod. Values under 100 are effectively "undercommits".
+ Overcommits can lead to memory exhaustion, which in turn can lead to crashes. Use carefully.
+ Defaults to 100
+ type: integer
+ minimumClusterTSCFrequency:
+ description: |-
+ Allow overriding the automatically determined minimum TSC frequency of the cluster
+ and fixate the minimum to this frequency.
+ format: int64
+ type: integer
+ minimumReservePVCBytes:
+ description: |-
+ MinimumReservePVCBytes is the amount of space, in bytes, to leave unused on disks.
+ Defaults to 131072 (128KiB)
+ format: int64
+ type: integer
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelectors allows restricting VMI creation to nodes that match a set of labels.
+ Defaults to none
+ type: object
+ pvcTolerateLessSpaceUpToPercent:
+ description: |-
+ LessPVCSpaceToleration determines how much smaller, in percentage, disk PVCs are
+ allowed to be compared to the requested size (to account for various overheads).
+ Defaults to 10
+ type: integer
+ useEmulation:
+ description: |-
+ UseEmulation can be set to true to allow fallback to software emulation
+ in case hardware-assisted emulation is not available. Defaults to false
+ type: boolean
+ type: object
+ emulatedMachines:
+ description: Deprecated. Use architectureConfiguration instead.
+ items:
+ type: string
+ type: array
+ evictionStrategy:
+ description: |-
+ EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be
+ migrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific
+ field is set it overrides the cluster level one.
+ type: string
+ handlerConfiguration:
+ description: |-
+ ReloadableComponentConfiguration holds all generic k8s configuration options which can
+ be reloaded by components without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: |-
+ Maximum burst for throttle.
+ If it's zero, the component default will be used
+ type: integer
+ qps:
+ description: |-
+ QPS indicates the maximum QPS to the apiserver from this client.
+ If it's zero, the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ imagePullPolicy:
+ description: PullPolicy describes a policy for if/when to pull
+ a container image
+ type: string
+ ksmConfiguration:
+ description: KSMConfiguration holds the information regarding
+ the enabling the KSM in the nodes (if available).
+ properties:
+ nodeLabelSelector:
+ description: |-
+ NodeLabelSelector is a selector that filters in which nodes the KSM will be enabled.
+ Empty NodeLabelSelector will enable ksm for every node.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ liveUpdateConfiguration:
+ description: LiveUpdateConfiguration holds defaults for live update
+ features
+ properties:
+ maxCpuSockets:
+ description: MaxCpuSockets holds the maximum amount of sockets
+ that can be hotplugged
+ format: int32
+ type: integer
+ maxGuest:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ MaxGuest defines the maximum amount memory that can be allocated
+ to the guest using hotplug.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ maxHotplugRatio:
+ description: |-
+ MaxHotplugRatio is the ratio used to define the max amount
+ of a hotplug resource that can be made available to a VM
+ when the specific Max* setting is not defined (MaxCpuSockets, MaxGuest)
+ Example: VM is configured with 512Mi of guest memory, if MaxGuest is not
+ defined and MaxHotplugRatio is 2 then MaxGuest = 1Gi
+ defaults to 4
+ format: int32
+ type: integer
+ type: object
+ machineType:
+ description: Deprecated. Use architectureConfiguration instead.
+ type: string
+ mediatedDevicesConfiguration:
+ description: MediatedDevicesConfiguration holds information about
+ MDEV types to be defined, if available
+ properties:
+ mediatedDeviceTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mediatedDevicesTypes:
+ description: Deprecated. Use mediatedDeviceTypes instead.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeMediatedDeviceTypes:
+ items:
+ description: NodeMediatedDeviceTypesConfig holds information
+ about MDEV types to be defined in a specific node that
+ matches the NodeSelector field.
+ properties:
+ mediatedDeviceTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mediatedDevicesTypes:
+ description: Deprecated. Use mediatedDeviceTypes instead.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the vmi to fit on a node.
+ Selector which must match a node's labels for the vmi to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ required:
+ - nodeSelector
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ memBalloonStatsPeriod:
+ format: int32
+ type: integer
+ migrations:
+ description: |-
+ MigrationConfiguration holds migration options.
+ Can be overridden for specific groups of VMs though migration policies.
+ Visit https://kubevirt.io/user-guide/operations/migration_policies/ for more information.
+ properties:
+ allowAutoConverge:
+ description: |-
+ AllowAutoConverge allows the platform to compromise performance/availability of VMIs to
+ guarantee successful VMI live migrations. Defaults to false
+ type: boolean
+ allowPostCopy:
+ description: |-
+ AllowPostCopy enables post-copy live migrations. Such migrations allow even the busiest VMIs
+ to successfully live-migrate. However, events like a network failure can cause a VMI crash.
+ If set to true, migrations will still start in pre-copy, but switch to post-copy when
+ CompletionTimeoutPerGiB triggers. Defaults to false
+ type: boolean
+ bandwidthPerMigration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ BandwidthPerMigration limits the amount of network bandwidth live migrations are allowed to use.
+ The value is in quantity per second. Defaults to 0 (no limit)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ completionTimeoutPerGiB:
+ description: |-
+ CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
+ If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
+ the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800
+ format: int64
+ type: integer
+ disableTLS:
+ description: |-
+ When set to true, DisableTLS will disable the additional layer of live migration encryption
+ provided by KubeVirt. This is usually a bad idea. Defaults to false
+ type: boolean
+ matchSELinuxLevelOnMigration:
+ description: |-
+ By default, the SELinux level of target virt-launcher pods is forced to the level of the source virt-launcher.
+ When set to true, MatchSELinuxLevelOnMigration lets the CRI auto-assign a random level to the target.
+ That will ensure the target virt-launcher doesn't share categories with another pod on the node.
+ However, migrations will fail when using RWX volumes that don't automatically deal with SELinux levels.
+ type: boolean
+ network:
+ description: |-
+ Network is the name of the CNI network to use for live migrations. By default, migrations go
+ through the pod network.
+ type: string
+ nodeDrainTaintKey:
+ description: |-
+ NodeDrainTaintKey defines the taint key that indicates a node should be drained.
+ Note: this option relies on the deprecated node taint feature. Default: kubevirt.io/drain
+ type: string
+ parallelMigrationsPerCluster:
+ description: |-
+ ParallelMigrationsPerCluster is the total number of concurrent live migrations
+ allowed cluster-wide. Defaults to 5
+ format: int32
+ type: integer
+ parallelOutboundMigrationsPerNode:
+ description: |-
+ ParallelOutboundMigrationsPerNode is the maximum number of concurrent outgoing live migrations
+ allowed per node. Defaults to 2
+ format: int32
+ type: integer
+ progressTimeout:
+ description: |-
+ ProgressTimeout is the maximum number of seconds a live migration is allowed to make no progress.
+ Hitting this timeout means a migration transferred 0 data for that many seconds. The migration is
+ then considered stuck and therefore cancelled. Defaults to 150
+ format: int64
+ type: integer
+ unsafeMigrationOverride:
+ description: |-
+ UnsafeMigrationOverride allows live migrations to occur even if the compatibility check
+ indicates the migration will be unsafe to the guest. Defaults to false
+ type: boolean
+ type: object
+ minCPUModel:
+ type: string
+ network:
+ description: NetworkConfiguration holds network options
+ properties:
+ binding:
+ additionalProperties:
+ properties:
+ computeResourceOverhead:
+ description: |-
+ ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding.
+ version: v1alphav1
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ domainAttachmentType:
+ description: |-
+ DomainAttachmentType is a standard domain network attachment method kubevirt supports.
+ Supported values: "tap".
+ The standard domain attachment can be used instead or in addition to the sidecarImage.
+ version: 1alphav1
+ type: string
+ downwardAPI:
+ description: |-
+ DownwardAPI specifies what kind of data should be exposed to the binding plugin sidecar.
+ Supported values: "device-info"
+ version: v1alphav1
+ type: string
+ migration:
+ description: |-
+ Migration means the VM using the plugin can be safely migrated
+ version: 1alphav1
+ properties:
+ method:
+ description: |-
+ Method defines a pre-defined migration methodology
+ version: 1alphav1
+ type: string
+ type: object
+ networkAttachmentDefinition:
+ description: |-
+ NetworkAttachmentDefinition references to a NetworkAttachmentDefinition CR object.
+ Format: <name>, <namespace>/<name>.
+ If namespace is not specified, VMI namespace is assumed.
+ version: 1alphav1
+ type: string
+ sidecarImage:
+ description: |-
+ SidecarImage references a container image that runs in the virt-launcher pod.
+ The sidecar handles (libvirt) domain configuration and optional services.
+ version: 1alphav1
+ type: string
+ type: object
+ type: object
+ defaultNetworkInterface:
+ type: string
+ permitBridgeInterfaceOnPodNetwork:
+ type: boolean
+ permitSlirpInterface:
+ description: |-
+ DeprecatedPermitSlirpInterface is an alias for the deprecated PermitSlirpInterface.
+ Deprecated: Removed in v1.3.
+ type: boolean
+ type: object
+ obsoleteCPUModels:
+ additionalProperties:
+ type: boolean
+ type: object
+ ovmfPath:
+ description: Deprecated. Use architectureConfiguration instead.
+ type: string
+ permittedHostDevices:
+ description: PermittedHostDevices holds information about devices
+ allowed for passthrough
+ properties:
+ mediatedDevices:
+ items:
+ description: MediatedHostDevice represents a host mediated
+ device allowed for passthrough
+ properties:
+ externalResourceProvider:
+ type: boolean
+ mdevNameSelector:
+ type: string
+ resourceName:
+ type: string
+ required:
+ - mdevNameSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ pciHostDevices:
+ items:
+ description: PciHostDevice represents a host PCI device
+ allowed for passthrough
+ properties:
+ externalResourceProvider:
+ description: |-
+ If true, KubeVirt will leave the allocation and monitoring to an
+ external device plugin
+ type: boolean
+ pciVendorSelector:
+ description: The vendor_id:product_id tuple of the PCI
+ device
+ type: string
+ resourceName:
+ description: |-
+ The name of the resource that is representing the device. Exposed by
+ a device plugin and requested by VMs. Typically of the form
+ vendor.com/product_name
+ type: string
+ required:
+ - pciVendorSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ usb:
+ items:
+ properties:
+ externalResourceProvider:
+ description: |-
+ If true, KubeVirt will leave the allocation and monitoring to an
+ external device plugin
+ type: boolean
+ resourceName:
+ description: |-
+ Identifies the list of USB host devices.
+ e.g: kubevirt.io/storage, kubevirt.io/bootable-usb, etc
+ type: string
+ selectors:
+ items:
+ properties:
+ product:
+ type: string
+ vendor:
+ type: string
+ required:
+ - product
+ - vendor
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ seccompConfiguration:
+ description: SeccompConfiguration holds Seccomp configuration
+ for Kubevirt components
+ properties:
+ virtualMachineInstanceProfile:
+ description: VirtualMachineInstanceProfile defines what profile
+ should be used with virt-launcher. Defaults to none
+ properties:
+ customProfile:
+ description: CustomProfile allows to request arbitrary
+ profile for virt-launcher
+ properties:
+ localhostProfile:
+ type: string
+ runtimeDefaultProfile:
+ type: boolean
+ type: object
+ type: object
+ type: object
+ selinuxLauncherType:
+ type: string
+ smbios:
+ properties:
+ family:
+ type: string
+ manufacturer:
+ type: string
+ product:
+ type: string
+ sku:
+ type: string
+ version:
+ type: string
+ type: object
+ supportContainerResources:
+ description: SupportContainerResources specifies the resource
+ requirements for various types of supporting containers such
+ as container disks/virtiofs/sidecars and hotplug attachment
+ pods. If omitted a sensible default will be supplied.
+ items:
+ description: SupportContainerResources are used to specify the
+ cpu/memory request and limits for the containers that support
+ various features of Virtual Machines. These containers are
+ usually idle and don't require a lot of memory or cpu.
+ properties:
+ resources:
+ description: ResourceRequirements describes the compute
+ resource requirements.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ type:
+ type: string
+ required:
+ - resources
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ supportedGuestAgentVersions:
+ description: deprecated
+ items:
+ type: string
+ type: array
+ tlsConfiguration:
+ description: TLSConfiguration holds TLS options
+ properties:
+ ciphers:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ minTLSVersion:
+ description: |-
+ MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections.
+ Protocol versions are based on the following most common TLS configurations:
+
+
+ https://ssl-config.mozilla.org/
+
+
+ Note that SSLv3.0 is not a supported protocol version due to well known
+ vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE
+ enum:
+ - VersionTLS10
+ - VersionTLS11
+ - VersionTLS12
+ - VersionTLS13
+ type: string
+ type: object
+ virtualMachineInstancesPerNode:
+ type: integer
+ virtualMachineOptions:
+ description: VirtualMachineOptions holds the cluster level information
+ regarding the virtual machine.
+ properties:
+ disableFreePageReporting:
+ description: |-
+ DisableFreePageReporting disable the free page reporting of
+ memory balloon device https://libvirt.org/formatdomain.html#memory-balloon-device.
+ This will have effect only if AutoattachMemBalloon is not false and the vmi is not
+ requesting any high performance feature (dedicatedCPU/realtime/hugePages), in which free page reporting is always disabled.
+ type: object
+ disableSerialConsoleLog:
+ description: |-
+ DisableSerialConsoleLog disables logging the auto-attached default serial console.
+ If not set, serial console logs will be written to a file and then streamed from a container named 'guest-console-log'.
+ The value can be individually overridden for each VM, not relevant if AutoattachSerialConsole is disabled.
+ type: object
+ type: object
+ vmRolloutStrategy:
+ description: VMRolloutStrategy defines how changes to a VM object
+ propagate to its VMI
+ enum:
+ - Stage
+ - LiveUpdate
+ nullable: true
+ type: string
+ vmStateStorageClass:
+ description: |-
+ VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM.
+ The storage class must support RWX in filesystem mode.
+ type: string
+ webhookConfiguration:
+ description: |-
+ ReloadableComponentConfiguration holds all generic k8s configuration options which can
+ be reloaded by components without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: |-
+ Maximum burst for throttle.
+ If it's zero, the component default will be used
+ type: integer
+ qps:
+ description: |-
+ QPS indicates the maximum QPS to the apiserver from this client.
+ If it's zero, the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ type: object
+ customizeComponents:
+ properties:
+ flags:
+ description: Configure the value used for deployment and daemonset
+ resources
+ properties:
+ api:
+ additionalProperties:
+ type: string
+ type: object
+ controller:
+ additionalProperties:
+ type: string
+ type: object
+ handler:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ patches:
+ items:
+ properties:
+ patch:
+ type: string
+ resourceName:
+ minLength: 1
+ type: string
+ resourceType:
+ minLength: 1
+ type: string
+ type:
+ type: string
+ required:
+ - patch
+ - resourceName
+ - resourceType
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ imagePullPolicy:
+ description: The ImagePullPolicy to use.
+ type: string
+ imagePullSecrets:
+ description: |-
+ The imagePullSecrets to pull the container images from
+ Defaults to none
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ imageRegistry:
+ description: |-
+ The image registry to pull the container images from
+ Defaults to the same registry the operator's container image is pulled from.
+ type: string
+ imageTag:
+ description: |-
+ The image tag to use for the continer images installed.
+ Defaults to the same tag as the operator's container image.
+ type: string
+ infra:
+ description: selectors and tolerations that should apply to KubeVirt
+ infrastructure components
+ properties:
+ nodePlacement:
+ description: |-
+ nodePlacement describes scheduling configuration for specific
+ KubeVirt components
+ properties:
+ affinity:
+ description: |-
+ affinity enables pod affinity/anti-affinity placement expanding the types of constraints
+ that can be expressed with nodeSelector.
+ affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector
+ See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to the relevant kind of pods
+ It specifies a map of key-value pairs: for the pod to be eligible to run on a node,
+ the node must have each of the indicated key-value pairs as labels
+ (it can have additional labels as well).
+ See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to the relevant kind of pods
+ See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.
+ These are additional tolerations other than default ones.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple <key,value,effect> using the matching operator <operator>.
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: |-
+ replicas indicates how many replicas should be created for each KubeVirt infrastructure
+ component (like virt-api or virt-controller). Defaults to 2.
+ WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution!
+ type: integer
+ type: object
+ monitorAccount:
+ description: |-
+ The name of the Prometheus service account that needs read-access to KubeVirt endpoints
+ Defaults to prometheus-k8s
+ type: string
+ monitorNamespace:
+ description: |-
+ The namespace Prometheus is deployed in
+ Defaults to openshift-monitor
+ type: string
+ productComponent:
+ description: |-
+ Designate the apps.kubevirt.io/component label for KubeVirt components.
+ Useful if KubeVirt is included as part of a product.
+ If ProductComponent is not specified, the component label default value is kubevirt.
+ type: string
+ productName:
+ description: |-
+ Designate the apps.kubevirt.io/part-of label for KubeVirt components.
+ Useful if KubeVirt is included as part of a product.
+ If ProductName is not specified, the part-of label will be omitted.
+ type: string
+ productVersion:
+ description: |-
+ Designate the apps.kubevirt.io/version label for KubeVirt components.
+ Useful if KubeVirt is included as part of a product.
+ If ProductVersion is not specified, KubeVirt's version will be used.
+ type: string
+ serviceMonitorNamespace:
+ description: |-
+ The namespace the service monitor will be deployed
+ When ServiceMonitorNamespace is set, then we'll install the service monitor object in that namespace
+ otherwise we will use the monitoring namespace.
+ type: string
+ uninstallStrategy:
+ description: |-
+ Specifies if kubevirt can be deleted if workloads are still present.
+ This is mainly a precaution to avoid accidental data loss
+ type: string
+ workloadUpdateStrategy:
+ description: |-
+ WorkloadUpdateStrategy defines at the cluster level how to handle
+ automated workload updates
+ properties:
+ batchEvictionInterval:
+ description: |-
+ BatchEvictionInterval Represents the interval to wait before issuing the next
+ batch of shutdowns
+
+
+ Defaults to 1 minute
+ type: string
+ batchEvictionSize:
+ description: |-
+ BatchEvictionSize Represents the number of VMIs that can be forced updated per
+ the BatchShutdownInteral interval
+
+
+ Defaults to 10
+ type: integer
+ workloadUpdateMethods:
+ description: |-
+ WorkloadUpdateMethods defines the methods that can be used to disrupt workloads
+ during automated workload updates.
+ When multiple methods are present, the least disruptive method takes
+ precedence over more disruptive methods. For example if both LiveMigrate and Shutdown
+ methods are listed, only VMs which are not live migratable will be restarted/shutdown
+
+
+ An empty list defaults to no automated workload updating
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ workloads:
+ description: selectors and tolerations that should apply to KubeVirt
+ workloads
+ properties:
+ nodePlacement:
+ description: |-
+ nodePlacement describes scheduling configuration for specific
+ KubeVirt components
+ properties:
+ affinity:
+ description: |-
+ affinity enables pod affinity/anti-affinity placement expanding the types of constraints
+ that can be expressed with nodeSelector.
+ affinity is going to be applied to the relevant kind of pods in parallel with nodeSelector
+ See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key <topologyKey> matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeSelector is the node selector applied to the relevant kind of pods
+ It specifies a map of key-value pairs: for the pod to be eligible to run on a node,
+ the node must have each of the indicated key-value pairs as labels
+ (it can have additional labels as well).
+ See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ type: object
+ tolerations:
+ description: |-
+ tolerations is a list of tolerations applied to the relevant kind of pods
+ See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ for more info.
+ These are additional tolerations other than default ones.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple <key,value,effect> using the matching operator <operator>.
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: |-
+ replicas indicates how many replicas should be created for each KubeVirt infrastructure
+ component (like virt-api or virt-controller). Defaults to 2.
+ WARNING: this is an advanced feature that prevents auto-scaling for core kubevirt components. Please use with caution!
+ type: integer
+ type: object
+ type: object
+ status:
+ description: KubeVirtStatus represents information pertaining to a KubeVirt
+ deployment.
+ properties:
+ conditions:
+ items:
+ description: KubeVirtCondition represents a condition of a KubeVirt
+ deployment
+ properties:
+ lastProbeTime:
+ format: date-time
+ nullable: true
+ type: string
+ lastTransitionTime:
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ defaultArchitecture:
+ type: string
+ generations:
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - lastGeneration
+ - name
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedDeploymentConfig:
+ type: string
+ observedDeploymentID:
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ observedKubeVirtRegistry:
+ type: string
+ observedKubeVirtVersion:
+ type: string
+ operatorVersion:
+ type: string
+ outdatedVirtualMachineInstanceWorkloads:
+ type: integer
+ phase:
+ description: KubeVirtPhase is a label for the phase of a KubeVirt
+ deployment at the current time.
+ type: string
+ targetDeploymentConfig:
+ type: string
+ targetDeploymentID:
+ type: string
+ targetKubeVirtRegistry:
+ type: string
+ targetKubeVirtVersion:
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+ name: kubevirt-cluster-critical
+value: 1000000000
+globalDefault: false
+description: "This priority class should be used for core kubevirt components only."
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: kubevirt.io:operator
+ labels:
+ operator.kubevirt.io: ""
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+ - apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+ namespace: kubevirt
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+ namespace: kubevirt
+rules:
+- apiGroups:
+ - ""
+ resourceNames:
+ - kubevirt-ca
+ - kubevirt-export-ca
+ - kubevirt-virt-handler-certs
+ - kubevirt-virt-handler-server-certs
+ - kubevirt-operator-certs
+ - kubevirt-virt-api-certs
+ - kubevirt-controller-certs
+ - kubevirt-exportproxy-certs
+ resources:
+ - secrets
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+ - delete
+- apiGroups:
+ - route.openshift.io
+ resources:
+ - routes
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+ - delete
+- apiGroups:
+ - route.openshift.io
+ resources:
+ - routes/custom-host
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+ - update
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - route.openshift.io
+ resources:
+ - routes
+ verbs:
+ - list
+ - get
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - list
+ - get
+ - watch
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs:
+ - list
+ - get
+ - watch
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+ - update
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resourceNames:
+ - kubevirt-export-ca
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator-rolebinding
+ namespace: kubevirt
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kubevirt-operator
+subjects:
+- kind: ServiceAccount
+ name: kubevirt-operator
+ namespace: kubevirt
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+rules:
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+ - update
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ - services
+ - endpoints
+ - pods/exec
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - patch
+ - delete
+- apiGroups:
+ - batch
+ resources:
+ - jobs
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ verbs:
+ - watch
+ - list
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - daemonsets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterroles
+ - clusterrolebindings
+ - roles
+ - rolebindings
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+ - update
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - security.openshift.io
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+- apiGroups:
+ - security.openshift.io
+ resourceNames:
+ - privileged
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - security.openshift.io
+ resourceNames:
+ - kubevirt-handler
+ - kubevirt-controller
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - delete
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ - validatingadmissionpolicybindings
+ - validatingadmissionpolicies
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - update
+ - patch
+- apiGroups:
+ - apiregistration.k8s.io
+ resources:
+ - apiservices
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - update
+ - patch
+- apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - servicemonitors
+ - prometheusrules
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - update
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - delete
+ - patch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines/status
+ verbs:
+ - patch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachineinstancemigrations
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachineinstancepresets
+ verbs:
+ - watch
+ - list
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - limitranges
+ verbs:
+ - watch
+ - list
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinerestores
+ - virtualmachinesnapshotcontents
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - datasources
+ - datavolumes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - instancetype.kubevirt.io
+ resources:
+ - virtualmachineinstancetypes
+ - virtualmachineclusterinstancetypes
+ - virtualmachinepreferences
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ verbs:
+ - create
+ - list
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - configmaps
+ - endpoints
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+ - update
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - update
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - pods/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods/eviction
+ verbs:
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - pods/status
+ verbs:
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+- apiGroups:
+ - apps
+ resources:
+ - daemonsets
+ verbs:
+ - list
+- apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ verbs:
+ - watch
+ - list
+ - create
+ - delete
+ - get
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+ - patch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - export.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ - virtualmachinepools/finalizers
+ - virtualmachinepools/status
+ - virtualmachinepools/scale
+ verbs:
+ - watch
+ - list
+ - create
+ - delete
+ - update
+ - patch
+ - get
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/addvolume
+ - virtualmachineinstances/removevolume
+ - virtualmachineinstances/freeze
+ - virtualmachineinstances/unfreeze
+ - virtualmachineinstances/softreboot
+ - virtualmachineinstances/sev/setupsession
+ - virtualmachineinstances/sev/injectlaunchsecret
+ verbs:
+ - update
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - k8s.cni.cncf.io
+ resources:
+ - network-attachment-definitions
+ verbs:
+ - get
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - volumesnapshotclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - volumesnapshots
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - instancetype.kubevirt.io
+ resources:
+ - virtualmachineinstancetypes
+ - virtualmachineclusterinstancetypes
+ - virtualmachinepreferences
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - clone.kubevirt.io
+ resources:
+ - virtualmachineclones
+ - virtualmachineclones/status
+ - virtualmachineclones/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - resourcequotas
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachineinstances
+ verbs:
+ - update
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - patch
+ - list
+ - watch
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - export.kubevirt.io
+ resources:
+ - virtualmachineexports
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - version
+ - guestfs
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/console
+ - virtualmachineinstances/vnc
+ - virtualmachineinstances/vnc/screenshot
+ - virtualmachineinstances/portforward
+ - virtualmachineinstances/guestosinfo
+ - virtualmachineinstances/filesystemlist
+ - virtualmachineinstances/userlist
+ - virtualmachineinstances/sev/fetchcertchain
+ - virtualmachineinstances/sev/querylaunchmeasurement
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/pause
+ - virtualmachineinstances/unpause
+ - virtualmachineinstances/addvolume
+ - virtualmachineinstances/removevolume
+ - virtualmachineinstances/freeze
+ - virtualmachineinstances/unfreeze
+ - virtualmachineinstances/softreboot
+ - virtualmachineinstances/sev/setupsession
+ - virtualmachineinstances/sev/injectlaunchsecret
+ verbs:
+ - update
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/expand-spec
+ - virtualmachines/portforward
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/start
+ - virtualmachines/stop
+ - virtualmachines/restart
+ - virtualmachines/addvolume
+ - virtualmachines/removevolume
+ - virtualmachines/migrate
+ - virtualmachines/memorydump
+ verbs:
+ - update
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - expand-vm-spec
+ verbs:
+ - update
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ - virtualmachineinstancepresets
+ - virtualmachineinstancereplicasets
+ - virtualmachineinstancemigrations
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinesnapshotcontents
+ - virtualmachinerestores
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - export.kubevirt.io
+ resources:
+ - virtualmachineexports
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - clone.kubevirt.io
+ resources:
+ - virtualmachineclones
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - instancetype.kubevirt.io
+ resources:
+ - virtualmachineinstancetypes
+ - virtualmachineclusterinstancetypes
+ - virtualmachinepreferences
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/console
+ - virtualmachineinstances/vnc
+ - virtualmachineinstances/vnc/screenshot
+ - virtualmachineinstances/portforward
+ - virtualmachineinstances/guestosinfo
+ - virtualmachineinstances/filesystemlist
+ - virtualmachineinstances/userlist
+ - virtualmachineinstances/sev/fetchcertchain
+ - virtualmachineinstances/sev/querylaunchmeasurement
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/pause
+ - virtualmachineinstances/unpause
+ - virtualmachineinstances/addvolume
+ - virtualmachineinstances/removevolume
+ - virtualmachineinstances/freeze
+ - virtualmachineinstances/unfreeze
+ - virtualmachineinstances/softreboot
+ - virtualmachineinstances/sev/setupsession
+ - virtualmachineinstances/sev/injectlaunchsecret
+ verbs:
+ - update
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/expand-spec
+ - virtualmachines/portforward
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/start
+ - virtualmachines/stop
+ - virtualmachines/restart
+ - virtualmachines/addvolume
+ - virtualmachines/removevolume
+ - virtualmachines/migrate
+ - virtualmachines/memorydump
+ verbs:
+ - update
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - expand-vm-spec
+ verbs:
+ - update
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ - virtualmachineinstancepresets
+ - virtualmachineinstancereplicasets
+ - virtualmachineinstancemigrations
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinesnapshotcontents
+ - virtualmachinerestores
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - export.kubevirt.io
+ resources:
+ - virtualmachineexports
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - clone.kubevirt.io
+ resources:
+ - virtualmachineclones
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - instancetype.kubevirt.io
+ resources:
+ - virtualmachineinstancetypes
+ - virtualmachineclusterinstancetypes
+ - virtualmachinepreferences
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/expand-spec
+ - virtualmachineinstances/guestosinfo
+ - virtualmachineinstances/filesystemlist
+ - virtualmachineinstances/userlist
+ - virtualmachineinstances/sev/fetchcertchain
+ - virtualmachineinstances/sev/querylaunchmeasurement
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - expand-vm-spec
+ verbs:
+ - update
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ - virtualmachineinstancepresets
+ - virtualmachineinstancereplicasets
+ - virtualmachineinstancemigrations
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinesnapshotcontents
+ - virtualmachinerestores
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - export.kubevirt.io
+ resources:
+ - virtualmachineexports
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - clone.kubevirt.io
+ resources:
+ - virtualmachineclones
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - instancetype.kubevirt.io
+ resources:
+ - virtualmachineinstancetypes
+ - virtualmachineclusterinstancetypes
+ - virtualmachinepreferences
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - instancetype.kubevirt.io
+ resources:
+ - virtualmachineclusterinstancetypes
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kubevirt-operator
+subjects:
+- kind: ServiceAccount
+ name: kubevirt-operator
+ namespace: kubevirt
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ kubevirt.io: virt-operator
+ name: virt-operator
+ namespace: kubevirt
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ kubevirt.io: virt-operator
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ kubevirt.io: virt-operator
+ name: virt-operator
+ prometheus.kubevirt.io: "true"
+ name: virt-operator
+ spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: kubevirt.io
+ operator: In
+ values:
+ - virt-operator
+ topologyKey: kubernetes.io/hostname
+ weight: 1
+ containers:
+ - args:
+ - --port
+ - "8443"
+ - -v
+ - "2"
+ command:
+ - virt-operator
+ env:
+ - name: VIRT_OPERATOR_IMAGE
+ value: quay.io/kubevirt/virt-operator:v1.3.1
+ - name: WATCH_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.annotations['olm.targetNamespaces']
+ - name: KUBEVIRT_VERSION
+ value: v1.3.1
+ image: quay.io/kubevirt/virt-operator:v1.3.1
+ imagePullPolicy: IfNotPresent
+ name: virt-operator
+ ports:
+ - containerPort: 8443
+ name: metrics
+ protocol: TCP
+ - containerPort: 8444
+ name: webhooks
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: 8443
+ scheme: HTTPS
+ initialDelaySeconds: 5
+ timeoutSeconds: 10
+ resources:
+ requests:
+ cpu: 10m
+ memory: 450Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /etc/virt-operator/certificates
+ name: kubevirt-operator-certs
+ readOnly: true
+ - mountPath: /profile-data
+ name: profile-data
+ nodeSelector:
+ kubernetes.io/os: linux
+ priorityClassName: kubevirt-cluster-critical
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: kubevirt-operator
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+ volumes:
+ - name: kubevirt-operator-certs
+ secret:
+ optional: true
+ secretName: kubevirt-operator-certs
+ - emptyDir: {}
+ name: profile-data
diff --git a/charts/kubevirt/values.yaml b/charts/kubevirt/values.yaml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/charts/kubevirt/values.yaml
diff --git a/charts/virtual-machine/Chart.yaml b/charts/virtual-machine/Chart.yaml
new file mode 100644
index 0000000..3f9d5b6
--- /dev/null
+++ b/charts/virtual-machine/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: virtual-machine
+description: A Helm chart for virtual-machine
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/virtual-machine/templates/data-volume.yaml b/charts/virtual-machine/templates/data-volume.yaml
new file mode 100644
index 0000000..f9d1890
--- /dev/null
+++ b/charts/virtual-machine/templates/data-volume.yaml
@@ -0,0 +1,14 @@
+apiVersion: cdi.kubevirt.io/v1beta1
+kind: DataVolume
+metadata:
+ name: dv-{{ .Values.name }}
+spec:
+ source:
+ http:
+ url: {{ .Values.disk.source }}
+ pvc:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: {{ .Values.disk.size }}
diff --git a/charts/virtual-machine/templates/service-code-server.yaml b/charts/virtual-machine/templates/service-code-server.yaml
new file mode 100644
index 0000000..3be8855
--- /dev/null
+++ b/charts/virtual-machine/templates/service-code-server.yaml
@@ -0,0 +1,14 @@
+# TODO(gio): enable
+# apiVersion: v1
+# kind: Service
+# metadata:
+# name: {{ .Values.name }}-code-server
+# spec:
+# type: ClusterIP
+# selector:
+# app: {{ .Values.name }}
+# ports:
+# - name: http
+# port: 80
+# targetPort: 8080 # TODO(gio): add to values.yaml
+# protocol: TCP
diff --git a/charts/virtual-machine/templates/vm.yaml b/charts/virtual-machine/templates/vm.yaml
new file mode 100644
index 0000000..d66da80
--- /dev/null
+++ b/charts/virtual-machine/templates/vm.yaml
@@ -0,0 +1,49 @@
+apiVersion: kubevirt.io/v1
+kind: VirtualMachine
+metadata:
+ labels:
+ kubevirt.io/os: linux
+ name: {{ .Values.name }}
+spec:
+ running: true
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ kubevirt.io/domain: debian
+ app: {{ .Values.name }}
+ spec:
+ domain:
+ cpu:
+ cores: {{ .Values.cpuCores }}
+ resources:
+ limits:
+ memory: {{ .Values.memory }}
+ devices:
+ interfaces:
+ - name: default
+ masquerade: {}
+ ports:
+ {{- range .Values.ports }}
+ - port: {{ . }}
+ {{- end }}
+ disks:
+ - name: disk0
+ disk:
+ bus: virtio
+ - name: cloudinitdisk
+ disk:
+ bus: virtio
+ readonly: true
+ networks:
+ - name: default
+ pod: {}
+ volumes:
+ - name: disk0
+ persistentVolumeClaim:
+ claimName: dv-{{ .Values.name }}
+ - name: cloudinitdisk
+ cloudInitNoCloud:
+ userData: |
+ #cloud-config
+ {{- toYaml .Values.cloudInit.userData | nindent 14 }}
diff --git a/charts/virtual-machine/values.yaml b/charts/virtual-machine/values.yaml
new file mode 100644
index 0000000..6c8b642
--- /dev/null
+++ b/charts/virtual-machine/values.yaml
@@ -0,0 +1,9 @@
+name: ""
+cpuCores: 1
+memory: "1Gi"
+disk:
+ source: "https://cloud.debian.org/images/cloud/bookworm-backports/latest/debian-12-backports-generic-amd64.qcow2"
+ size: 64Gi
+ports: []
+cloudInit:
+ userData: {}
diff --git a/core/installer/Makefile b/core/installer/Makefile
index 296e780..abdd656 100644
--- a/core/installer/Makefile
+++ b/core/installer/Makefile
@@ -32,7 +32,7 @@
./pcloud --kubeconfig=../../priv/kubeconfig create-env --admin-priv-key=/Users/lekva/.ssh/id_rsa --name=lekva --ip=192.168.0.211 --admin-username=gio
appmanager:
- ./pcloud --kubeconfig=../../priv/kubeconfig-hetzner appmanager --ssh-key=/Users/lekva/.ssh/id_ed25519 --repo-addr=ssh://10.43.196.174/config --port=9090 # --app-repo-addr=http://localhost:8080
+ ./pcloud --kubeconfig=../../priv/kubeconfig-hetzner appmanager --ssh-key=/Users/lekva/.ssh/id_ed25519 --repo-addr=ssh://10.43.196.174/config --port=9090 --headscale-api-addr=http://10.43.193.154 # --app-repo-addr=http://localhost:8080
dodo-app:
./pcloud --kubeconfig=../../priv/kubeconfig-hetzner dodo-app --ssh-key=/Users/lekva/.ssh/id_ed25519 --repo-addr=ssh://10.43.196.174/test
diff --git a/core/installer/app.go b/core/installer/app.go
index 0c9cf6b..cee8a5f 100644
--- a/core/installer/app.go
+++ b/core/installer/app.go
@@ -196,7 +196,14 @@
type EnvApp interface {
App
- Render(release Release, env EnvConfig, networks []Network, values map[string]any, charts map[string]helmv2.HelmChartTemplateSpec) (EnvAppRendered, error)
+ Render(
+ release Release,
+ env EnvConfig,
+ networks []Network,
+ values map[string]any,
+ charts map[string]helmv2.HelmChartTemplateSpec,
+ vpnKeyGen VPNAuthKeyGenerator,
+ ) (EnvAppRendered, error)
}
type cueApp struct {
@@ -452,8 +459,9 @@
networks []Network,
values map[string]any,
charts map[string]helmv2.HelmChartTemplateSpec,
+ vpnKeyGen VPNAuthKeyGenerator,
) (EnvAppRendered, error) {
- derived, err := deriveValues(values, a.Schema(), networks)
+ derived, err := deriveValues(values, values, a.Schema(), networks, vpnKeyGen)
if err != nil {
return EnvAppRendered{}, err
}
diff --git a/core/installer/app_manager.go b/core/installer/app_manager.go
index c27b641..3157a45 100644
--- a/core/installer/app_manager.go
+++ b/core/installer/app_manager.go
@@ -35,6 +35,7 @@
nsc NamespaceCreator
jc JobCreator
hf HelmFetcher
+ vpnKeyGen VPNAuthKeyGenerator
appDirRoot string
}
@@ -43,6 +44,7 @@
nsc NamespaceCreator,
jc JobCreator,
hf HelmFetcher,
+ vpnKeyGen VPNAuthKeyGenerator,
appDirRoot string,
) (*AppManager, error) {
return &AppManager{
@@ -51,6 +53,7 @@
nsc,
jc,
hf,
+ vpnKeyGen,
appDirRoot,
}, nil
}
@@ -457,7 +460,7 @@
RepoAddr: m.repoIO.FullAddress(),
AppDir: appDir,
}
- rendered, err := app.Render(release, env, networks, values, nil)
+ rendered, err := app.Render(release, env, networks, values, nil, m.vpnKeyGen)
if err != nil {
return ReleaseResources{}, err
}
@@ -489,7 +492,7 @@
if o.FetchContainerImages {
release.ImageRegistry = imageRegistry
}
- rendered, err = app.Render(release, env, networks, values, localCharts)
+ rendered, err = app.Render(release, env, networks, values, localCharts, m.vpnKeyGen)
if err != nil {
return ReleaseResources{}, err
}
@@ -582,7 +585,7 @@
if err != nil {
return ReleaseResources{}, err
}
- rendered, err := app.Render(config.Release, env, networks, values, renderedCfg.LocalCharts)
+ rendered, err := app.Render(config.Release, env, networks, values, renderedCfg.LocalCharts, m.vpnKeyGen)
if err != nil {
return ReleaseResources{}, err
}
@@ -989,6 +992,8 @@
return []string{}
case KindPort:
return []string{""}
+ case KindVPNAuthKey:
+ return []string{}
default:
panic("MUST NOT REACH!")
}
diff --git a/core/installer/app_repository.go b/core/installer/app_repository.go
index 381a84f..4ce7c9d 100644
--- a/core/installer/app_repository.go
+++ b/core/installer/app_repository.go
@@ -20,6 +20,7 @@
var storeEnvAppConfigs = []string{
"values-tmpl/dodo-app.cue",
+ "values-tmpl/virtual-machine.cue",
"values-tmpl/coder.cue",
"values-tmpl/url-shortener.cue",
"values-tmpl/matrix.cue",
diff --git a/core/installer/app_test.go b/core/installer/app_test.go
index bf0ceac..f0f0e64 100644
--- a/core/installer/app_test.go
+++ b/core/installer/app_test.go
@@ -82,7 +82,7 @@
"groups": "a,b",
},
}
- rendered, err := a.Render(release, env, networks, values, nil)
+ rendered, err := a.Render(release, env, networks, values, nil, nil)
if err != nil {
t.Fatal(err)
}
@@ -112,7 +112,7 @@
"enabled": false,
},
}
- rendered, err := a.Render(release, env, networks, values, nil)
+ rendered, err := a.Render(release, env, networks, values, nil, nil)
if err != nil {
t.Fatal(err)
}
@@ -138,7 +138,7 @@
"network": "Public",
"authGroups": "foo,bar",
}
- rendered, err := a.Render(release, env, networks, values, nil)
+ rendered, err := a.Render(release, env, networks, values, nil, nil)
if err != nil {
t.Fatal(err)
}
@@ -168,7 +168,7 @@
},
"sshPort": 22,
}
- rendered, err := a.Render(release, env, networks, values, nil)
+ rendered, err := a.Render(release, env, networks, values, nil, nil)
if err != nil {
t.Fatal(err)
}
@@ -193,7 +193,7 @@
"subdomain": "jenkins",
"network": "Private",
}
- rendered, err := a.Render(release, env, networks, values, nil)
+ rendered, err := a.Render(release, env, networks, values, nil, nil)
if err != nil {
t.Fatal(err)
}
@@ -252,7 +252,7 @@
},
"sshPrivateKey": "private",
}
- rendered, err := a.Render(release, env, networks, values, nil)
+ rendered, err := a.Render(release, env, networks, values, nil, nil)
if err != nil {
t.Fatal(err)
}
@@ -285,7 +285,7 @@
"groups": "a,b",
},
}
- rendered, err := app.Render(release, env, networks, values, nil)
+ rendered, err := app.Render(release, env, networks, values, nil, nil)
if err != nil {
t.Fatal(err)
}
@@ -360,7 +360,7 @@
"managerAddr": "",
"appId": "",
"sshPrivateKey": "",
- }, nil)
+ }, nil, nil)
if err != nil {
t.Fatal(err)
}
@@ -383,7 +383,7 @@
"repoHost": "",
"gitRepoPublicKey": "",
}
- rendered, err := a.Render(release, env, networks, values, nil)
+ rendered, err := a.Render(release, env, networks, values, nil, nil)
if err != nil {
t.Fatal(err)
}
diff --git a/core/installer/cmd/app_manager.go b/core/installer/cmd/app_manager.go
index c03c83e..a6224a0 100644
--- a/core/installer/cmd/app_manager.go
+++ b/core/installer/cmd/app_manager.go
@@ -16,10 +16,11 @@
)
var appManagerFlags struct {
- sshKey string
- repoAddr string
- port int
- appRepoAddr string
+ sshKey string
+ repoAddr string
+ port int
+ appRepoAddr string
+ headscaleAPIAddr string
}
func appManagerCmd() *cobra.Command {
@@ -51,6 +52,12 @@
"",
"",
)
+ cmd.Flags().StringVar(
+ &appManagerFlags.headscaleAPIAddr,
+ "headscale-api-addr",
+ "",
+ "",
+ )
return cmd
}
@@ -85,7 +92,8 @@
return err
}
hf := installer.NewGitHelmFetcher()
- m, err := installer.NewAppManager(repoIO, nsc, jc, hf, "/apps")
+ vpnKeyGen := installer.NewHeadscaleAPIClient(appManagerFlags.headscaleAPIAddr)
+ m, err := installer.NewAppManager(repoIO, nsc, jc, hf, vpnKeyGen, "/apps")
if err != nil {
return err
}
diff --git a/core/installer/cmd/dodo_app.go b/core/installer/cmd/dodo_app.go
index f61ee78..2fe1697 100644
--- a/core/installer/cmd/dodo_app.go
+++ b/core/installer/cmd/dodo_app.go
@@ -32,6 +32,7 @@
db string
networks []string
fetchUsersAddr string
+ headscaleAPIAddr string
}
func dodoAppCmd() *cobra.Command {
@@ -123,6 +124,12 @@
[]string{},
"",
)
+ cmd.Flags().StringVar(
+ &dodoAppFlags.headscaleAPIAddr,
+ "headscale-api-addr",
+ "",
+ "",
+ )
return cmd
}
@@ -193,6 +200,7 @@
// &tasks.KustomizationReconciler{},
},
}
+ vpnKeyGen := installer.NewHeadscaleAPIClient(dodoAppFlags.headscaleAPIAddr)
s, err := welcome.NewDodoAppServer(
st,
nf,
@@ -208,6 +216,7 @@
dodoAppFlags.envAppManagerAddr,
nsc,
jc,
+ vpnKeyGen,
env,
dodoAppFlags.external,
dodoAppFlags.fetchUsersAddr,
diff --git a/core/installer/cmd/launcher.go b/core/installer/cmd/launcher.go
index 0af1d1e..e671fe6 100644
--- a/core/installer/cmd/launcher.go
+++ b/core/installer/cmd/launcher.go
@@ -74,7 +74,7 @@
if err != nil {
return err
}
- appManager, err := installer.NewAppManager(repoIO, nil, nil, nil, "/apps")
+ appManager, err := installer.NewAppManager(repoIO, nil, nil, nil, nil, "/apps")
if err != nil {
return err
}
diff --git a/core/installer/cmd/rewrite.go b/core/installer/cmd/rewrite.go
index 3ebb390..0562c0e 100644
--- a/core/installer/cmd/rewrite.go
+++ b/core/installer/cmd/rewrite.go
@@ -62,7 +62,7 @@
log.Println("Creating repository")
r := installer.NewInMemoryAppRepository(installer.CreateAllApps())
hf := installer.NewGitHelmFetcher()
- mgr, err := installer.NewAppManager(repoIO, nil, nil, hf, "/apps")
+ mgr, err := installer.NewAppManager(repoIO, nil, nil, hf, nil, "/apps")
if err != nil {
return err
}
diff --git a/core/installer/derived.go b/core/installer/derived.go
index 7a5e5f3..aabda98 100644
--- a/core/installer/derived.go
+++ b/core/installer/derived.go
@@ -3,6 +3,7 @@
import (
"fmt"
"html/template"
+ "strings"
)
type Release struct {
@@ -55,7 +56,21 @@
return ret
}
-func deriveValues(values any, schema Schema, networks []Network) (map[string]any, error) {
+func getField(v any, f string) any {
+ for _, i := range strings.Split(f, ".") {
+ vm := v.(map[string]any)
+ v = vm[i]
+ }
+ return v
+}
+
+func deriveValues(
+ root any,
+ values any,
+ schema Schema,
+ networks []Network,
+ vpnKeyGen VPNAuthKeyGenerator,
+) (map[string]any, error) {
ret := make(map[string]any)
for _, f := range schema.Fields() {
k := f.Name
@@ -74,6 +89,16 @@
"private": string(key.RawPrivateKey()),
}
}
+ if def.Kind() == KindVPNAuthKey {
+ usernameField := def.Meta()["usernameField"]
+ // TODO(gio): Improve getField
+ username := getField(root, usernameField)
+ authKey, err := vpnKeyGen.Generate(username.(string))
+ if err != nil {
+ return nil, err
+ }
+ ret[k] = authKey
+ }
continue
}
switch def.Kind() {
@@ -85,6 +110,8 @@
ret[k] = v
case KindPort:
ret[k] = v
+ case KindVPNAuthKey:
+ ret[k] = v
case KindArrayString:
a, ok := v.([]string)
if !ok {
@@ -120,19 +147,19 @@
}
ret[k] = picked
case KindAuth:
- r, err := deriveValues(v, AuthSchema, networks)
+ r, err := deriveValues(v, v, AuthSchema, networks, vpnKeyGen)
if err != nil {
return nil, err
}
ret[k] = r
case KindSSHKey:
- r, err := deriveValues(v, SSHKeySchema, networks)
+ r, err := deriveValues(v, v, SSHKeySchema, networks, vpnKeyGen)
if err != nil {
return nil, err
}
ret[k] = r
case KindStruct:
- r, err := deriveValues(v, def, networks)
+ r, err := deriveValues(v, v, def, networks, vpnKeyGen)
if err != nil {
return nil, err
}
@@ -163,6 +190,8 @@
ret[k] = v
case KindPort:
ret[k] = v
+ case KindVPNAuthKey:
+ ret[k] = v
case KindArrayString:
a, ok := v.([]string)
if !ok {
diff --git a/core/installer/derived_test.go b/core/installer/derived_test.go
new file mode 100644
index 0000000..7a34154
--- /dev/null
+++ b/core/installer/derived_test.go
@@ -0,0 +1,34 @@
+package installer
+
+import (
+ "testing"
+)
+
+type testKeyGen struct{}
+
+func (g testKeyGen) Generate(username string) (string, error) {
+ return username, nil
+}
+
+func TestDeriveVPNAuthKey(t *testing.T) {
+ schema := structSchema{
+ "input",
+ []Field{
+ Field{"username", basicSchema{"username", KindString, false, nil}},
+ Field{"authKey", basicSchema{"authKey", KindVPNAuthKey, false, map[string]string{
+ "usernameField": "username",
+ }}},
+ },
+ false,
+ }
+ input := map[string]any{
+ "username": "foo",
+ }
+ v, err := deriveValues(input, input, schema, nil, testKeyGen{})
+ if err != nil {
+ t.Fatal(err)
+ }
+ if key, ok := v["authKey"].(string); !ok || key != "foo" {
+ t.Fatal(v)
+ }
+}
diff --git a/core/installer/schema.go b/core/installer/schema.go
index 8b49905..b02f3b7 100644
--- a/core/installer/schema.go
+++ b/core/installer/schema.go
@@ -22,6 +22,7 @@
KindNumber = 4
KindArrayString = 8
KindPort = 9
+ KindVPNAuthKey = 11
)
type Field struct {
@@ -34,13 +35,14 @@
Kind() Kind
Fields() []Field
Advanced() bool
+ Meta() map[string]string
}
var AuthSchema Schema = structSchema{
name: "Auth",
fields: []Field{
- Field{"enabled", basicSchema{"Enabled", KindBoolean, false}},
- Field{"groups", basicSchema{"Groups", KindString, false}},
+ Field{"enabled", basicSchema{"Enabled", KindBoolean, false, nil}},
+ Field{"groups", basicSchema{"Groups", KindString, false, nil}},
},
advanced: false,
}
@@ -48,8 +50,8 @@
var SSHKeySchema Schema = structSchema{
name: "SSH Key",
fields: []Field{
- Field{"public", basicSchema{"Public Key", KindString, false}},
- Field{"private", basicSchema{"Private Key", KindString, false}},
+ Field{"public", basicSchema{"Public Key", KindString, false, nil}},
+ Field{"private", basicSchema{"Private Key", KindString, false, nil}},
},
advanced: true,
}
@@ -166,6 +168,7 @@
name string
kind Kind
advanced bool
+ meta map[string]string
}
func (s basicSchema) Name() string {
@@ -184,6 +187,10 @@
return s.advanced
}
+func (s basicSchema) Meta() map[string]string {
+ return s.meta
+}
+
type structSchema struct {
name string
fields []Field
@@ -206,6 +213,10 @@
return s.advanced
}
+func (s structSchema) Meta() map[string]string {
+ return map[string]string{}
+}
+
func NewCueSchema(name string, v cue.Value) (Schema, error) {
nameAttr := v.Attribute("name")
if nameAttr.Err() == nil {
@@ -218,29 +229,36 @@
}
switch v.IncompleteKind() {
case cue.StringKind:
- return basicSchema{name, KindString, false}, nil
+ if role == "vpnauthkey" {
+ meta := map[string]string{}
+ usernameAttr := v.Attribute("usernameField")
+ meta["usernameField"] = strings.ToLower(usernameAttr.Contents())
+ return basicSchema{name, KindVPNAuthKey, true, meta}, nil
+ } else {
+ return basicSchema{name, KindString, false, nil}, nil
+ }
case cue.BoolKind:
- return basicSchema{name, KindBoolean, false}, nil
+ return basicSchema{name, KindBoolean, false, nil}, nil
case cue.NumberKind:
- return basicSchema{name, KindNumber, false}, nil
+ return basicSchema{name, KindNumber, false, nil}, nil
case cue.IntKind:
if role == "port" {
- return basicSchema{name, KindPort, true}, nil
+ return basicSchema{name, KindPort, true, nil}, nil
} else {
- return basicSchema{name, KindInt, false}, nil
+ return basicSchema{name, KindInt, false, nil}, nil
}
case cue.ListKind:
if isMultiNetwork(v) {
- return basicSchema{name, KindMultiNetwork, false}, nil
+ return basicSchema{name, KindMultiNetwork, false, nil}, nil
}
- return basicSchema{name, KindArrayString, false}, nil
+ return basicSchema{name, KindArrayString, false, nil}, nil
case cue.StructKind:
if isNetwork(v) {
- return basicSchema{name, KindNetwork, false}, nil
+ return basicSchema{name, KindNetwork, false, nil}, nil
} else if isAuth(v) {
- return basicSchema{name, KindAuth, false}, nil
+ return basicSchema{name, KindAuth, false, nil}, nil
} else if isSSHKey(v) {
- return basicSchema{name, KindSSHKey, true}, nil
+ return basicSchema{name, KindSSHKey, true, nil}, nil
}
s := structSchema{name, make([]Field, 0), false}
f, err := v.Fields(cue.Schema())
diff --git a/core/installer/schema_test.go b/core/installer/schema_test.go
index cca0bd7..61739fb 100644
--- a/core/installer/schema_test.go
+++ b/core/installer/schema_test.go
@@ -8,17 +8,17 @@
scm := structSchema{
"a",
[]Field{
- Field{"x", basicSchema{"x", KindString, false}},
- Field{"y", basicSchema{"y", KindInt, false}},
- Field{"z", basicSchema{"z", KindPort, false}},
+ Field{"x", basicSchema{"x", KindString, false, nil}},
+ Field{"y", basicSchema{"y", KindInt, false, nil}},
+ Field{"z", basicSchema{"z", KindPort, false, nil}},
Field{
"w",
structSchema{
"w",
[]Field{
- Field{"x", basicSchema{"x", KindString, false}},
- Field{"y", basicSchema{"y", KindInt, false}},
- Field{"z", basicSchema{"z", KindPort, false}},
+ Field{"x", basicSchema{"x", KindString, false, nil}},
+ Field{"y", basicSchema{"y", KindInt, false, nil}},
+ Field{"z", basicSchema{"z", KindPort, false, nil}},
},
false,
},
diff --git a/core/installer/tasks/infra.go b/core/installer/tasks/infra.go
index 9d0c011..3682533 100644
--- a/core/installer/tasks/infra.go
+++ b/core/installer/tasks/infra.go
@@ -18,7 +18,7 @@
if err != nil {
return err
}
- appManager, err := installer.NewAppManager(r, st.nsCreator, st.jc, st.hf, "/apps")
+ appManager, err := installer.NewAppManager(r, st.nsCreator, st.jc, st.hf, nil, "/apps")
if err != nil {
return err
}
diff --git a/core/installer/values-tmpl/appmanager.cue b/core/installer/values-tmpl/appmanager.cue
index 75358a3..aad8f52 100644
--- a/core/installer/values-tmpl/appmanager.cue
+++ b/core/installer/values-tmpl/appmanager.cue
@@ -68,6 +68,7 @@
values: {
repoAddr: input.repoAddr
sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
+ headscaleAPIAddr: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local"
ingress: {
className: input.network.ingressClass
domain: _domain
diff --git a/core/installer/values-tmpl/virtual-machine.cue b/core/installer/values-tmpl/virtual-machine.cue
new file mode 100644
index 0000000..292c082
--- /dev/null
+++ b/core/installer/values-tmpl/virtual-machine.cue
@@ -0,0 +1,72 @@
+input: {
+ name: string @name(Hostname)
+ username: string @name(Username)
+ authKey: string @name(Auth Key) @role(VPNAuthKey) @usernameField(username)
+ cpuCores: int | *1 @name(CPU Cores)
+ memory: string | *"2Gi" @name(Memory)
+}
+
+name: "Virutal Machine"
+namespace: "app-vm"
+readme: "Virtual Machine"
+description: "Virtual Machine"
+icon: """
+<svg xmlns="http://www.w3.org/2000/svg" width="50" height="50" viewBox="0 0 2048 2048"><path fill="currentColor" d="M1280 384H640V256h640zm0 1024H640v-128h640zm0 256H640v-128h640zM1408 0q27 0 50 10t40 27t28 41t10 50v1792H384V128q0-27 10-50t27-40t41-28t50-10zm0 128H512v1664h896z"/></svg>"""
+
+charts: {
+ virtualMachine: {
+ kind: "GitRepository"
+ address: "https://code.v1.dodo.cloud/helm-charts"
+ branch: "main"
+ path: "charts/virtual-machine"
+ }
+}
+
+helm: {
+ "virtual-machine": {
+ chart: charts.virtualMachine
+ values: {
+ name: input.name
+ cpuCores: input.cpuCores
+ memory: input.memory
+ disk: {
+ source: "https://cloud.debian.org/images/cloud/bookworm-backports/latest/debian-12-backports-generic-amd64.qcow2"
+ size: "64Gi"
+ }
+ ports: [22, 8080]
+ cloudInit: userData: _cloudInitUserData
+ }
+ }
+}
+
+_cloudInitUserData: {
+ system_info: {
+ default_user: {
+ name: input.username
+ home: "/home/\(input.username)"
+ }
+ }
+ password: "dodo" // TODO(gio): remove if possible
+ chpasswd: {
+ expire: false
+ }
+ hostname: input.name
+ ssh_pwauth: true
+ disable_root: false
+ ssh_authorized_keys: [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOa7FUrmXzdY3no8qNGUk7OPaRcIUi8G7MVbLlff9eB/ lekva@gl-mbp-m1-max.local"
+ ]
+ runcmd: [
+ ["sh", "-c", "curl -fsSL https://tailscale.com/install.sh | sh"],
+ // TODO(gio): take auth key from input
+ // TODO(gio): enable tailscale ssh
+ ["sh", "-c", "tailscale up --login-server=https://headscale.\(global.domain) --auth-key=\(input.authKey) --accept-routes"],
+ ["sh", "-c", "curl -fsSL https://code-server.dev/install.sh | HOME=/home/\(input.username) sh"],
+ ["sh", "-c", "systemctl enable --now code-server@\(input.username)"],
+ ["sh", "-c", "sleep 10"],
+ // TODO(gio): listen only on tailscale interface
+ ["sh", "-c", "sed -i -e 's/127.0.0.1/0.0.0.0/g' /home/\(input.username)/.config/code-server/config.yaml"],
+ ["sh", "-c", "sed -i -e 's/auth: password/auth: none/g' /home/\(input.username)/.config/code-server/config.yaml"],
+ ["sh", "-c", "systemctl restart --now code-server@\(input.username)"],
+ ]
+}
diff --git a/core/installer/vpn.go b/core/installer/vpn.go
new file mode 100644
index 0000000..4739bf2
--- /dev/null
+++ b/core/installer/vpn.go
@@ -0,0 +1,34 @@
+package installer
+
+import (
+ "bytes"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+)
+
+type VPNAuthKeyGenerator interface {
+ Generate(username string) (string, error)
+}
+
+type headscaleAPIClient struct {
+ apiAddr string
+}
+
+func NewHeadscaleAPIClient(apiAddr string) VPNAuthKeyGenerator {
+ return &headscaleAPIClient{apiAddr}
+}
+
+func (g *headscaleAPIClient) Generate(username string) (string, error) {
+ resp, err := http.Post(fmt.Sprintf("%s/user/%s/preauthkey", g.apiAddr, username), "application/json", nil)
+ if err != nil {
+ return "", err
+ }
+ var buf bytes.Buffer
+ io.Copy(&buf, resp.Body)
+ if resp.StatusCode != http.StatusOK {
+ return "", errors.New(buf.String())
+ }
+ return buf.String(), nil
+}
diff --git a/core/installer/welcome/dodo_app.go b/core/installer/welcome/dodo_app.go
index 3f40e9f..bd72aef 100644
--- a/core/installer/welcome/dodo_app.go
+++ b/core/installer/welcome/dodo_app.go
@@ -101,6 +101,7 @@
env installer.EnvConfig
nsc installer.NamespaceCreator
jc installer.JobCreator
+ vpnKeyGen installer.VPNAuthKeyGenerator
workers map[string]map[string]struct{}
appConfigs map[string]appConfig
tmplts dodoAppTmplts
@@ -132,6 +133,7 @@
envAppManagerAddr string,
nsc installer.NamespaceCreator,
jc installer.JobCreator,
+ vpnKeyGen installer.VPNAuthKeyGenerator,
env installer.EnvConfig,
external bool,
fetchUsersAddr string,
@@ -166,6 +168,7 @@
env,
nsc,
jc,
+ vpnKeyGen,
map[string]map[string]struct{}{},
map[string]appConfig{},
tmplts,
@@ -919,7 +922,7 @@
return err
}
hf := installer.NewGitHelmFetcher()
- m, err := installer.NewAppManager(configRepo, s.nsc, s.jc, hf, "/")
+ m, err := installer.NewAppManager(configRepo, s.nsc, s.jc, hf, s.vpnKeyGen, "/")
if err != nil {
return err
}
@@ -1044,7 +1047,7 @@
return installer.ReleaseResources{}, err
}
hf := installer.NewGitHelmFetcher()
- m, err := installer.NewAppManager(repo, s.nsc, s.jc, hf, "/.dodo")
+ m, err := installer.NewAppManager(repo, s.nsc, s.jc, hf, s.vpnKeyGen, "/.dodo")
if err != nil {
return installer.ReleaseResources{}, err
}
diff --git a/core/installer/welcome/welcome.go b/core/installer/welcome/welcome.go
index 9e45de5..08a8a1f 100644
--- a/core/installer/welcome/welcome.go
+++ b/core/installer/welcome/welcome.go
@@ -214,7 +214,7 @@
}
// TODO(gio): remove this once auto user sync is implemented
{
- appManager, err := installer.NewAppManager(s.repo, s.nsCreator, nil, s.hf, "/apps")
+ appManager, err := installer.NewAppManager(s.repo, s.nsCreator, nil, s.hf, nil, "/apps")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return