diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml index ad653633..5e7f3504 100644 --- a/.github/workflows/lint-test-matrix.yaml +++ b/.github/workflows/lint-test-matrix.yaml @@ -11,9 +11,11 @@ jobs: fail-fast: false matrix: kindest_node_version: - - v1.21.14@sha256:ad5b7446dd8332439f22a1efdac73670f0da158c00f0a70b45716e7ef3fae20b - - v1.23.12@sha256:9402cf1330bbd3a0d097d2033fa489b2abe40d479cc5ef47d0b6a6960613148a - - v1.24.6@sha256:97e8d00bc37a7598a0b32d1fabd155a96355c49fa0d4d4790aab0f161bf31be1 + - v1.21.14@sha256:9d9eb5fb26b4fbc0c6d95fa8c790414f9750dd583f5d7cee45d92e8c26670aa1 + - v1.22.15@sha256:7d9708c4b0873f0fe2e171e2b1b7f45ae89482617778c1c875f1053d4cef2e41 + - v1.23.13@sha256:ef453bb7c79f0e3caba88d2067d4196f427794086a7d0df8df4f019d5e336b61 + - v1.25.3@sha256:f52781bc0d7a19fb6c405c2af83abfeb311f130707a0e219175677e366cc45d1 + - v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352 steps: - name: Checkout uses: actions/checkout@v3 @@ -24,14 +26,14 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.4.0 - name: Run chart-testing (list-changed) id: list-changed run: | changed=$(ct list-changed --config ./default.ct.yaml) if [[ "$changed" ]]; then - echo "::set-output name=changed::true" + echo "changed=true" >> $GITHUB_OUTPUT echo "$changed" fi @@ -39,9 +41,9 @@ jobs: run: ct lint --config ./default.ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.4.0 + uses: helm/kind-action@v1.5.0 with: - version: v0.14.0 + version: v0.17.0 node_image: kindest/node:${{ matrix.kindest_node_version }} if: | (steps.list-changed.outputs.changed == 'true') || diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index b5108a36..94ae6b73 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -76,14 +76,14 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.4.0 - name: Run chart-testing (list-changed) id: list-changed run: | changed=$(ct list-changed --config ./default.ct.yaml) if [[ "$changed" ]]; then - echo "::set-output name=changed::true" + echo "changed=true" >> $GITHUB_OUTPUT echo "$changed" fi @@ -91,13 +91,37 @@ jobs: run: ct lint --config ./default.ct.yaml - name: Create kind cluster - uses: helm/kind-action@v1.4.0 + uses: helm/kind-action@v1.5.0 with: - version: v0.14.0 - node_image: kindest/node:v1.22.15@sha256:bfd5eaae36849bfb3c1e3b9442f3da17d730718248939d9d547e86bbac5da586 + version: v0.17.0 + node_image: kindest/node:v1.24.7@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - name: Run chart-testing (install) run: ct install --config ./default.ct.yaml + + artifacthub-changelog: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: "0" + + - name: Install gojq + run: | + cd /tmp + curl -sSLO https://github.com/itchyny/gojq/releases/download/v0.12.10/gojq_v0.12.10_linux_amd64.tar.gz + tar -xf ./gojq_v0.12.10_linux_amd64.tar.gz + sudo cp /tmp/gojq_v0.12.10_linux_amd64/gojq /usr/local/bin/gojq + + - name: Run artifacthub.io changelog check + run: | + for chartyaml in $(git diff --name-only origin/main | awk -F/ '/^charts\// { printf "%s/%s/%s\n",$1,$2,"Chart.yaml" }' | sort -u); do + if diff <(gojq -r --yaml-input '.annotations."artifacthub.io/changes"' <(git show HEAD:$chartyaml)) <(gojq -r --yaml-input '.annotations."artifacthub.io/changes"' <(git show origin/main:$chartyaml)); then + echo "$chartyaml artifacthub.io changelog needs an update!" + exit 1 + fi + done diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 063524d2..377367a3 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,6 +35,6 @@ jobs: helm repo add nats https://nats-io.github.io/k8s/helm/charts/ - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.1 + uses: helm/chart-releaser-action@v1.5.0 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml index a57dadd3..c85f0e67 100644 --- a/.github/workflows/test-suite.yaml +++ b/.github/workflows/test-suite.yaml @@ -13,26 +13,24 @@ jobs: - active-standby-kubernetes - api - deploytarget - - features-variables - features-kubernetes - features-kubernetes-2 + - features-variables + - services - tasks - - dbaas - - ssh-portal - ## Re-enable any of these below tests in your branch for specific testing - ## - drupal-php74 - ## - drupal-php80 - ## - drupal-postgres + ## Re-enable any of these tests in your branch for specific testing + ## - bitbucket + ## - bulk-deployment ## - drush + ## - generic + ## - github + ## - gitlab ## - image-cache - ## - node-mongodb ## - nginx ## - node ## - python - ## - elasticsearch - ## - github - ## - gitlab - ## - bitbucket + ## - ssh-legacy + ## - workflows steps: # Continue after getting a shell via: `touch continue` @@ -50,14 +48,14 @@ jobs: run: sudo apt-get -y install python3-wheel - name: Set up chart-testing - uses: helm/chart-testing-action@v2.3.1 + uses: helm/chart-testing-action@v2.4.0 - name: Run chart-testing (list-changed) id: list-changed run: | changed=$(ct list-changed --config ./test-suite-lint.ct.yaml) if [[ "$changed" ]]; then - echo "::set-output name=changed::true" + echo "changed=true" >> $GITHUB_OUTPUT echo "$changed" fi @@ -71,24 +69,15 @@ jobs: envsubst < test-suite.kind-config.yaml.tpl > test-suite.kind-config.yaml - name: Create kind cluster - uses: helm/kind-action@v1.4.0 + uses: helm/kind-action@v1.5.0 if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) with: - version: v0.14.0 - node_image: kindest/node:v1.23.12@sha256:9402cf1330bbd3a0d097d2033fa489b2abe40d479cc5ef47d0b6a6960613148a + version: v0.17.0 + node_image: kindest/node:v1.24.7@sha256:577c630ce8e509131eab1aea12c022190978dd2f745aac5eb1fe65c0807eb315 config: test-suite.kind-config.yaml - - - name: Install kubectl - if: | - (steps.list-changed.outputs.changed == 'true') || - (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - run: | - cd /tmp - curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl - chmod +x ./kubectl - sudo cp ./kubectl /usr/local/bin/ + kubectl_version: v1.24.7 - name: Check node IP matches kind configuration if: | @@ -99,16 +88,6 @@ jobs: echo Checking for NODE_IP "$NODE_IP" grep $NODE_IP test-suite.kind-config.yaml - - name: Install Helm - if: | - (steps.list-changed.outputs.changed == 'true') || - (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - run: | - cd /tmp - curl -fsSLo get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh - - name: Add dependency chart repos if: | (steps.list-changed.outputs.changed == 'true') || @@ -129,23 +108,24 @@ jobs: (contains(github.event.pull_request.labels.*.name, 'needs-testing')) run: | cd /tmp - curl -sSLO https://github.com/itchyny/gojq/releases/download/v0.11.1/gojq_v0.11.1_linux_amd64.tar.gz - tar -xf ./gojq_v0.11.1_linux_amd64.tar.gz - sudo cp /tmp/gojq_v0.11.1_linux_amd64/gojq /usr/local/bin/jq + curl -sSLO https://github.com/itchyny/gojq/releases/download/v0.12.9/gojq_v0.12.9_linux_amd64.tar.gz + tar -xf ./gojq_v0.12.9_linux_amd64.tar.gz + sudo cp /tmp/gojq_v0.12.9_linux_amd64/gojq /usr/local/bin/jq - name: Install kubens and kubectl alias run: | cd /tmp - curl -sSLO https://github.com/ahmetb/kubectx/releases/download/v0.9.1/kubens_v0.9.1_linux_x86_64.tar.gz - tar -xf ./kubens_v0.9.1_linux_x86_64.tar.gz + curl -sSLO https://github.com/ahmetb/kubectx/releases/download/v0.9.4/kubens_v0.9.4_linux_x86_64.tar.gz + tar -xf ./kubens_v0.9.4_linux_x86_64.tar.gz sudo cp /tmp/kubens /usr/local/bin/kubens - sudo ln -s /usr/local/bin/kubectl /usr/local/bin/kc + sudo ln -s $(which kubectl) /usr/local/bin/kc - name: Helm-install the test fixtures and fill lagoon-test/ci/linter-values.yaml if: | (steps.list-changed.outputs.changed == 'true') || (contains(github.event.pull_request.labels.*.name, 'needs-testing')) - run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main + # run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] IMAGE_REGISTRY=testlagoon IMAGE_TAG=main + run: make -j8 -O fill-test-ci-values TESTS=[${{ matrix.test }}] - name: Free up some disk space if: | diff --git a/.gitignore b/.gitignore index f60284bd..dc41c877 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /test-suite.kind-config.yaml +/test-suite.kind-config.calico.yaml diff --git a/Makefile b/Makefile index 25678132..16d99eee 100644 --- a/Makefile +++ b/Makefile @@ -25,6 +25,7 @@ BUILD_DEPLOY_CONTROLLER_ROOTLESS_BUILD_PODS = # Control the feature flags on the lagoon-build-deploy chart. Valid values: `enabled` or `disabled`. LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD = LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY = +LAGOON_FEATURE_FLAG_DEFAULT_RWX_TO_RWO = enabled # Set to `true` to use the Calico CNI plugin instead of the default kindnet. This # is useful for testing network policies. USE_CALICO_CNI = @@ -38,6 +39,8 @@ SKIP_INSTALL_REGISTRY = SKIP_ALL_DEPS = # Set to `true` to use the disable harbor integration in lagoon-core DISABLE_CORE_HARBOR = +# Set to `true` to enable the elements of lagoon-core that talk to OpenSearch installs +OPENSEARCH_INTEGRATION_ENABLED = false TIMEOUT = 30m HELM = helm @@ -50,18 +53,19 @@ fill-test-ci-values: && export keycloakAuthServerClientSecret="$$($(KUBECTL) -n lagoon get secret lagoon-core-keycloak -o json | $(JQ) -r '.data.KEYCLOAK_AUTH_SERVER_CLIENT_SECRET | @base64d')" \ && export routeSuffixHTTP="$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io" \ && export routeSuffixHTTPS="$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io" \ - && export token="$$($(KUBECTL) -n lagoon get secret -o json | $(JQ) -r '.items[] | select(.metadata.name | match("lagoon-build-deploy-token")) | .data.token | @base64d')" \ + && export token="$$($(KUBECTL) -n lagoon create token lagoon-build-deploy --duration 3h)" \ && export $$([ $(IMAGE_TAG) ] && echo imageTag='$(IMAGE_TAG)' || echo imageTag='latest') \ && export webhookHandler="lagoon-core-webhook-handler" \ && export tests='$(TESTS)' imageRegistry='$(IMAGE_REGISTRY)' \ && valueTemplate=charts/lagoon-test/ci/linter-values.yaml \ - && envsubst < $$valueTemplate.tpl > $$valueTemplate + && envsubst < $$valueTemplate.tpl > $$valueTemplate \ + && cat $$valueTemplate ifneq ($(SKIP_ALL_DEPS),true) ifneq ($(SKIP_INSTALL_REGISTRY),true) fill-test-ci-values: install-registry endif -fill-test-ci-values: install-ingress install-lagoon-core install-lagoon-remote install-nfs-server-provisioner +fill-test-ci-values: install-ingress install-lagoon-core install-lagoon-remote install-bulk-storageclass endif .PHONY: install-ingress @@ -76,9 +80,10 @@ install-ingress: --set controller.service.nodePorts.http=32080 \ --set controller.service.nodePorts.https=32443 \ --set controller.config.proxy-body-size=100m \ + --set controller.config.hsts="false" \ --set controller.watchIngressWithoutClass=true \ --set controller.ingressClassResource.default=true \ - --version=4.1.3 \ + --version=4.5.2 \ ingress-nginx \ ingress-nginx/ingress-nginx @@ -98,23 +103,10 @@ install-registry: install-ingress --set clair.enabled=false \ --set notary.enabled=false \ --set trivy.enabled=false \ - --version=1.9.1 \ + --version=1.11.0 \ registry \ harbor/harbor -.PHONY: install-nfs-server-provisioner -install-nfs-server-provisioner: - $(HELM) upgrade \ - --install \ - --create-namespace \ - --namespace nfs-server-provisioner \ - --wait \ - --timeout $(TIMEOUT) \ - --set storageClass.name=bulk \ - --version=1.1.3 \ - nfs-server-provisioner \ - stable/nfs-server-provisioner - .PHONY: install-mariadb install-mariadb: # root password is required on upgrade if the chart is already installed @@ -125,7 +117,7 @@ install-mariadb: --wait \ --timeout $(TIMEOUT) \ $$($(KUBECTL) get ns mariadb > /dev/null 2>&1 && echo --set auth.rootPassword=$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')) \ - --version=10.5.1 \ + --version=11.4.7 \ mariadb \ bitnami/mariadb @@ -138,8 +130,8 @@ install-postgresql: --namespace postgresql \ --wait \ --timeout $(TIMEOUT) \ - $$($(KUBECTL) get ns postgresql > /dev/null 2>&1 && echo --set postgresqlPassword=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgresql-password" | @base64d')) \ - --version=10.16.2 \ + $$($(KUBECTL) get ns postgresql > /dev/null 2>&1 && echo --set auth.postgresPassword=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')) \ + --version=11.9.13 \ postgresql \ bitnami/postgresql @@ -153,7 +145,7 @@ install-mongodb: --timeout $(TIMEOUT) \ $$($(KUBECTL) get ns mongodb > /dev/null 2>&1 && echo --set auth.rootPassword=$$($(KUBECTL) get secret --namespace mongodb mongodb -o json | $(JQ) -r '.data."mongodb-root-password" | @base64d')) \ --set tls.enabled=false \ - --version=11.2.0 \ + --version=12.1.31 \ mongodb \ bitnami/mongodb @@ -167,7 +159,7 @@ install-minio: install-ingress --timeout $(TIMEOUT) \ --set auth.rootUser=lagoonFilesAccessKey,auth.rootPassword=lagoonFilesSecretKey \ --set defaultBuckets=lagoon-files \ - --version=11.6.3 \ + --version=12.1.7 \ minio \ bitnami/minio @@ -183,10 +175,12 @@ install-lagoon-core: install-minio --values ./charts/lagoon-core/ci/linter-values.yaml \ $$([ $(IMAGE_TAG) ] && echo '--set imageTag=$(IMAGE_TAG)') \ $$([ $(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE) ] && echo '--set overwriteActiveStandbyTaskImage=$(OVERRIDE_ACTIVE_STANDBY_TASK_IMAGE)') \ + $$([ $(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE) ] && echo '--set buildDeployImage.default.image=$(OVERRIDE_BUILD_DEPLOY_DIND_IMAGE)') \ $$([ $(DISABLE_CORE_HARBOR) ] && echo '--set api.additionalEnvs.DISABLE_CORE_HARBOR=$(DISABLE_CORE_HARBOR)') \ + $$([ $(OPENSEARCH_INTEGRATION_ENABLED) ] && echo '--set api.additionalEnvs.OPENSEARCH_INTEGRATION_ENABLED=$(OPENSEARCH_INTEGRATION_ENABLED)') \ --set "keycloakAPIURL=http://lagoon-keycloak.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/auth" \ --set "lagoonAPIURL=http://lagoon-api.$$($(KUBECTL) get nodes -o jsonpath='{.items[0].status.addresses[0].address}').nip.io:32080/graphql" \ - --set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler \ + --set actionsHandler.image.repository=$(IMAGE_REGISTRY)/actions-handler \ --set api.image.repository=$(IMAGE_REGISTRY)/api \ --set apiDB.image.repository=$(IMAGE_REGISTRY)/api-db \ --set apiRedis.image.repository=$(IMAGE_REGISTRY)/api-redis \ @@ -194,19 +188,16 @@ install-lagoon-core: install-minio --set autoIdler.enabled=false \ --set backupHandler.enabled=false \ --set broker.image.repository=$(IMAGE_REGISTRY)/broker \ - --set controllerhandler.image.repository=$(IMAGE_REGISTRY)/controllerhandler \ --set insightsHandler.enabled=false \ --set keycloak.image.repository=$(IMAGE_REGISTRY)/keycloak \ --set keycloakDB.image.repository=$(IMAGE_REGISTRY)/keycloak-db \ - --set logs2notifications.image.repository=testlagoon/logs2notifications \ - --set logs2notifications.image.tag=main \ + --set logs2notifications.image.repository=$(IMAGE_REGISTRY)/logs2notifications \ --set logs2notifications.email.disabled=true \ --set logs2notifications.microsoftteams.disabled=true \ --set logs2notifications.rocketchat.disabled=true \ --set logs2notifications.slack.disabled=true \ --set logs2notifications.webhooks.disabled=true \ --set ssh.image.repository=$(IMAGE_REGISTRY)/ssh \ - --set storageCalculator.enabled=false \ --set webhookHandler.image.repository=$(IMAGE_REGISTRY)/webhook-handler \ --set webhooks2tasks.image.repository=$(IMAGE_REGISTRY)/webhooks2tasks \ --set s3FilesAccessKeyID=lagoonFilesAccessKey \ @@ -230,7 +221,7 @@ install-lagoon-core: install-minio ./charts/lagoon-core .PHONY: install-lagoon-remote -install-lagoon-remote: install-lagoon-build-deploy install-lagoon-core install-mariadb install-postgresql install-mongodb install-nfs-server-provisioner +install-lagoon-remote: install-lagoon-build-deploy install-lagoon-core install-mariadb install-postgresql install-mongodb install-bulk-storageclass $(HELM) dependency build ./charts/lagoon-remote/ $(HELM) upgrade \ --install \ @@ -248,7 +239,7 @@ install-lagoon-remote: install-lagoon-build-deploy install-lagoon-core install-m --set "dbaas-operator.mariadbProviders.development.user=root" \ --set "dbaas-operator.postgresqlProviders.development.environment=development" \ --set "dbaas-operator.postgresqlProviders.development.hostname=postgresql.postgresql.svc.cluster.local" \ - --set "dbaas-operator.postgresqlProviders.development.password=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgresql-password" | @base64d')" \ + --set "dbaas-operator.postgresqlProviders.development.password=$$($(KUBECTL) get secret --namespace postgresql postgresql -o json | $(JQ) -r '.data."postgres-password" | @base64d')" \ --set "dbaas-operator.postgresqlProviders.development.port=5432" \ --set "dbaas-operator.postgresqlProviders.development.user=postgres" \ --set "dbaas-operator.mongodbProviders.development.environment=development" \ @@ -290,6 +281,7 @@ install-lagoon-build-deploy: install-lagoon-core install-registry $$([ $(BUILD_DEPLOY_CONTROLLER_ROOTLESS_BUILD_PODS) ] && echo '--set rootlessBuildPods=true') \ $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD) ] && echo '--set lagoonFeatureFlagDefaultRootlessWorkload=$(LAGOON_FEATURE_FLAG_DEFAULT_ROOTLESS_WORKLOAD)') \ $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY) ] && echo '--set lagoonFeatureFlagDefaultIsolationNetworkPolicy=$(LAGOON_FEATURE_FLAG_DEFAULT_ISOLATION_NETWORK_POLICY)') \ + $$([ $(LAGOON_FEATURE_FLAG_DEFAULT_RWX_TO_RWO) ] && echo '--set lagoonFeatureFlagDefaultRWX2RWO=$(LAGOON_FEATURE_FLAG_DEFAULT_RWX_TO_RWO)') \ lagoon-build-deploy \ ./charts/lagoon-build-deploy @@ -297,6 +289,10 @@ install-lagoon-build-deploy: install-lagoon-core install-registry # The following targets facilitate local development only and aren't used in CI. # +.PHONY: install-bulk-storageclass +install-bulk-storageclass: + $(KUBECTL) apply -f ./ci/storageclass/local-path-bulk.yaml + .PHONY: create-kind-cluster create-kind-cluster: docker network inspect kind >/dev/null || docker network create kind \ @@ -305,18 +301,18 @@ create-kind-cluster: && envsubst < test-suite.kind-config.calico.yaml.tpl > test-suite.kind-config.calico.yaml ifeq ($(USE_CALICO_CNI),true) kind create cluster --wait=60s --config=test-suite.kind-config.calico.yaml \ - && kubectl apply -f ./ci/calico/tigera-operator.yaml \ - && kubectl apply -f ./ci/calico/custom-resources.yaml + && $(KUBECTL) create -f ./ci/calico/tigera-operator.yaml --context kind-chart-testing \ + && $(KUBECTL) create -f ./ci/calico/custom-resources.yaml --context kind-chart-testing .PHONY: install-calico install-calico: - $(KUBECTL) apply -f ./ci/calico/tigera-operator.yaml \ - && $(KUBECTL) apply -f ./ci/calico/custom-resources.yaml + $(KUBECTL) create -f ./ci/calico/tigera-operator.yaml \ + && $(KUBECTL) create -f ./ci/calico/custom-resources.yaml # add dependencies to ensure calico gets installed in the correct order install-ingress: install-calico install-registry: install-calico -install-nfs-server-provisioner: install-calico +install-bulk-storageclass: install-calico install-mariadb: install-calico install-postgresql: install-calico install-mongodb: install-calico @@ -327,7 +323,7 @@ else endif .PHONY: install-test-cluster -install-test-cluster: install-ingress install-registry install-nfs-server-provisioner install-mariadb install-postgresql install-mongodb install-minio +install-test-cluster: install-ingress install-registry install-bulk-storageclass install-mariadb install-postgresql install-mongodb install-minio .PHONY: install-lagoon install-lagoon: install-lagoon-core install-lagoon-remote diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index 24e541b0..8178e863 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -12,10 +12,15 @@ maintainers: - name: smlx email: scott.leggett@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" type: application -version: 0.15.0 +version: 0.22.0 -appVersion: v0.6.0 +appVersion: v0.12.0 + +annotations: + artifacthub.io/changes: | + - kind: changed + description: update remote-controller appVersion to v0.12.0 diff --git a/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoonbuilds.yaml b/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoonbuilds.yaml index 6525d28a..cd93f697 100644 --- a/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoonbuilds.yaml +++ b/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoonbuilds.yaml @@ -239,10 +239,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -332,10 +328,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -427,10 +419,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -524,10 +512,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: diff --git a/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoontasks.yaml b/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoontasks.yaml index 94465abf..74f095ad 100644 --- a/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoontasks.yaml +++ b/charts/lagoon-build-deploy/crds/crd.lagoon.sh_lagoontasks.yaml @@ -210,10 +210,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -303,10 +299,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -398,10 +390,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: @@ -495,10 +483,6 @@ spec: type: string logLink: type: string - monitoringUrls: - items: - type: string - type: array project: type: string projectId: diff --git a/charts/lagoon-build-deploy/templates/deployment.yaml b/charts/lagoon-build-deploy/templates/deployment.yaml index 8df2749d..9ed627a1 100644 --- a/charts/lagoon-build-deploy/templates/deployment.yaml +++ b/charts/lagoon-build-deploy/templates/deployment.yaml @@ -1,3 +1,5 @@ +{{- $rabbitMQHostname := coalesce (.Values.global).rabbitMQHostname .Values.rabbitMQHostname }} + apiVersion: apps/v1 kind: Deployment metadata: @@ -156,6 +158,12 @@ spec: {{- with .Values.QoSDefault }} - "--qos-default={{ . }}" {{- end }} + {{- with .Values.timeoutForLongRunningBuildPods }} + - "--timeout-longrunning-build-pod-cleanup={{ . }}" + {{- end }} + {{- with .Values.timeoutForLongRunningTaskPods }} + - "--timeout-longrunning-task-pod-cleanup={{ . }}" + {{- end }} {{- with .Values.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} @@ -214,10 +222,22 @@ spec: value: {{ . | quote }} {{- end }} {{- end }} + {{- with .Values.adminLagoonFeatureFlag.containerMemoryLimit }} + - name: ADMIN_LAGOON_FEATURE_FLAG_CONTAINER_MEMORY_LIMIT + value: {{ . | quote}} + {{- end }} + {{- with .Values.adminLagoonFeatureFlag.ephemeralStorageRequests }} + - name: ADMIN_LAGOON_FEATURE_FLAG_EPHEMERAL_STORAGE_REQUESTS + value: {{ . | quote}} + {{- end }} + {{- with .Values.adminLagoonFeatureFlag.ephemeralStorageLimit }} + - name: ADMIN_LAGOON_FEATURE_FLAG_EPHEMERAL_STORAGE_LIMIT + value: {{ . | quote}} + {{- end }} - name: PENDING_MESSAGE_CRON value: {{ .Values.pendingMessageCron | quote }} - name: RABBITMQ_HOSTNAME - value: {{ required "A valid .Values.rabbitMQHostname required!" .Values.rabbitMQHostname | quote }} + value: {{ required "A valid rabbitMQHostname required!" $rabbitMQHostname | quote }} - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: diff --git a/charts/lagoon-build-deploy/templates/secret.yaml b/charts/lagoon-build-deploy/templates/secret.yaml index eb16b0b5..b1b2c502 100644 --- a/charts/lagoon-build-deploy/templates/secret.yaml +++ b/charts/lagoon-build-deploy/templates/secret.yaml @@ -1,3 +1,6 @@ +{{- $rabbitMQUsername := coalesce (.Values.global).rabbitMQUsername .Values.rabbitMQUsername }} +{{- $rabbitMQPassword := coalesce (.Values.global).rabbitMQPassword .Values.rabbitMQPassword }} + apiVersion: v1 kind: Secret type: Opaque @@ -6,5 +9,5 @@ metadata: labels: {{- include "lagoon-build-deploy.labels" . | nindent 4 }} stringData: - RABBITMQ_PASSWORD: {{ required "A valid .Values.rabbitMQPassword required!" .Values.rabbitMQPassword | quote }} - RABBITMQ_USERNAME: {{ required "A valid .Values.rabbitMQUsername required!" .Values.rabbitMQUsername | quote }} + RABBITMQ_PASSWORD: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }} + RABBITMQ_USERNAME: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }} diff --git a/charts/lagoon-build-deploy/values.yaml b/charts/lagoon-build-deploy/values.yaml index 9c56c746..2ddab0d5 100644 --- a/charts/lagoon-build-deploy/values.yaml +++ b/charts/lagoon-build-deploy/values.yaml @@ -1,4 +1,5 @@ # the following values are requried and have no sensible default +global: {} lagoonTargetName: "" rabbitMQHostname: "" @@ -79,6 +80,23 @@ extraEnvs: # the following values are defaults which may be overridden +# the number of hours a build/task pod can run before forcefully cancelled. +timeoutForLongRunningBuildPods: 6 +timeoutForLongRunningTaskPods: 6 + +adminLagoonFeatureFlag: + # Set the memory resource limit for containers deployed by Lagoon. + containerMemoryLimit: 16Gi + # Set the ephemeral storage limit for containers deployed by Lagoon. + # Setting just the limit will also set requests to be the same value. + # See the kubernetes docs before using these values to ensure you know what they do based on your workloads and nodes allocatable values + # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#setting-requests-and-limits-for-local-ephemeral-storage + # Specifically how pods with requests are scheduled here https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#how-pods-with-ephemeral-storage-requests-are-scheduled + # You need to be aware that setting the limit or requests will impact how your pods are scheduled + # You may need to set the requests to be a very low value to maintain your desired pod density for Lagoon deployed environments + # ephemeralStorageRequests: 100Mi + # ephemeralStorageLimit: 4Gi + # rootlessBuildPods tells the build-deploy controller to create build pods # which do not run as root. See https://github.com/amazeeio/lagoon/pull/2481 # for details. diff --git a/charts/lagoon-core/Chart.lock b/charts/lagoon-core/Chart.lock index 152cc304..f404f187 100644 --- a/charts/lagoon-core/Chart.lock +++ b/charts/lagoon-core/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ - version: 0.18.0 -digest: sha256:3e8ec1b8a84fb0142cfd4ffd629822536a5cfb46f1e1bff950a97c322edd2295 -generated: "2022-09-13T09:48:38.604636+08:00" + version: 0.18.3 +digest: sha256:23ec68e1604f1b9f90bd9571e7e17c6101524be61b304de03f378a31a6c55fbd +generated: "2022-11-24T11:53:36.184266854+11:00" diff --git a/charts/lagoon-core/Chart.yaml b/charts/lagoon-core/Chart.yaml index aaa2e8a3..0e3fd53c 100644 --- a/charts/lagoon-core/Chart.yaml +++ b/charts/lagoon-core/Chart.yaml @@ -11,7 +11,7 @@ maintainers: - name: shreddedbacon email: ben.jackson@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" # Application charts are a collection of templates that can be packaged into # versioned archives to be deployed. @@ -21,16 +21,24 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.11.0 +version: 1.30.0 # This is the version number of the application being deployed. This version # number should be incremented each time you make changes to the application. # Versions are not expected to follow Semantic Versioning. They should reflect # the version the application is using. -appVersion: v2.9.2 +appVersion: v2.15.0 dependencies: - name: nats version: ~0.18.0 repository: https://nats-io.github.io/k8s/helm/charts/ condition: nats.enabled + +# This section is used to collect a changelog for artifacthub.io +# It should be started afresh for each release +# Valid supported kinds are added, changed, deprecated, removed, fixed and security +annotations: + artifacthub.io/changes: | + - kind: changed + description: bump lagoon-opensearch-sync version to v0.7.0 diff --git a/charts/lagoon-core/README.md b/charts/lagoon-core/README.md index db50dcbf..eb0451b2 100644 --- a/charts/lagoon-core/README.md +++ b/charts/lagoon-core/README.md @@ -23,8 +23,6 @@ logs2slack: enabled: false logs2webhook: enabled: false -storageCalculator: - enabled: false webhookHandler: enabled: false webhooks2tasks: diff --git a/charts/lagoon-core/ci/linter-values.yaml b/charts/lagoon-core/ci/linter-values.yaml index f64823d5..4d8f1d1d 100644 --- a/charts/lagoon-core/ci/linter-values.yaml +++ b/charts/lagoon-core/ci/linter-values.yaml @@ -23,13 +23,6 @@ defaultIngressClassName: nginx lagoonAPIURL: https://api.example.com/graphql keycloakAPIURL: https://keycloak.example.com/auth -buildDeployImage: - default: - image: uselagoon/build-deploy-image:latest - edge: - enabled: true - image: uselagoon/build-deploy-image:edge - api: replicaCount: 1 image: @@ -44,6 +37,7 @@ apiRedis: image: repository: uselagoon/api-redis +# TODO - update repo/tag before v2.11 release actionsHandler: replicaCount: 1 image: @@ -83,7 +77,6 @@ ui: replicaCount: 1 image: repository: uselagoon/ui - tag: main backupHandler: replicaCount: 1 @@ -95,15 +88,10 @@ insightsHandler: repository: uselagoon/insights-handler tag: main -storageCalculator: - image: - repository: uselagoon/storage-calculator - logs2notifications: replicaCount: 1 image: - repository: testlagoon/logs2notifications - tag: main + repository: uselagoon/logs2notifications drushAlias: replicaCount: 1 @@ -122,6 +110,26 @@ sshPortalAPI: serviceMonitor: enabled: false +sshToken: + enabled: true + replicaCount: 1 + debug: true + serviceMonitor: + enabled: false + service: + type: NodePort + ports: + sshserver: 2223 + hostKeys: + ed25519: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACA/YqlzbdTqR53BHcDhvP0EVepZ66ZIT2HaXSpxdzwhMgAAAIgc+EPKHPhD + ygAAAAtzc2gtZWQyNTUxOQAAACA/YqlzbdTqR53BHcDhvP0EVepZ66ZIT2HaXSpxdzwhMg + AAAECW61aE011GKLSFBJ82G6oGEOjJSUV3STx16veSvX38kD9iqXNt1OpHncEdwOG8/QRV + 6lnrpkhPYdpdKnF3PCEyAAAAAAECAwQF + -----END OPENSSH PRIVATE KEY----- + controllerhandler: replicaCount: 1 image: diff --git a/charts/lagoon-core/templates/_helpers.tpl b/charts/lagoon-core/templates/_helpers.tpl index 1a03d1e7..b385141b 100644 --- a/charts/lagoon-core/templates/_helpers.tpl +++ b/charts/lagoon-core/templates/_helpers.tpl @@ -1,4 +1,3 @@ -{{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} @@ -76,6 +75,12 @@ app.kubernetes.io/component: {{ include "lagoon-core.api.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Create a default fully qualified app name for api-migratedb-job. +*/}} +{{- define "lagoon-core.apiMigrateDB.fullname" -}} +{{- include "lagoon-core.fullname" . }}-api-migratedb +{{- end }} {{/* @@ -459,36 +464,6 @@ app.kubernetes.io/component: {{ include "lagoon-core.insightsHandler.fullname" . app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - -{{/* -Create a default fully qualified app name for storage-calculator. -*/}} -{{- define "lagoon-core.storageCalculator.fullname" -}} -{{- include "lagoon-core.fullname" . }}-storage-calculator -{{- end }} - -{{/* -Common labels storage-calculator. -*/}} -{{- define "lagoon-core.storageCalculator.labels" -}} -helm.sh/chart: {{ include "lagoon-core.chart" . }} -{{ include "lagoon-core.storageCalculator.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels storage-calculator. -*/}} -{{- define "lagoon-core.storageCalculator.selectorLabels" -}} -app.kubernetes.io/name: {{ include "lagoon-core.name" . }} -app.kubernetes.io/component: {{ include "lagoon-core.storageCalculator.fullname" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - - {{/* Create a default fully qualified app name for logs2notifications. */}} @@ -575,20 +550,22 @@ app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} - {{/* -Create a default fully qualified app name for controllerhandler. +--- WORKFLOWS --- +*/}} +{{/* +Create a default fully qualified app name for workflows. */}} -{{- define "lagoon-core.controllerhandler.fullname" -}} -{{- include "lagoon-core.fullname" . }}-controllerhandler +{{- define "lagoon-core.workflows.fullname" -}} +{{- include "lagoon-core.fullname" . }}-workflows {{- end }} {{/* -Common labels controllerhandler. +Common labels workflows */}} -{{- define "lagoon-core.controllerhandler.labels" -}} +{{- define "lagoon-core.workflows.labels" -}} helm.sh/chart: {{ include "lagoon-core.chart" . }} -{{ include "lagoon-core.controllerhandler.selectorLabels" . }} +{{ include "lagoon-core.workflows.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -596,31 +573,38 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* -Selector labels controllerhandler. +Selector labels workflows */}} -{{- define "lagoon-core.controllerhandler.selectorLabels" -}} +{{- define "lagoon-core.workflows.selectorLabels" -}} app.kubernetes.io/name: {{ include "lagoon-core.name" . }} -app.kubernetes.io/component: {{ include "lagoon-core.controllerhandler.fullname" . }} +app.kubernetes.io/component: {{ include "lagoon-core.workflows.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + {{/* ---- WORKFLOWS --- +Create a default fully qualified app name for the nats subchart. */}} +{{- define "lagoon-core.nats.fullname" -}} +{{- include "lagoon-core.fullname" . }}-nats +{{- end }} + + + {{/* -Create a default fully qualified app name for workflows. +Create a default fully qualified app name for ssh-portal-api. */}} -{{- define "lagoon-core.workflows.fullname" -}} -{{- include "lagoon-core.fullname" . }}-workflows +{{- define "lagoon-core.sshPortalAPI.fullname" -}} +{{- include "lagoon-core.fullname" . }}-ssh-portal-api {{- end }} {{/* -Common labels workflows +Common labels ssh-portal-api. */}} -{{- define "lagoon-core.workflows.labels" -}} +{{- define "lagoon-core.sshPortalAPI.labels" -}} helm.sh/chart: {{ include "lagoon-core.chart" . }} -{{ include "lagoon-core.workflows.selectorLabels" . }} +{{ include "lagoon-core.sshPortalAPI.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -628,45 +612,59 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* -Selector labels workflows +Selector labels ssh-portal-api. */}} -{{- define "lagoon-core.workflows.selectorLabels" -}} +{{- define "lagoon-core.sshPortalAPI.selectorLabels" -}} app.kubernetes.io/name: {{ include "lagoon-core.name" . }} -app.kubernetes.io/component: {{ include "lagoon-core.workflows.fullname" . }} +app.kubernetes.io/component: {{ include "lagoon-core.sshPortalAPI.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} {{/* -Create a default fully qualified app name for the nats subchart. +Create a default fully qualified app name for opensearch-sync. */}} -{{- define "lagoon-core.nats.fullname" -}} -{{- include "lagoon-core.fullname" . }}-nats +{{- define "lagoon-core.opensearchSync.fullname" -}} +{{- include "lagoon-core.fullname" . }}-opensearch-sync {{- end }} - +{{/* +Common labels opensearch-sync. +*/}} +{{- define "lagoon-core.opensearchSync.labels" -}} +helm.sh/chart: {{ include "lagoon-core.chart" . }} +{{ include "lagoon-core.opensearchSync.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} {{/* -Create the name of the service account to use for ssh-portal-api. +Selector labels opensearch-sync. */}} -{{- define "lagoon-core.sshPortalAPI.serviceAccountName" -}} -{{- default (include "lagoon-core.sshPortalAPI.fullname" .) .Values.sshPortalAPI.serviceAccount.name }} +{{- define "lagoon-core.opensearchSync.selectorLabels" -}} +app.kubernetes.io/name: {{ include "lagoon-core.name" . }} +app.kubernetes.io/component: {{ include "lagoon-core.opensearchSync.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + + {{/* -Create a default fully qualified app name for ssh-portal-api. +Create a default fully qualified app name for ssh-token. */}} -{{- define "lagoon-core.sshPortalAPI.fullname" -}} -{{- include "lagoon-core.fullname" . }}-ssh-portal-api +{{- define "lagoon-core.sshToken.fullname" -}} +{{- include "lagoon-core.fullname" . }}-ssh-token {{- end }} {{/* -Common labels ssh-portal-api. +Common labels ssh-token. */}} -{{- define "lagoon-core.sshPortalAPI.labels" -}} +{{- define "lagoon-core.sshToken.labels" -}} helm.sh/chart: {{ include "lagoon-core.chart" . }} -{{ include "lagoon-core.sshPortalAPI.selectorLabels" . }} +{{ include "lagoon-core.sshToken.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -674,10 +672,21 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* -Selector labels ssh-portal-api. +Selector labels ssh-token. */}} -{{- define "lagoon-core.sshPortalAPI.selectorLabels" -}} +{{- define "lagoon-core.sshToken.selectorLabels" -}} app.kubernetes.io/name: {{ include "lagoon-core.name" . }} -app.kubernetes.io/component: {{ include "lagoon-core.sshPortalAPI.fullname" . }} +app.kubernetes.io/component: {{ include "lagoon-core.sshToken.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + +{{/* +Get HorizontalPodAutoscaler API Version - can be removed once Kubernetes 1.23 is the minimum +*/}} +{{- define "lagoon-core.hpa.apiVersion" -}} + {{- if (.Capabilities.APIVersions.Has "autoscaling/v2") -}} + autoscaling/v2 + {{- else -}} + autoscaling/v2beta2 + {{- end -}} +{{- end -}} diff --git a/charts/lagoon-core/templates/actions-handler.hpa.yaml b/charts/lagoon-core/templates/actions-handler.hpa.yaml index 37a60f71..0766cf98 100644 --- a/charts/lagoon-core/templates/actions-handler.hpa.yaml +++ b/charts/lagoon-core/templates/actions-handler.hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.actionsHandler.enabled .Values.actionsHandler.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.actionsHandler.fullname" . }} diff --git a/charts/lagoon-core/templates/api.hpa.yaml b/charts/lagoon-core/templates/api.hpa.yaml index 2ffe28fc..37c8c9ba 100644 --- a/charts/lagoon-core/templates/api.hpa.yaml +++ b/charts/lagoon-core/templates/api.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.api.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.api.fullname" . }} diff --git a/charts/lagoon-core/templates/api.migratedb.job.yaml b/charts/lagoon-core/templates/api.migratedb.job.yaml new file mode 100644 index 00000000..74e40cc5 --- /dev/null +++ b/charts/lagoon-core/templates/api.migratedb.job.yaml @@ -0,0 +1,56 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "lagoon-core.apiMigrateDB.fullname" . }} + labels: + {{- include "lagoon-core.api.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install, pre-upgrade + "helm.sh/hook-weight": "-5" +spec: + backoffLimit: 2 + template: + metadata: + labels: + {{- include "lagoon-core.api.selectorLabels" . | nindent 8 }} + spec: + restartPolicy: Never + securityContext: + {{- toYaml .Values.api.securityContext | nindent 8 }} + terminationGracePeriodSeconds: 120 + containers: + - name: api-migratedb + args: + - ./node_modules/.bin/knex migrate:list --cwd /app/services/api/database; + ./node_modules/.bin/knex migrate:latest --cwd /app/services/api/database + image: {{ .Values.api.image.repository }}:{{ coalesce .Values.api.image.tag .Values.imageTag .Chart.AppVersion }} + imagePullPolicy: {{ .Values.api.image.pullPolicy }} + command: + - /bin/sh + - -c + securityContext: + {{- toYaml .Values.api.securityContext | nindent 10 }} + env: + - name: API_DB_HOST + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: API_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD + - name: LAGOON_VERSION + value: {{ .Chart.AppVersion | replace "-" "." }} + {{- range $key, $val := .Values.api.additionalEnvs }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + resources: + {{- toYaml .Values.api.resources | nindent 10 }} + {{- with .Values.api.nodeSelector }} + nodeSelector: + {{ toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/lagoon-core/templates/auth-server.deployment.yaml b/charts/lagoon-core/templates/auth-server.deployment.yaml index d4eb515a..d714770b 100644 --- a/charts/lagoon-core/templates/auth-server.deployment.yaml +++ b/charts/lagoon-core/templates/auth-server.deployment.yaml @@ -1,3 +1,4 @@ +{{- if .Values.ssh.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -94,3 +95,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/auth-server.hpa.yaml b/charts/lagoon-core/templates/auth-server.hpa.yaml index 5f402a55..a921136a 100644 --- a/charts/lagoon-core/templates/auth-server.hpa.yaml +++ b/charts/lagoon-core/templates/auth-server.hpa.yaml @@ -1,5 +1,5 @@ -{{- if .Values.authServer.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +{{- if and .Values.ssh.enabled .Values.authServer.autoscaling.enabled -}} +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.authServer.fullname" . }} diff --git a/charts/lagoon-core/templates/auth-server.service.yaml b/charts/lagoon-core/templates/auth-server.service.yaml index 5b69e491..8b2c2e4a 100644 --- a/charts/lagoon-core/templates/auth-server.service.yaml +++ b/charts/lagoon-core/templates/auth-server.service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.ssh.enabled -}} apiVersion: v1 kind: Service metadata: @@ -16,3 +17,4 @@ spec: name: http selector: {{- include "lagoon-core.authServer.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/lagoon-core/templates/backup-handler.hpa.yaml b/charts/lagoon-core/templates/backup-handler.hpa.yaml index 94d1284f..dfe335a9 100644 --- a/charts/lagoon-core/templates/backup-handler.hpa.yaml +++ b/charts/lagoon-core/templates/backup-handler.hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.backupHandler.enabled .Values.backupHandler.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.backupHandler.fullname" . }} diff --git a/charts/lagoon-core/templates/broker.hpa.yaml b/charts/lagoon-core/templates/broker.hpa.yaml index 7898993f..0ac81290 100644 --- a/charts/lagoon-core/templates/broker.hpa.yaml +++ b/charts/lagoon-core/templates/broker.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.broker.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.broker.fullname" . }} diff --git a/charts/lagoon-core/templates/controllerhandler.deployment.yaml b/charts/lagoon-core/templates/controllerhandler.deployment.yaml deleted file mode 100644 index df46db2f..00000000 --- a/charts/lagoon-core/templates/controllerhandler.deployment.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- if .Values.controllerhandler.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "lagoon-core.controllerhandler.fullname" . }} - labels: - {{- include "lagoon-core.controllerhandler.labels" . | nindent 4 }} -spec: -{{- if not .Values.controllerhandler.autoscaling.enabled }} - replicas: {{ .Values.controllerhandler.replicaCount }} -{{- end }} - selector: - matchLabels: - {{- include "lagoon-core.controllerhandler.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - checksum/broker.secret: {{ include (print $.Template.BasePath "/broker.secret.yaml") . | sha256sum }} - {{- with .Values.controllerhandler.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "lagoon-core.controllerhandler.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - securityContext: - {{- toYaml (coalesce .Values.controllerhandler.podSecurityContext .Values.podSecurityContext) | nindent 8 }} - containers: - - name: controllerhandler - securityContext: - {{- toYaml .Values.controllerhandler.securityContext | nindent 10 }} - image: "{{ .Values.controllerhandler.image.repository }}:{{ coalesce .Values.controllerhandler.image.tag .Values.imageTag .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.controllerhandler.image.pullPolicy }} - env: - - name: API_HOST - value: http://{{ include "lagoon-core.api.fullname" . }}:{{ .Values.api.service.port }} - - name: JWTSECRET - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.fullname" . }}-secrets - key: JWTSECRET - - name: LAGOON_VERSION - value: {{ .Chart.AppVersion | replace "-" "." }} - - name: RABBITMQ_HOST - value: {{ include "lagoon-core.broker.fullname" . }} - - name: RABBITMQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.broker.fullname" . }} - key: RABBITMQ_PASSWORD - - name: RABBITMQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.broker.fullname" . }} - key: RABBITMQ_USERNAME - - name: REGISTRY - value: {{ required "A valid .Values.registry required!" .Values.registry | quote }} - {{- range $key, $val := .Values.controllerhandler.additionalEnvs }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - resources: - {{- toYaml .Values.controllerhandler.resources | nindent 10 }} - {{- with .Values.controllerhandler.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controllerhandler.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controllerhandler.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/lagoon-core/templates/drush-alias.hpa.yaml b/charts/lagoon-core/templates/drush-alias.hpa.yaml index 35886210..a5daaa8d 100644 --- a/charts/lagoon-core/templates/drush-alias.hpa.yaml +++ b/charts/lagoon-core/templates/drush-alias.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.drushAlias.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.drushAlias.fullname" . }} diff --git a/charts/lagoon-core/templates/insights-handler.hpa.yaml b/charts/lagoon-core/templates/insights-handler.hpa.yaml index 23c5ccfc..e17df3ef 100644 --- a/charts/lagoon-core/templates/insights-handler.hpa.yaml +++ b/charts/lagoon-core/templates/insights-handler.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.insightsHandler.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.insightsHandler.fullname" . }} diff --git a/charts/lagoon-core/templates/keycloak.secret.yaml b/charts/lagoon-core/templates/keycloak.secret.yaml index 1b452534..55b7465c 100644 --- a/charts/lagoon-core/templates/keycloak.secret.yaml +++ b/charts/lagoon-core/templates/keycloak.secret.yaml @@ -10,6 +10,7 @@ This somewhat complex logic is intended to: {{- $keycloakAPIClientSecret := coalesce .Values.keycloakAPIClientSecret (ternary uuidv4 (index $data "KEYCLOAK_API_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_API_CLIENT_SECRET" | empty)) }} {{- $keycloakAuthServerClientSecret := coalesce .Values.keycloakAuthServerClientSecret (ternary uuidv4 (index $data "KEYCLOAK_AUTH_SERVER_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_AUTH_SERVER_CLIENT_SECRET" | empty)) }} {{- $keycloakServiceAPIClientSecret := coalesce .Values.keycloakServiceAPIClientSecret (ternary uuidv4 (index $data "KEYCLOAK_SERVICE_API_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_SERVICE_API_CLIENT_SECRET" | empty)) }} +{{- $keycloakLagoonOpensearchSyncClientSecret := coalesce .Values.keycloakLagoonOpensearchSyncClientSecret (ternary uuidv4 (index $data "KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET" | default "" | b64dec) (index $data "KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET" | empty)) }} {{- $keycloakLagoonAdminPassword := coalesce .Values.keycloakLagoonAdminPassword (ternary (randAlpha 32) (index $data "KEYCLOAK_LAGOON_ADMIN_PASSWORD" | default "" | b64dec) (index $data "KEYCLOAK_LAGOON_ADMIN_PASSWORD" | empty)) }} {{/* set the variable globally for access in NOTES */}} {{- $_ := set .Values "keycloakLagoonAdminPassword" $keycloakLagoonAdminPassword -}} @@ -26,4 +27,5 @@ stringData: KEYCLOAK_API_CLIENT_SECRET: {{ $keycloakAPIClientSecret }} KEYCLOAK_AUTH_SERVER_CLIENT_SECRET: {{ $keycloakAuthServerClientSecret | quote }} KEYCLOAK_SERVICE_API_CLIENT_SECRET: {{ $keycloakServiceAPIClientSecret | quote }} + KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET: {{ $keycloakLagoonOpensearchSyncClientSecret | quote }} KEYCLOAK_LAGOON_ADMIN_PASSWORD: {{ $keycloakLagoonAdminPassword | quote }} diff --git a/charts/lagoon-core/templates/logs2notifications.hpa.yaml b/charts/lagoon-core/templates/logs2notifications.hpa.yaml index 5b439fdb..bc7521de 100644 --- a/charts/lagoon-core/templates/logs2notifications.hpa.yaml +++ b/charts/lagoon-core/templates/logs2notifications.hpa.yaml @@ -1,8 +1,8 @@ {{- if .Values.logs2notifications.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta1 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: - name: {{ include "lagoon-core..fullname" . }} + name: {{ include "lagoon-core.logs2notifications.fullname" . }} labels: {{- include "lagoon-core.logs2notifications.labels" . | nindent 4 }} spec: @@ -17,12 +17,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.logs2notifications.autoscaling.targetCPUUtilizationPercentage }} + target: + averageUtilization: {{ .Values.logs2notifications.autoscaling.targetCPUUtilizationPercentage }} + type: Utilization {{- end }} {{- if .Values.logs2notifications.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.logs2notifications.autoscaling.targetMemoryUtilizationPercentage }} + target: + averageUtilization: {{ .Values.logs2notifications.autoscaling.targetMemoryUtilizationPercentage }} + type: Utilization {{- end }} {{- end }} diff --git a/charts/lagoon-core/templates/opensearch-sync.deployment.yaml b/charts/lagoon-core/templates/opensearch-sync.deployment.yaml new file mode 100644 index 00000000..6b6e7bc6 --- /dev/null +++ b/charts/lagoon-core/templates/opensearch-sync.deployment.yaml @@ -0,0 +1,107 @@ +{{- if .Values.opensearchSync.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "lagoon-core.opensearchSync.fullname" . }} + labels: + {{- include "lagoon-core.opensearchSync.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "lagoon-core.opensearchSync.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/keycloak.secret: {{ include (print $.Template.BasePath "/keycloak.secret.yaml") . | sha256sum }} + checksum/api.secret: {{ include (print $.Template.BasePath "/api.secret.yaml") . | sha256sum }} + checksum/api-db.secret: {{ include (print $.Template.BasePath "/api-db.secret.yaml") . | sha256sum }} + checksum/opensearch-sync.secret: {{ include (print $.Template.BasePath "/opensearch-sync.secret.yaml") . | sha256sum }} + {{- with .Values.opensearchSync.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "lagoon-core.opensearchSync.selectorLabels" . | nindent 8 }} + spec: + securityContext: + {{- toYaml (coalesce .Values.opensearchSync.podSecurityContext .Values.podSecurityContext) | nindent 8 }} + containers: + - name: lagoon-opensearch-sync + securityContext: + {{- toYaml .Values.opensearchSync.securityContext | nindent 10 }} + image: "{{ .Values.opensearchSync.image.repository }}:{{ coalesce .Values.opensearchSync.image.tag .Values.imageTag .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.opensearchSync.image.pullPolicy }} + command: + - "/lagoon-opensearch-sync" + env: + {{- if .Values.opensearchSync.debug }} + - name: DEBUG + value: "true" + {{- end }} + - name: API_DB_ADDRESS + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: API_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD + - name: KEYCLOAK_BASE_URL + value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ + - name: KEYCLOAK_CLIENT_ID + value: lagoon-opensearch-sync + - name: KEYCLOAK_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_LAGOON_OPENSEARCH_SYNC_CLIENT_SECRET + - name: OPENSEARCH_BASE_URL + value: {{ required "A valid .Values.elasticsearchURL required!" .Values.elasticsearchURL | quote }} + - name: OPENSEARCH_DASHBOARDS_BASE_URL + value: {{ required "A valid .Values.kibanaURL required!" .Values.kibanaURL | quote }} + - name: OPENSEARCH_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.api.fullname" . }} + key: LOGSDB_ADMIN_PASSWORD + - name: OPENSEARCH_CA_CERTIFICATE + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.opensearchSync.fullname" . }} + key: OPENSEARCH_CA_CERTIFICATE + {{- range $key, $val := .Values.opensearchSync.additionalEnvs }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + resources: + {{- toYaml .Values.opensearchSync.resources | nindent 10 }} + {{- with .Values.opensearchSync.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ include "lagoon-core.name" . }} + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "lagoon-core.opensearchSync.fullname" . }} + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + topologyKey: kubernetes.io/hostname + {{- with .Values.opensearchSync.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.opensearchSync.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/opensearch-sync.secret.yaml b/charts/lagoon-core/templates/opensearch-sync.secret.yaml new file mode 100644 index 00000000..0cdbc276 --- /dev/null +++ b/charts/lagoon-core/templates/opensearch-sync.secret.yaml @@ -0,0 +1,11 @@ +{{- if .Values.opensearchSync.enabled -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "lagoon-core.opensearchSync.fullname" . }} + labels: + {{- include "lagoon-core.opensearchSync.labels" . | nindent 4 }} +stringData: + OPENSEARCH_CA_CERTIFICATE: {{ required "A valid .Values.opensearchSync.opensearchCACertificate required!" .Values.opensearchSync.opensearchCACertificate | quote }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml b/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml index 4d309aa4..cd114421 100644 --- a/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml +++ b/charts/lagoon-core/templates/ssh-portal-api.deployment.yaml @@ -43,6 +43,10 @@ spec: - name: DEBUG value: "true" {{- end }} + {{- if .Values.blockDeveloperSSH }} + - name: BLOCK_DEVELOPER_SSH + value: "true" + {{- end }} - name: KEYCLOAK_BASE_URL value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ - name: KEYCLOAK_SERVICE_API_CLIENT_SECRET diff --git a/charts/lagoon-core/templates/ssh-portal-api.hpa.yaml b/charts/lagoon-core/templates/ssh-portal-api.hpa.yaml index 8e0ae96e..455900f2 100644 --- a/charts/lagoon-core/templates/ssh-portal-api.hpa.yaml +++ b/charts/lagoon-core/templates/ssh-portal-api.hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.sshPortalAPI.enabled .Values.sshPortalAPI.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta1 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.sshPortalAPI.fullname" . }} @@ -17,12 +17,16 @@ spec: - type: Resource resource: name: cpu - targetAverageUtilization: {{ .Values.sshPortalAPI.autoscaling.targetCPUUtilizationPercentage }} + target: + averageUtilization: {{ .Values.sshPortalAPI.autoscaling.targetCPUUtilizationPercentage }} + type: Utilization {{- end }} {{- if .Values.sshPortalAPI.autoscaling.targetMemoryUtilizationPercentage }} - type: Resource resource: name: memory - targetAverageUtilization: {{ .Values.sshPortalAPI.autoscaling.targetMemoryUtilizationPercentage }} + target: + averageUtilization: {{ .Values.sshPortalAPI.autoscaling.targetMemoryUtilizationPercentage }} + type: Utilization {{- end }} {{- end }} diff --git a/charts/lagoon-core/templates/ssh-token.deployment.yaml b/charts/lagoon-core/templates/ssh-token.deployment.yaml new file mode 100644 index 00000000..5df4197d --- /dev/null +++ b/charts/lagoon-core/templates/ssh-token.deployment.yaml @@ -0,0 +1,111 @@ +{{- if .Values.sshToken.enabled -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }} + labels: + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +spec: +{{- if not .Values.sshToken.autoscaling.enabled }} + replicas: {{ .Values.sshToken.replicaCount }} +{{- end }} + selector: + matchLabels: + {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/keycloak.secret: {{ include (print $.Template.BasePath "/keycloak.secret.yaml") . | sha256sum }} + checksum/api-db.secret: {{ include (print $.Template.BasePath "/api-db.secret.yaml") . | sha256sum }} + {{- with .Values.sshToken.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 8 }} + spec: + securityContext: + {{- toYaml (coalesce .Values.sshToken.podSecurityContext .Values.podSecurityContext) | nindent 8 }} + containers: + - name: ssh-token + securityContext: + {{- toYaml .Values.sshToken.securityContext | nindent 10 }} + image: "{{ .Values.sshToken.image.repository }}:{{ coalesce .Values.sshToken.image.tag .Values.imageTag .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.sshToken.image.pullPolicy }} + command: + - "/ssh-token" + env: + {{- if .Values.sshToken.debug }} + - name: DEBUG + value: "true" + {{- end }} + {{- if .Values.blockDeveloperSSH }} + - name: BLOCK_DEVELOPER_SSH + value: "true" + {{- end }} + - name: KEYCLOAK_BASE_URL + value: http://{{ include "lagoon-core.keycloak.fullname" . }}:{{ .Values.keycloak.service.port }}/ + - name: KEYCLOAK_AUTH_SERVER_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_AUTH_SERVER_CLIENT_SECRET + - name: KEYCLOAK_SERVICE_API_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.keycloak.fullname" . }} + key: KEYCLOAK_SERVICE_API_CLIENT_SECRET + - name: API_DB_ADDRESS + value: {{ include "lagoon-core.apiDB.fullname" . }} + - name: API_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-core.apiDB.fullname" . }} + key: API_DB_PASSWORD + envFrom: + - secretRef: + name: {{ include "lagoon-core.sshToken.fullname" . }} + {{- range $key, $val := .Values.sshToken.additionalEnvs }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + ports: + - name: metrics + containerPort: 9948 + protocol: TCP + - name: sshserver + containerPort: 2222 + protocol: TCP + resources: + {{- toYaml .Values.sshToken.resources | nindent 10 }} + {{- with .Values.sshToken.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 50 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ include "lagoon-core.name" . }} + - key: app.kubernetes.io/component + operator: In + values: + - {{ include "lagoon-core.sshToken.fullname" . }} + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + topologyKey: kubernetes.io/hostname + {{- with .Values.sshToken.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.sshToken.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh-token.hpa.yaml b/charts/lagoon-core/templates/ssh-token.hpa.yaml new file mode 100644 index 00000000..e2c19916 --- /dev/null +++ b/charts/lagoon-core/templates/ssh-token.hpa.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.sshToken.enabled .Values.sshToken.autoscaling.enabled -}} +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }} + labels: + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "lagoon-core.sshToken.fullname" . }} + minReplicas: {{ .Values.sshToken.autoscaling.minReplicas }} + maxReplicas: {{ .Values.sshToken.autoscaling.maxReplicas }} + metrics: + {{- if .Values.sshToken.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + averageUtilization: {{ .Values.sshToken.autoscaling.targetCPUUtilizationPercentage }} + type: Utilization + {{- end }} + {{- if .Values.sshToken.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + averageUtilization: {{ .Values.sshToken.autoscaling.targetMemoryUtilizationPercentage }} + type: Utilization + {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh-token.secret.yaml b/charts/lagoon-core/templates/ssh-token.secret.yaml new file mode 100644 index 00000000..7a8f53cf --- /dev/null +++ b/charts/lagoon-core/templates/ssh-token.secret.yaml @@ -0,0 +1,22 @@ +{{- if .Values.sshToken.enabled -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }} + labels: + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +stringData: + {{- with .Values.sshToken.hostKeys.ecdsa }} + HOST_KEY_ECDSA: |- + {{- . | nindent 4 }} + {{- end }} + {{- with .Values.sshToken.hostKeys.ed25519 }} + HOST_KEY_ED25519: |- + {{- . | nindent 4 }} + {{- end }} + {{- with .Values.sshToken.hostKeys.rsa }} + HOST_KEY_RSA: |- + {{- . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh-token.service.yaml b/charts/lagoon-core/templates/ssh-token.service.yaml new file mode 100644 index 00000000..ac6250f0 --- /dev/null +++ b/charts/lagoon-core/templates/ssh-token.service.yaml @@ -0,0 +1,32 @@ +{{- if .Values.sshToken.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }} + labels: + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +spec: + type: {{ .Values.sshToken.service.type }} + ports: + - port: {{ .Values.sshToken.service.ports.sshserver }} + targetPort: sshserver + name: sshserver + selector: + {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 4 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }}-metrics + labels: + metrics-only: "true" + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +spec: + type: {{ .Values.sshToken.metricsService.type }} + ports: + - port: {{ .Values.sshToken.metricsService.ports.metrics }} + targetPort: metrics + name: metrics + selector: + {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh-token.servicemonitor.yaml b/charts/lagoon-core/templates/ssh-token.servicemonitor.yaml new file mode 100644 index 00000000..7185cff7 --- /dev/null +++ b/charts/lagoon-core/templates/ssh-token.servicemonitor.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.sshToken.enabled .Values.sshToken.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "lagoon-core.sshToken.fullname" . }} + labels: + {{- include "lagoon-core.sshToken.labels" . | nindent 4 }} +spec: + endpoints: + - port: metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "lagoon-core.sshToken.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh.deployment.yaml b/charts/lagoon-core/templates/ssh.deployment.yaml index 0c756168..94c5e814 100644 --- a/charts/lagoon-core/templates/ssh.deployment.yaml +++ b/charts/lagoon-core/templates/ssh.deployment.yaml @@ -1,3 +1,4 @@ +{{- if .Values.ssh.enabled -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -98,3 +99,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/charts/lagoon-core/templates/ssh.hpa.yaml b/charts/lagoon-core/templates/ssh.hpa.yaml index 2057abfa..fa0b2c57 100644 --- a/charts/lagoon-core/templates/ssh.hpa.yaml +++ b/charts/lagoon-core/templates/ssh.hpa.yaml @@ -1,5 +1,5 @@ -{{- if .Values.ssh.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +{{- if and .Values.ssh.enabled .Values.ssh.autoscaling.enabled -}} +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.ssh.fullname" . }} diff --git a/charts/lagoon-core/templates/ssh.service.yaml b/charts/lagoon-core/templates/ssh.service.yaml index 138b4a08..5b1feaa4 100644 --- a/charts/lagoon-core/templates/ssh.service.yaml +++ b/charts/lagoon-core/templates/ssh.service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.ssh.enabled -}} apiVersion: v1 kind: Service metadata: @@ -17,3 +18,4 @@ spec: name: ssh selector: {{- include "lagoon-core.ssh.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/lagoon-core/templates/storage-calculator.deployment.yaml b/charts/lagoon-core/templates/storage-calculator.deployment.yaml deleted file mode 100644 index fa60d459..00000000 --- a/charts/lagoon-core/templates/storage-calculator.deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if .Values.storageCalculator.enabled -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "lagoon-core.storageCalculator.fullname" . }} - labels: - {{- include "lagoon-core.storageCalculator.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "lagoon-core.storageCalculator.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - {{- with .Values.storageCalculator.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "lagoon-core.storageCalculator.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - securityContext: - {{- toYaml (coalesce .Values.storageCalculator.podSecurityContext .Values.podSecurityContext) | nindent 8 }} - containers: - - name: storage-calculator - securityContext: - {{- toYaml .Values.storageCalculator.securityContext | nindent 10 }} - image: "{{ .Values.storageCalculator.image.repository }}:{{ coalesce .Values.storageCalculator.image.tag .Values.imageTag .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.storageCalculator.image.pullPolicy }} - env: - - name: JWTSECRET - valueFrom: - secretKeyRef: - name: {{ include "lagoon-core.fullname" . }}-secrets - key: JWTSECRET - - name: GRAPHQL_ENDPOINT - value: http://{{ include "lagoon-core.api.fullname" . }}:{{ .Values.api.service.port }}/graphql - - name: CRONJOBS - value: |- - {{ .Values.storageCalculator.cron }} /lagoon/cronjob.sh /calculate-storage.sh - {{- range $key, $val := .Values.storageCalculator.additionalEnvs }} - - name: {{ $key }} - value: {{ $val | quote }} - {{- end }} - resources: - {{- toYaml .Values.storageCalculator.resources | nindent 10 }} - {{- with .Values.storageCalculator.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.storageCalculator.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.storageCalculator.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/lagoon-core/templates/ui.hpa.yaml b/charts/lagoon-core/templates/ui.hpa.yaml index f5a0f84b..5dcba06c 100644 --- a/charts/lagoon-core/templates/ui.hpa.yaml +++ b/charts/lagoon-core/templates/ui.hpa.yaml @@ -1,5 +1,5 @@ {{- if and .Values.ui.enabled .Values.ui.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.ui.fullname" . }} diff --git a/charts/lagoon-core/templates/webhook-handler.hpa.yaml b/charts/lagoon-core/templates/webhook-handler.hpa.yaml index fd5d8688..1a16132f 100644 --- a/charts/lagoon-core/templates/webhook-handler.hpa.yaml +++ b/charts/lagoon-core/templates/webhook-handler.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.webhookHandler.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.webhookHandler.fullname" . }} diff --git a/charts/lagoon-core/templates/webhooks2tasks.hpa.yaml b/charts/lagoon-core/templates/webhooks2tasks.hpa.yaml index a6c82bff..6e39947a 100644 --- a/charts/lagoon-core/templates/webhooks2tasks.hpa.yaml +++ b/charts/lagoon-core/templates/webhooks2tasks.hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.webhooks2tasks.autoscaling.enabled -}} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-core.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-core.webhooks2tasks.fullname" . }} diff --git a/charts/lagoon-core/values.yaml b/charts/lagoon-core/values.yaml index c4a6c595..577b4ae1 100644 --- a/charts/lagoon-core/values.yaml +++ b/charts/lagoon-core/values.yaml @@ -84,6 +84,15 @@ podSecurityContext: # on the service level, if not set it falls back to chart appVersion. imageTag: "" +# This value is false by default, which means that Developers can SSH to +# Development environments as per the Lagoon documentation +# (https://docs.lagoon.sh/administering-lagoon/rbac/#developer). +# Set this to true to: +# * block Developers from SSH access to Lagoon environments; and +# * stop Developers from getting a redirect message when trying to SSH into the +# ssh-token service. +# blockDeveloperSSH: false + # the following services are part of the lagoon-core chart api: @@ -542,33 +551,14 @@ insightsHandler: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 -storageCalculator: - enabled: true - image: - repository: uselagoon/storage-calculator - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "" - - podAnnotations: {} - - securityContext: {} - - resources: {} - - cron: 5 */12 * * * - - additionalEnvs: - # FOO: Bar - logs2notifications: enabled: true replicaCount: 2 image: - repository: testlagoon/logs2notifications + repository: uselagoon/logs2notifications pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "main" + tag: "" logs2slack: disabled: true @@ -606,7 +596,7 @@ drushAlias: repository: uselagoon/drush-alias pullPolicy: Always # Overrides the image tag whose default is "latest". - tag: "v3.0.0" + tag: "v3.1.0" podAnnotations: {} @@ -642,6 +632,7 @@ drushAlias: # targetMemoryUtilizationPercentage: 80 ssh: + enabled: true replicaCount: 2 image: repository: uselagoon/ssh @@ -670,32 +661,6 @@ ssh: targetCPUUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80 -controllerhandler: - enabled: true - replicaCount: 2 - image: - repository: uselagoon/controllerhandler - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: "" - - podAnnotations: {} - - securityContext: {} - - resources: {} - - additionalEnvs: - # FOO: Bar - - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - - workflows: enabled: true replicaCount: 2 @@ -789,9 +754,9 @@ sshPortalAPI: replicaCount: 2 image: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal-api - pullPolicy: Always + pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "v0.20.1" + tag: "v0.28.0" podAnnotations: {} @@ -824,3 +789,73 @@ sshPortalAPI: type: ClusterIP ports: metrics: 9911 + +opensearchSync: + enabled: false + image: + repository: ghcr.io/uselagoon/lagoon-opensearch-sync + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v0.7.0" + + # debug logging toggle + debug: false + + # root certificate for the server certificate presented by opensearch + opensearchCACertificate: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + + podAnnotations: {} + + securityContext: {} + + resources: {} + + additionalEnvs: + # FOO: Bar + +sshToken: + enabled: false + replicaCount: 2 + image: + repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-token + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "v0.28.0" + + podAnnotations: {} + + securityContext: {} + + resources: {} + + additionalEnvs: + # FOO: Bar + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + serviceMonitor: + enabled: true + + service: + type: LoadBalancer + ports: + sshserver: 22 + + metricsService: + type: ClusterIP + ports: + metrics: 9948 + + # host keys, PEM encoded + hostKeys: + ecdsa: "" + ed25519: "" + rsa: "" diff --git a/charts/lagoon-insights-remote/Chart.yaml b/charts/lagoon-insights-remote/Chart.yaml index 23610c04..37904b0a 100644 --- a/charts/lagoon-insights-remote/Chart.yaml +++ b/charts/lagoon-insights-remote/Chart.yaml @@ -1,13 +1,11 @@ apiVersion: v2 name: lagoon-insights-remote -description: A Helm chart for Lagoon remote insights +description: DEPRECATED A Helm chart for Lagoon remote insights home: https://github.com/uselagoon/lagoon-charts icon: https://raw.githubusercontent.com/uselagoon/lagoon-charts/main/icon.png -maintainers: -- name: bomoko - email: blaize.kaye@amazee.io - url: https://amazee.io kubeVersion: ">= 1.19.0-0" +# This sub-chart has been deprecated and will be replaced by a service in lagoon-remote +deprecated: true # A chart can be either an 'application' or a 'library' chart. # @@ -22,10 +20,15 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.0 +version: 0.2.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: v0.0.3 + +annotations: + artifacthub.io/changes: | + - kind: deprecated + description: This chart has been deprecated diff --git a/charts/lagoon-insights-remote/README.md b/charts/lagoon-insights-remote/README.md new file mode 100644 index 00000000..73428974 --- /dev/null +++ b/charts/lagoon-insights-remote/README.md @@ -0,0 +1,3 @@ +# DEPRECATED Lagoon Insights Remote + +This chart was originally consumed as a sub-chart of Lagoon Remote, but the service has instead been added as an optional service in a coming release. diff --git a/charts/lagoon-logging/Chart.lock b/charts/lagoon-logging/Chart.lock index 8b4bbca1..8dcc8f15 100644 --- a/charts/lagoon-logging/Chart.lock +++ b/charts/lagoon-logging/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: logging-operator repository: https://kubernetes-charts.banzaicloud.com - version: 3.17.7 -digest: sha256:12db5e3fa5d67bdc4307758150cc57e3ef0c5893095b40735d989935cac2c318 -generated: "2022-06-02T14:25:04.188887195+08:00" + version: 3.17.10 +digest: sha256:293ac5ba13713b7edcc8fb655e8fd402c6d466c57edcdc9886f1336b39815b8c +generated: "2022-11-28T22:12:54.57492083+08:00" diff --git a/charts/lagoon-logging/Chart.yaml b/charts/lagoon-logging/Chart.yaml index bea7a140..b8133717 100644 --- a/charts/lagoon-logging/Chart.yaml +++ b/charts/lagoon-logging/Chart.yaml @@ -9,7 +9,7 @@ maintainers: - name: smlx email: scott.leggett@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" # Application charts are a collection of templates that can be packaged into # versioned archives to be deployed. @@ -19,10 +19,18 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.69.0 +version: 0.77.0 dependencies: - name: logging-operator repository: https://kubernetes-charts.banzaicloud.com version: ~3.17.0 condition: logging-operator.enabled + +# This section is used to collect a changelog for artifacthub.io +# It should be started afresh for each release +# Valid supported kinds are added, changed, deprecated, removed, fixed and security +annotations: + artifacthub.io/changes: | + - kind: added + description: add chart option to configure logging-operator subchart metrics, and enable the fluentbit ServiceMonitor by default diff --git a/charts/lagoon-logging/ci/linter-values.yaml b/charts/lagoon-logging/ci/linter-values.yaml index 46f701fb..b2722e90 100644 --- a/charts/lagoon-logging/ci/linter-values.yaml +++ b/charts/lagoon-logging/ci/linter-values.yaml @@ -106,3 +106,6 @@ cdnLogsCollector: extraExcludeNamespaces: - ci-fake-namespace-0 - ci-fake-namespace-1 + +testFixtures: + create: true diff --git a/charts/lagoon-logging/templates/logging.yaml b/charts/lagoon-logging/templates/logging.yaml index d55cdadf..3393d950 100644 --- a/charts/lagoon-logging/templates/logging.yaml +++ b/charts/lagoon-logging/templates/logging.yaml @@ -12,6 +12,10 @@ spec: fsGroup: 0 scaling: replicas: {{ .Values.fluentdReplicaCount }} + {{- with .Values.fluentdMetrics }} + metrics: + {{- toYaml . | nindent 6 }} + {{- end }} fluentbit: # Enable a default liveness check to avoid stuck pods. # At the time of writing this just hits the metrics endpoint. @@ -26,4 +30,8 @@ spec: tolerations: {{- toYaml . | nindent 4 }} {{- end }} + {{- with .Values.fluentbitMetrics }} + metrics: + {{- toYaml . | nindent 6 }} + {{- end }} controlNamespace: {{ .Release.Namespace | quote }} diff --git a/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml b/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml index 1baa4ea0..b142d9b3 100644 --- a/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml +++ b/charts/lagoon-logging/templates/logs-dispatcher.fluent-conf.configmap.yaml @@ -296,6 +296,9 @@ data: _dummy_ ${record['kubernetes'].delete('pod_name'); record['kubernetes'].delete('container_name'); record['kubernetes'].delete('pod_id'); nil} + {{- with .Values.routerLogsPostProcess }} + {{- . | nindent 6 }} + {{- end }} @type relabel @label @OUTPUT @@ -346,7 +349,7 @@ data: @type record_modifier - index_name container-logs-${record.dig('kubernetes','namespace_labels','lagoon_sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon_sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} + index_name container-logs-${record.dig('kubernetes','namespace_labels','lagoon.sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon.sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} log ${record['log'] || ""} @@ -356,7 +359,7 @@ data: @type record_modifier - index_name application-logs-${record.dig('kubernetes','namespace_labels','lagoon_sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon_sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} + index_name application-logs-${record.dig('kubernetes','namespace_labels','lagoon.sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon.sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} # @@ -365,7 +368,7 @@ data: @type record_modifier - index_name router-logs-${record.dig('kubernetes','namespace_labels','lagoon_sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon_sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} + index_name router-logs-${record.dig('kubernetes','namespace_labels','lagoon.sh/project')&.gsub("_", "-") || "#{record.dig('kubernetes','namespace_name') || 'unknown_project'}_#{ENV['CLUSTER_NAME']}"}-_-${record.dig('kubernetes','namespace_labels','lagoon.sh/environmentType') || "unknown_environmenttype"}-_-${Time.at(time).strftime("%Y.%m")} {{- if .Values.cdnLogsCollector.enabled }} @@ -459,6 +462,8 @@ data: # endpoint keepalive true # makes sure the connection is not recreated every second keepalive_timeout 10m # reconnect after 10mins in order to handle DNS changes, etc. + # avoid persistent DNS cache in case the server IP changes + expire_dns_cache 3600 # refresh cached DNS every hour port "#{ENV['LOGS_FORWARD_HOST_PORT']}" host "#{ENV['LOGS_FORWARD_HOST']}" diff --git a/charts/lagoon-logging/templates/tests/test-connection.yaml b/charts/lagoon-logging/templates/tests/test-connection.yaml index 190d32ac..f22e9440 100644 --- a/charts/lagoon-logging/templates/tests/test-connection.yaml +++ b/charts/lagoon-logging/templates/tests/test-connection.yaml @@ -5,7 +5,7 @@ metadata: labels: {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }} annotations: - "helm.sh/hook": test-success + "helm.sh/hook": test spec: containers: - name: nc diff --git a/charts/lagoon-logging/templates/tests/test-logs-dispatcher-processing.yaml b/charts/lagoon-logging/templates/tests/test-logs-dispatcher-processing.yaml new file mode 100644 index 00000000..e478273d --- /dev/null +++ b/charts/lagoon-logging/templates/tests/test-logs-dispatcher-processing.yaml @@ -0,0 +1,416 @@ +{{- if .Values.testFixtures.create }} +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + lagoon.sh/environment: dev + lagoon.sh/environmentType: development + lagoon.sh/project: test-logs-deleteme-fakeproject + name: test-logs-deleteme-fakeproject-dev +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + lagoon.sh/environment: prod + lagoon.sh/environmentType: production + lagoon.sh/project: test-logs-deleteme-fakeproject + name: test-logs-deleteme-fakeproject-prod +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-test-processing-fluent-conf + labels: + {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }} +data: + fluent.conf: | + + workers 1 + # comment out this line to see warnings + # it is set to error because fluentd is quite chatty + log_level error + + # container logs collected by the logging-operator + + @type forward + @id in_container + tag process.container + + + # + # pre-processing for nginx_router logs + # + # the reason for having the two match blocks is because we have two checks + # to distinguish nginx_router logs: + # * app label is "nginx-ingress" + # * namespace is "syn-nginx-ingress" + # if either of those checks fails the message is tagged as a regular + # container log. + # + # check app name first. if app name didn't match, set tag to container log. + + @type rewrite_tag_filter + + key $.kubernetes.labels.app + pattern ^nginx-ingress$ + tag "process.app_nginx_ingress" + + + key $['kubernetes']['labels']['app.kubernetes.io/name'] + pattern ^ingress-nginx$ + tag "process.app_nginx_ingress" + + # Last rule: catchall + + invert true + key $.kubernetes.labels.app + pattern ^nginx-ingress$ + tag "lagoon.#{ENV['CLUSTER_NAME']}.container" + + + # check namespace_name. if it is okay too, tag as router log. + # if namespace didn't match, set tag to container log. + + @type rewrite_tag_filter + + key $.kubernetes.namespace_name + pattern ^syn-nginx-ingress$ + tag "lagoon.#{ENV['CLUSTER_NAME']}.router.nginx" + + + key $.kubernetes.namespace_name + pattern ^ingress-nginx$ + tag "lagoon.#{ENV['CLUSTER_NAME']}.router.nginx" + + + key $.kubernetes.namespace_name + pattern ^sigsci-ingress-nginx$ + tag "lagoon.#{ENV['CLUSTER_NAME']}.router.nginx" + + # Last rule: catchall + + invert true + key $.kubernetes.namespace_name + pattern ^syn-nginx-ingress$ + tag "lagoon.#{ENV['CLUSTER_NAME']}.container" + + + + # + # process container logs + # + # restructure so the kubernetes_metadata plugin can find the keys it needs + + @type record_modifier + remove_keys _dummy_ + + _dummy_ ${record['docker'] = {'container_id' => "#{record.dig('kubernetes','docker_id')}"}; nil} + + + # enrich with k8s metadata (will get the namespace labels) + + @type kubernetes_metadata + @log_level warn + skip_container_metadata true + skip_master_url true + + # strip the duplicate information so that it doesn't appear in logs + + @type record_modifier + remove_keys docker + + # post-process to try to eke some more structure out of the logs. + # the last "format none" block is a catch-all for unmatched messages. + + @type parser + key_name message + reserve_data true + + @type multi_format + + format regexp + expression /^(?[^ ]*) (?[^ ]*) (?[^ ]*) \[(? + + format none + + + + + # + # process nginx_router logs + # + # The message field may be json-encoded router logs, so parse that and put the + # keys in the top-level log object. + + @type parser + key_name message + reserve_time true + reserve_data true + remove_key_name_field true + + @type multi_format + + format json + + + format none + + + + # match the nginx router logs here and relabel them based on whether they + # were successfully parsed as json above or not + + @type rewrite_tag_filter + + # if the host key doesn't exist then this was not parsed as JSON, so we + # just send to @OUTPUT directly because it is an actual nginx + # controller log. These logs will appear in index_name + # router-logs-ingress-nginx_.* if the keepIngressNginxController value + # is set to true. + invert true + key host + pattern /.+/ + tag ${tag} + label @DISCARD + + + # host key exists, so this is a HTTP request log + key host + pattern /.+/ + tag ${tag} + label @NGINX_ROUTER_OUTPUT + + + + + + @type relabel + @label @OUTPUT + + + + + + input.log: | + {{- /* nginx router logs */}} + {"stream":"stdout","logtag":"F","message":"{ \"http_section_io_id\": \"-\", \"time\": \"2022-11-22T07:43:13+00:00\", \"remote_addr\": \"119.18.3.40\", \"x-forwarded-for\": \"-\", \"true-client-ip\": \"-\", \"req_id\": \"c3564341bbe8ac46c9044a87ec3db1a7\", \"remote_user\": \"-\", \"bytes_sent\": 3210, \"request_time\": 0.041, \"status\": \"200\", \"host\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"request_proto\": \"HTTP/2.0\", \"request_uri\": \"/\", \"request_query\": \"-\", \"request_length\": 303, \"request_time\": 0.041, \"request_method\": \"GET\", \"http_referer\": \"-\", \"http_user_agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0\", \"namespace\": \"test-logs-deleteme-fakeproject-dev\", \"ingress_name\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"service_name\": \"nginx\", \"service_port\": \"http\" }","kubernetes":{"pod_name":"ingress-nginx-controller-976c576cf-mqzs8","namespace_name":"ingress-nginx","pod_id":"9555ef6d-bbf5-4276-8f5c-c91377feca99","labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","pod-template-hash":"976c576cf"},"annotations":{"kubernetes.io/psp":"eks.privileged"},"host":"ip-10-20-30-40.eu-central-1.compute.internal","container_name":"controller","docker_id":"123eee982a5afa82e0fc3dad5d5af10dd93363657bd18bd5e2c548b0d32a19f7","container_hash":"k8s.gcr.io/ingress-nginx/controller@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c","container_image":"sha256:7e5c1cecb086f36c6ef4b319a60853020820997f3600c3687e8ba6139e83674d"}} + {"stream":"stdout","logtag":"F","message":"{ \"http_section_io_id\": \"-\", \"time\": \"2022-11-22T07:43:13+00:00\", \"remote_addr\": \"119.18.3.40\", \"x-forwarded-for\": \"-\", \"true-client-ip\": \"-\", \"req_id\": \"1a910605e50cbfc5db9090ac5ce9fefb\", \"remote_user\": \"-\", \"bytes_sent\": 3250, \"request_time\": 0.006, \"status\": \"200\", \"host\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"request_proto\": \"HTTP/2.0\", \"request_uri\": \"/sites/default/files/css/css_v18WUm75dSk_A-DeLZcRjivGVxxUXl9PCwLE_JJpyIk.css\", \"request_query\": \"-\", \"request_length\": 137, \"request_time\": 0.006, \"request_method\": \"GET\", \"http_referer\": \"https://test-logs-deleteme-fakeproject-dev.test1.amazee.io/\", \"http_user_agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0\", \"namespace\": \"test-logs-deleteme-fakeproject-dev\", \"ingress_name\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"service_name\": \"nginx\", \"service_port\": \"http\" }","kubernetes":{"pod_name":"ingress-nginx-controller-976c576cf-mqzs8","namespace_name":"ingress-nginx","pod_id":"9555ef6d-bbf5-4276-8f5c-c91377feca99","labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","pod-template-hash":"976c576cf"},"annotations":{"kubernetes.io/psp":"eks.privileged"},"host":"ip-10-20-30-40.eu-central-1.compute.internal","container_name":"controller","docker_id":"123eee982a5afa82e0fc3dad5d5af10dd93363657bd18bd5e2c548b0d32a19f7","container_hash":"k8s.gcr.io/ingress-nginx/controller@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c","container_image":"sha256:7e5c1cecb086f36c6ef4b319a60853020820997f3600c3687e8ba6139e83674d"}} + {"stream":"stdout","logtag":"F","message":"{ \"http_section_io_id\": \"-\", \"time\": \"2022-11-22T07:43:13+00:00\", \"remote_addr\": \"119.18.3.40\", \"x-forwarded-for\": \"-\", \"true-client-ip\": \"-\", \"req_id\": \"7c59ed76f0b17c3059ef4cd401d1f1c1\", \"remote_user\": \"-\", \"bytes_sent\": 802, \"request_time\": 0.011, \"status\": \"200\", \"host\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"request_proto\": \"HTTP/2.0\", \"request_uri\": \"/sites/default/files/css/css_jXoGUEFrud0744Ahfg7jDKSYsoEmd3Vq1DLfwEw5fVs.css\", \"request_query\": \"-\", \"request_length\": 74, \"request_time\": 0.011, \"request_method\": \"GET\", \"http_referer\": \"https://test-logs-deleteme-fakeproject-dev.test1.amazee.io/\", \"http_user_agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0\", \"namespace\": \"test-logs-deleteme-fakeproject-dev\", \"ingress_name\": \"test-logs-deleteme-fakeproject-dev.test1.amazee.io\", \"service_name\": \"nginx\", \"service_port\": \"http\" }","kubernetes":{"pod_name":"ingress-nginx-controller-976c576cf-mqzs8","namespace_name":"ingress-nginx","pod_id":"9555ef6d-bbf5-4276-8f5c-c91377feca99","labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","pod-template-hash":"976c576cf"},"annotations":{"kubernetes.io/psp":"eks.privileged"},"host":"ip-10-20-30-40.eu-central-1.compute.internal","container_name":"controller","docker_id":"123eee982a5afa82e0fc3dad5d5af10dd93363657bd18bd5e2c548b0d32a19f7","container_hash":"k8s.gcr.io/ingress-nginx/controller@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c","container_image":"sha256:7e5c1cecb086f36c6ef4b319a60853020820997f3600c3687e8ba6139e83674d"}} + {"stream":"stdout","logtag":"F","message":"{ \"http_section_io_id\": \"-\", \"time\": \"2022-11-22T07:43:13+00:00\", \"remote_addr\": \"119.18.3.40\", \"x-forwarded-for\": \"-\", \"true-client-ip\": \"-\", \"req_id\": \"ae8778041f9eb0472f87d54f5fc88339\", \"remote_user\": \"-\", \"bytes_sent\": 13921, \"request_time\": 0.021, \"status\": \"200\", \"host\": \"test-logs-deleteme-fakeproject-prod.test1.amazee.io\", \"request_proto\": \"HTTP/2.0\", \"request_uri\": \"/sites/default/files/css/css_QVAG5D3Tjgmzc55dRjVpYlhI02sBiqX5b0VAkKLpSGg.css\", \"request_query\": \"-\", \"request_length\": 74, \"request_time\": 0.021, \"request_method\": \"GET\", \"http_referer\": \"https://test-logs-deleteme-fakeproject-prod.test1.amazee.io/\", \"http_user_agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0\", \"namespace\": \"test-logs-deleteme-fakeproject-prod\", \"ingress_name\": \"test-logs-deleteme-fakeproject-prod.test1.amazee.io\", \"service_name\": \"nginx\", \"service_port\": \"http\" }","kubernetes":{"pod_name":"ingress-nginx-controller-976c576cf-mqzs8","namespace_name":"ingress-nginx","pod_id":"9555ef6d-bbf5-4276-8f5c-c91377feca99","labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","pod-template-hash":"976c576cf"},"annotations":{"kubernetes.io/psp":"eks.privileged"},"host":"ip-10-20-30-40.eu-central-1.compute.internal","container_name":"controller","docker_id":"123eee982a5afa82e0fc3dad5d5af10dd93363657bd18bd5e2c548b0d32a19f7","container_hash":"k8s.gcr.io/ingress-nginx/controller@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c","container_image":"sha256:7e5c1cecb086f36c6ef4b319a60853020820997f3600c3687e8ba6139e83674d"}} + {"stream":"stdout","logtag":"F","message":"{ \"http_section_io_id\": \"-\", \"time\": \"2022-11-22T07:43:13+00:00\", \"remote_addr\": \"119.18.3.40\", \"x-forwarded-for\": \"-\", \"true-client-ip\": \"-\", \"req_id\": \"385dd38e6adf2465724da35224ff8c6c\", \"remote_user\": \"-\", \"bytes_sent\": 3554, \"request_time\": 0.011, \"status\": \"200\", \"host\": \"test-logs-deleteme-fakeproject-prod.test1.amazee.io\", \"request_proto\": \"HTTP/2.0\", \"request_uri\": \"/profiles/contrib/govcms/themes/custom/govcms_bartik/logo.svg\", \"request_query\": \"-\", \"request_length\": 87, \"request_time\": 0.011, \"request_method\": \"GET\", \"http_referer\": \"https://test-logs-deleteme-fakeproject-prod.test1.amazee.io/\", \"http_user_agent\": \"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0\", \"namespace\": \"test-logs-deleteme-fakeproject-prod\", \"ingress_name\": \"test-logs-deleteme-fakeproject-prod.test1.amazee.io\", \"service_name\": \"nginx\", \"service_port\": \"http\" }","kubernetes":{"pod_name":"ingress-nginx-controller-976c576cf-mqzs8","namespace_name":"ingress-nginx","pod_id":"9555ef6d-bbf5-4276-8f5c-c91377feca99","labels":{"app.kubernetes.io/component":"controller","app.kubernetes.io/instance":"ingress-nginx","app.kubernetes.io/name":"ingress-nginx","pod-template-hash":"976c576cf"},"annotations":{"kubernetes.io/psp":"eks.privileged"},"host":"ip-10-20-30-40.eu-central-1.compute.internal","container_name":"controller","docker_id":"123eee982a5afa82e0fc3dad5d5af10dd93363657bd18bd5e2c548b0d32a19f7","container_hash":"k8s.gcr.io/ingress-nginx/controller@sha256:28b11ce69e57843de44e3db6413e98d09de0f6688e33d4bd384002a44f78405c","container_image":"sha256:7e5c1cecb086f36c6ef4b319a60853020820997f3600c3687e8ba6139e83674d"}} + {{- /* nginx container log 0 */}} + {"stream":"stderr","logtag":"F","message":"Identity added: /home/.ssh/key (/home/.ssh/key)","kubernetes":{"pod_name":"cli-676f77fc56-pjm8r","namespace_name":"test-logs-deleteme-fakeproject-prod","pod_id":"2df4c564-2900-4b08-922f-36a0d032f670","labels":{"admission.datadoghq.com/enabled":"true","app.kubernetes.io/instance":"cli","app.kubernetes.io/managed-by":"Helm","app.kubernetes.io/name":"cli-persistent","helm.sh/chart":"cli-persistent-0.1.0","lagoon.sh/buildType":"branch","lagoon.sh/environment":"prod","lagoon.sh/environmentType":"production","lagoon.sh/project":"test-logs-deleteme-fakeproject","lagoon.sh/service":"cli","lagoon.sh/service-type":"cli-persistent","pod-template-hash":"676f77fc56"},"annotations":{"kubernetes.io/psp":"eks.privileged","lagoon.sh/branch":"prod","lagoon.sh/configMapSha":"4ef7cefb450b614a576f32bd5ceb23bb8f3b44f9ff3569dba498ea92551217ff","lagoon.sh/version":"22.4.1"},"host":"ip-10-200-18-51.eu-central-1.compute.internal","container_name":"cli","docker_id":"f3a44dc65462386c0e0ffdb31528b989c9e55eb2ba5c431683f72e8b6a5458f4"}} + {{- /* application log 0 */}} + expected.output.log: | + {{- /* nginx router logs */}} + {"stream":"stdout","logtag":"F","kubernetes":{"namespace_name":"test-logs-deleteme-fakeproject-dev","namespace_labels":{"app.kubernetes.io/managed-by":"Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-dev","lagoon.sh/environment":"dev","lagoon.sh/environmentType":"development","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"http_section_io_id":"-","remote_addr":"119.18.3.40","x-forwarded-for":"-","true-client-ip":"-","req_id":"c3564341bbe8ac46c9044a87ec3db1a7","remote_user":"-","bytes_sent":3210,"request_time":0.041,"status":"200","host":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","request_proto":"HTTP/2.0","request_uri":"/","request_query":"-","request_length":303,"request_method":"GET","http_referer":"-","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","namespace":"test-logs-deleteme-fakeproject-dev","ingress_name":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","service_name":"nginx","service_port":"http","cluster":"test-cluster-name","index_name":"router-logs-test-logs-deleteme-fakeproject-_-development-_-2022.11"} + {"stream":"stdout","logtag":"F","kubernetes":{"namespace_name":"test-logs-deleteme-fakeproject-dev","namespace_labels":{"app.kubernetes.io/managed-by":"Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-dev","lagoon.sh/environment":"dev","lagoon.sh/environmentType":"development","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"http_section_io_id":"-","remote_addr":"119.18.3.40","x-forwarded-for":"-","true-client-ip":"-","req_id":"1a910605e50cbfc5db9090ac5ce9fefb","remote_user":"-","bytes_sent":3250,"request_time":0.006,"status":"200","host":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","request_proto":"HTTP/2.0","request_uri":"/sites/default/files/css/css_v18WUm75dSk_A-DeLZcRjivGVxxUXl9PCwLE_JJpyIk.css","request_query":"-","request_length":137,"request_method":"GET","http_referer":"https://test-logs-deleteme-fakeproject-dev.test1.amazee.io/","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","namespace":"test-logs-deleteme-fakeproject-dev","ingress_name":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","service_name":"nginx","service_port":"http","cluster":"test-cluster-name","index_name":"router-logs-test-logs-deleteme-fakeproject-_-development-_-2022.11"} + {"stream":"stdout","logtag":"F","kubernetes":{"namespace_name":"test-logs-deleteme-fakeproject-dev","namespace_labels":{"app.kubernetes.io/managed-by":"Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-dev","lagoon.sh/environment":"dev","lagoon.sh/environmentType":"development","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"http_section_io_id":"-","remote_addr":"119.18.3.40","x-forwarded-for":"-","true-client-ip":"-","req_id":"7c59ed76f0b17c3059ef4cd401d1f1c1","remote_user":"-","bytes_sent":802,"request_time":0.011,"status":"200","host":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","request_proto":"HTTP/2.0","request_uri":"/sites/default/files/css/css_jXoGUEFrud0744Ahfg7jDKSYsoEmd3Vq1DLfwEw5fVs.css","request_query":"-","request_length":74,"request_method":"GET","http_referer":"https://test-logs-deleteme-fakeproject-dev.test1.amazee.io/","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","namespace":"test-logs-deleteme-fakeproject-dev","ingress_name":"test-logs-deleteme-fakeproject-dev.test1.amazee.io","service_name":"nginx","service_port":"http","cluster":"test-cluster-name","index_name":"router-logs-test-logs-deleteme-fakeproject-_-development-_-2022.11"} + {"stream":"stdout","logtag":"F","kubernetes":{"namespace_name":"test-logs-deleteme-fakeproject-prod","namespace_labels":{"app.kubernetes.io/managed-by":"Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-prod","lagoon.sh/environment":"prod","lagoon.sh/environmentType":"production","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"http_section_io_id":"-","remote_addr":"119.18.3.40","x-forwarded-for":"-","true-client-ip":"-","req_id":"ae8778041f9eb0472f87d54f5fc88339","remote_user":"-","bytes_sent":13921,"request_time":0.021,"status":"200","host":"test-logs-deleteme-fakeproject-prod.test1.amazee.io","request_proto":"HTTP/2.0","request_uri":"/sites/default/files/css/css_QVAG5D3Tjgmzc55dRjVpYlhI02sBiqX5b0VAkKLpSGg.css","request_query":"-","request_length":74,"request_method":"GET","http_referer":"https://test-logs-deleteme-fakeproject-prod.test1.amazee.io/","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","namespace":"test-logs-deleteme-fakeproject-prod","ingress_name":"test-logs-deleteme-fakeproject-prod.test1.amazee.io","service_name":"nginx","service_port":"http","cluster":"test-cluster-name","index_name":"router-logs-test-logs-deleteme-fakeproject-_-production-_-2022.11"} + {"stream":"stdout","logtag":"F","kubernetes":{"namespace_name":"test-logs-deleteme-fakeproject-prod","namespace_labels":{"app.kubernetes.io/managed-by":"Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-prod","lagoon.sh/environment":"prod","lagoon.sh/environmentType":"production","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"http_section_io_id":"-","remote_addr":"119.18.3.40","x-forwarded-for":"-","true-client-ip":"-","req_id":"385dd38e6adf2465724da35224ff8c6c","remote_user":"-","bytes_sent":3554,"request_time":0.011,"status":"200","host":"test-logs-deleteme-fakeproject-prod.test1.amazee.io","request_proto":"HTTP/2.0","request_uri":"/profiles/contrib/govcms/themes/custom/govcms_bartik/logo.svg","request_query":"-","request_length":87,"request_method":"GET","http_referer":"https://test-logs-deleteme-fakeproject-prod.test1.amazee.io/","http_user_agent":"Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0","namespace":"test-logs-deleteme-fakeproject-prod","ingress_name":"test-logs-deleteme-fakeproject-prod.test1.amazee.io","service_name":"nginx","service_port":"http","cluster":"test-cluster-name","index_name":"router-logs-test-logs-deleteme-fakeproject-_-production-_-2022.11"} + {{- /* nginx container log 0 */}} + {"stream":"stderr","logtag":"F","message":"Identity added: /home/.ssh/key (/home/.ssh/key)","kubernetes":{"container_name":"cli","namespace_name":"test-logs-deleteme-fakeproject-prod","pod_name":"cli-676f77fc56-pjm8r","pod_id":"f3a44dc65462386c0e0ffdb31528b989c9e55eb2ba5c431683f72e8b6a5458f4","namespace_labels":{"app.kubernetes.io/managed-by": "Helm","kubernetes.io/metadata.name":"test-logs-deleteme-fakeproject-prod","lagoon.sh/environment":"prod","lagoon.sh/environmentType":"production","lagoon.sh/project":"test-logs-deleteme-fakeproject"}},"cluster":"test-cluster-name","index_name":"container-logs-test-logs-deleteme-fakeproject-_-production-_-2022.11","log":""} + {{- /* application log 0 */}} +{{- end }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-test-processing + labels: + {{- include "lagoon-logging.logsDispatcher.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + serviceAccountName: {{ include "lagoon-logging.logsDispatcher.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.logsDispatcher.podSecurityContext | nindent 4 }} + containers: + - name: fluentd + securityContext: + {{- toYaml .Values.logsDispatcher.securityContext | nindent 6 }} + image: "{{ .Values.logsDispatcher.image.repository }}:{{ coalesce .Values.logsDispatcher.image.tag .Values.imageTag "latest" }}" + imagePullPolicy: {{ .Values.logsDispatcher.image.pullPolicy }} + command: + - sh + - -c + - | + set -xe + # start fluentd + fluentd --config /fluentd/etc/${FLUENTD_CONF} --plugin /fluentd/plugins & + sleep 2 + # send input + fluent-cat tag.foo < /fluentd/etc/input.log + sleep 4 + # check output + ls -lah /tmp/log.out.* + # process test cases before diff using jq: + # * strip the namespace_id from the log output, since it is randomly generated by the k8s API + # * update the suffix on the index_name in the test cases so the tests continue to pass after 2022.11 + diff <(jq '.index_name |= gsub("2022.11$";(now|strftime("%Y.%m")))' /fluentd/etc/expected.output.log) <(jq 'del(.kubernetes.namespace_id)' /tmp/log.out.*) + # stop fluentd + kill %1 + ports: + - containerPort: 24224 + protocol: TCP + name: forward + - containerPort: 24231 + protocol: TCP + name: metrics + readinessProbe: + tcpSocket: + port: 24224 + initialDelaySeconds: 20 + periodSeconds: 20 + timeoutSeconds: 2 + livenessProbe: + tcpSocket: + port: 24224 + initialDelaySeconds: 120 + periodSeconds: 60 + timeoutSeconds: 2 + volumeMounts: + - mountPath: /fluentd/etc/fluent.conf + name: fluent-conf + subPath: fluent.conf + - mountPath: /fluentd/etc/input.log + name: fluent-conf + subPath: input.log + - mountPath: /fluentd/etc/expected.output.log + name: fluent-conf + subPath: expected.output.log + env: + - name: CLUSTER_NAME + value: test-cluster-name + - name: K8S_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumes: + - configMap: + defaultMode: 420 + items: + - key: fluent.conf + path: fluent.conf + - key: input.log + path: input.log + - key: expected.output.log + path: expected.output.log + name: {{ include "lagoon-logging.logsDispatcher.fullname" . }}-test-processing-fluent-conf + name: fluent-conf + restartPolicy: Never diff --git a/charts/lagoon-logging/values.yaml b/charts/lagoon-logging/values.yaml index b6d50801..7505be41 100644 --- a/charts/lagoon-logging/values.yaml +++ b/charts/lagoon-logging/values.yaml @@ -19,7 +19,7 @@ logsDispatcher: repository: uselagoon/logs-dispatcher pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.0.0" + tag: "v3.3.0" serviceAccount: # Specifies whether a service account should be created @@ -121,7 +121,7 @@ cdnLogsCollector: repository: uselagoon/logs-dispatcher pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.0.0" + tag: "v3.3.0" podAnnotations: {} @@ -257,6 +257,21 @@ fluentbitTolerations: - effect: NoSchedule key: lagoon.sh/lb operator: Exists +- effect: NoSchedule + key: lagoon.sh/spot + operator: Exists + +# Expose metrics of the Logging Operator's fluentbit daemonset and fluentd +# statefulset via a Prometheus Operator compatible ServiceMonitor object. +# +# The fluentd serviceMonitor is disabled by default until a use-case is found. +# +# See here for full documentation of this field: +# https://kube-logging.dev/docs/operation/logging-operator-monitoring/#metrics-variables +fluentbitMetrics: + serviceMonitor: true +# fluentdMetrics: +# serviceMonitor: true # This chart assumes the container runtime is containerd, which puts the log # message in the `message` field of the log record. @@ -364,3 +379,36 @@ keepIngressNginxController: false # Openshift only! # # fluentbitPrivileged: true + +# Optional post-processing of router logs. +# +# This value allows you to insert a snippet of fluentd configuration into the +# router logs processing pipeline directly before output. This can be used to +# perform additional custom parsing of router logs. Please only use +# ..., and do not retag records in this field to avoid +# breaking the log pipeline. +# +# This example will: +# * set is_facet_page to true if the request_query field contains "f[0]". +# * set is_search_page to true if the request_query field contains "search_api". +# * set is_search_bot to true if the http_user_agent field is FooBot or BarBot. +# +# routerLogsPostProcess: |- +# +# @type record_modifier +# +# is_facet_page ${!record["request_query"]&.match(/f\[0\]/).nil?} +# +# +# is_search_page ${!record["request_query"]&.match(/search_api/).nil?} +# +# +# is_search_bot ${!record["http_user_agent"]&.match(/\A(FooBot|BarBot)\z/).nil?} +# +# + +# Install test fixtures into the cluster. +# This should _only_ be used in a test cluster, because it creates namespaces for testing. +# Do not set testFixtures.create=true in a production environment. +testFixtures: + create: false diff --git a/charts/lagoon-logs-concentrator/Chart.yaml b/charts/lagoon-logs-concentrator/Chart.yaml index e845a941..987d3527 100644 --- a/charts/lagoon-logs-concentrator/Chart.yaml +++ b/charts/lagoon-logs-concentrator/Chart.yaml @@ -9,7 +9,7 @@ maintainers: - name: smlx email: scott.leggett@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" # Application charts are a collection of templates that can be packaged into # versioned archives to be deployed. @@ -19,4 +19,12 @@ type: application # time you make changes to the chart and its templates, including the app # version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.42.0 +version: 0.45.0 + +# This section is used to collect a changelog for artifacthub.io +# It should be started afresh for each release +# Valid supported kinds are added, changed, deprecated, removed, fixed and security +annotations: + artifacthub.io/changes: | + - kind: changed + description: introduced minimum kubernetes version 1.21 diff --git a/charts/lagoon-logs-concentrator/README.md b/charts/lagoon-logs-concentrator/README.md index 4335be7c..f915883a 100644 --- a/charts/lagoon-logs-concentrator/README.md +++ b/charts/lagoon-logs-concentrator/README.md @@ -1,7 +1,7 @@ # Logs Concentrator This service collects logs from logs-dispatchers (both local and remote) using -fluentd's forward protocol, and sends them to Elasticsearch. +fluentd's forward protocol, and sends them to Opensearch. ## Configuration diff --git a/charts/lagoon-logs-concentrator/ci/linter-values.yaml b/charts/lagoon-logs-concentrator/ci/linter-values.yaml index 6bbb6eb6..01fe6a79 100644 --- a/charts/lagoon-logs-concentrator/ci/linter-values.yaml +++ b/charts/lagoon-logs-concentrator/ci/linter-values.yaml @@ -1,7 +1,7 @@ # values for CI linting and testing -elasticsearchHost: "logs-db-service.elasticsearch.svc.cluster.local" -elasticsearchAdminUser: "admin" -elasticsearchAdminPassword: "securepass" +opensearchHost: "logs-db-service.opensearch.svc.cluster.local" +opensearchAdminUser: "admin" +opensearchAdminPassword: "securepass" tls: caCert: |- -----BEGIN CERTIFICATE----- @@ -41,8 +41,8 @@ users: password: "securepass" - username: "example2" password: "securepass" -# allow fluentd to start without connecting to ES -verifyESVersionAtStartup: false +# allow fluentd to start without connecting to Opensearch +verifyOSVersionAtStartup: false serviceMonitor: enabled: false diff --git a/charts/lagoon-logs-concentrator/templates/NOTES.txt b/charts/lagoon-logs-concentrator/templates/NOTES.txt index a92a7355..1cbceaa5 100644 --- a/charts/lagoon-logs-concentrator/templates/NOTES.txt +++ b/charts/lagoon-logs-concentrator/templates/NOTES.txt @@ -2,4 +2,4 @@ Thank you for installing {{ .Chart.Name }}. Your release is named {{ .Release.Name }}. -Your logs are now being sent to {{ default "http" .Values.elasticsearchScheme }}://{{ .Values.elasticsearchHost }}:{{ default "9200" .Values.elasticsearchHostPort }} +Your logs are now being sent to {{ default "http" .Values.opensearchScheme }}://{{ .Values.opensearchHost }}:{{ default "9200" .Values.opensearchHostPort }} diff --git a/charts/lagoon-logs-concentrator/templates/_helpers.tpl b/charts/lagoon-logs-concentrator/templates/_helpers.tpl index e9dfc9e1..6c1edd76 100644 --- a/charts/lagoon-logs-concentrator/templates/_helpers.tpl +++ b/charts/lagoon-logs-concentrator/templates/_helpers.tpl @@ -61,3 +61,14 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Get HorizontalPodAutoscaler API Version - can be removed once Kubernetes 1.23 is the minimum +*/}} +{{- define "lagoon-logs-concentrator.hpa.apiVersion" -}} + {{- if (.Capabilities.APIVersions.Has "autoscaling/v2") -}} + autoscaling/v2 + {{- else -}} + autoscaling/v2beta2 + {{- end -}} +{{- end -}} diff --git a/charts/lagoon-logs-concentrator/templates/env.configmap.yaml b/charts/lagoon-logs-concentrator/templates/env.configmap.yaml index 01002ee0..41e0d487 100644 --- a/charts/lagoon-logs-concentrator/templates/env.configmap.yaml +++ b/charts/lagoon-logs-concentrator/templates/env.configmap.yaml @@ -5,10 +5,10 @@ metadata: labels: {{- include "lagoon-logs-concentrator.labels" . | nindent 4 }} data: - ELASTICSEARCH_HOST: {{ required "A valid .Values.elasticsearchHost required!" .Values.elasticsearchHost }} -{{- if .Values.elasticsearchHostPort }} - ELASTICSEARCH_HOST_PORT: {{ .Values.elasticsearchHostPort | quote }} + OPENSEARCH_HOST: {{ required "A valid .Values.opensearchHost required!" .Values.opensearchHost }} +{{- if .Values.opensearchHostPort }} + OPENSEARCH_HOST_PORT: {{ .Values.opensearchHostPort | quote }} {{- end }} -{{- if .Values.elasticsearchScheme }} - ELASTICSEARCH_SCHEME: {{ .Values.elasticsearchScheme }} +{{- if .Values.opensearchScheme }} + OPENSEARCH_SCHEME: {{ .Values.opensearchScheme }} {{- end }} diff --git a/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml b/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml index 3cf038f5..fa363eb4 100644 --- a/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml +++ b/charts/lagoon-logs-concentrator/templates/fluent-conf.configmap.yaml @@ -54,20 +54,20 @@ data: - # send to elasticsearch + # send to opensearch - @type elasticsearch - @id out_elasticsearch - # be more verbose about elasticsearch problems + @type opensearch + @id out_opensearch + # be more verbose about opensearch problems @log_level info # ingestion target_index_key index_name include_timestamp true time_key time # endpoint - host "#{ENV['ELASTICSEARCH_HOST']}" - port "#{ENV.fetch('ELASTICSEARCH_HOST_PORT','9200')}" - scheme "#{ENV.fetch('ELASTICSEARCH_SCHEME','http')}" + host "#{ENV['OPENSEARCH_HOST']}" + port "#{ENV.fetch('OPENSEARCH_HOST_PORT','9200')}" + scheme "#{ENV.fetch('OPENSEARCH_SCHEME','http')}" ssl_min_version TLSv1_2 ssl_max_version TLSv1_3 user "#{ENV['LOGSDB_ADMIN_USER']}" @@ -80,7 +80,7 @@ data: log_es_400_reason true @type file - path /fluentd/buffer/elasticsearch + path /fluentd/buffer/opensearch # buffer params (per worker) total_limit_size 8GB # flush params @@ -89,20 +89,20 @@ data: flush_thread_burst_interval 0 # don't sleep if there are more chunks to be flushed retry_max_interval 30s # limit exponential backoff period retry_timeout 12h # limit the time spent retrying chunk submission - chunk_limit_size 32MB # chunks cannot be bigger than the max HTTP limit of Elasticsearch (which is 100MB) + chunk_limit_size 32MB # chunks cannot be bigger than the max HTTP limit of Opensearch (which is 100MB) overflow_action drop_oldest_chunk # drop chunks once they reach retry limits # silence warnings (these have no effect) type_name _doc suppress_type_name true ssl_version TLSv1_2 -{{- if not .Values.elasticsearchTLSVerify }} +{{- if not .Values.opensearchTLSVerify }} ssl_verify false {{- end }} -{{- if not .Values.verifyESVersionAtStartup }} - verify_es_version_at_startup false +{{- if not .Values.verifyOSVersionAtStartup }} + verify_os_version_at_startup false {{- end }} -{{- if .Values.elasticsearchCACert }} +{{- if .Values.opensearchCACert }} ca_file /fluentd/es-tls/ca.crt {{- end }} diff --git a/charts/lagoon-logs-concentrator/templates/hpa.yaml b/charts/lagoon-logs-concentrator/templates/hpa.yaml index 33f1d5ba..ee824389 100644 --- a/charts/lagoon-logs-concentrator/templates/hpa.yaml +++ b/charts/lagoon-logs-concentrator/templates/hpa.yaml @@ -1,5 +1,5 @@ {{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta2 +apiVersion: {{ include "lagoon-logs-concentrator.hpa.apiVersion" . }} kind: HorizontalPodAutoscaler metadata: name: {{ include "lagoon-logs-concentrator.fullname" . }} diff --git a/charts/lagoon-logs-concentrator/templates/secret.yaml b/charts/lagoon-logs-concentrator/templates/secret.yaml index e8b592ac..9d00b054 100644 --- a/charts/lagoon-logs-concentrator/templates/secret.yaml +++ b/charts/lagoon-logs-concentrator/templates/secret.yaml @@ -7,8 +7,8 @@ metadata: {{- include "lagoon-logs-concentrator.labels" . | nindent 4 }} stringData: FORWARD_SHARED_KEY: {{ required "A valid .Values.forwardSharedKey required!" .Values.forwardSharedKey }} - LOGSDB_ADMIN_USER: {{ .Values.elasticsearchAdminUser }} - LOGSDB_ADMIN_PASSWORD: {{ required "A valid .Values.elasticsearchAdminPassword required!" .Values.elasticsearchAdminPassword }} + LOGSDB_ADMIN_USER: {{ .Values.opensearchAdminUser }} + LOGSDB_ADMIN_PASSWORD: {{ required "A valid .Values.opensearchAdminPassword required!" .Values.opensearchAdminPassword }} --- apiVersion: v1 kind: Secret @@ -40,7 +40,7 @@ stringData: password "{{ .password }}" {{- end }} -{{- if .Values.elasticsearchCACert }} +{{- if .Values.opensearchCACert }} --- apiVersion: v1 kind: Secret @@ -51,5 +51,5 @@ metadata: {{- include "lagoon-logs-concentrator.labels" . | nindent 4 }} stringData: ca.crt: | - {{- .Values.elasticsearchCACert | nindent 4 }} + {{- .Values.opensearchCACert | nindent 4 }} {{- end }} diff --git a/charts/lagoon-logs-concentrator/templates/statefulset.yaml b/charts/lagoon-logs-concentrator/templates/statefulset.yaml index e578767c..f9784dd3 100644 --- a/charts/lagoon-logs-concentrator/templates/statefulset.yaml +++ b/charts/lagoon-logs-concentrator/templates/statefulset.yaml @@ -78,7 +78,7 @@ spec: name: {{ include "lagoon-logs-concentrator.fullname" . }}-buffer - mountPath: /fluentd/tls/ name: {{ include "lagoon-logs-concentrator.fullname" . }}-tls - {{- if .Values.elasticsearchCACert }} + {{- if .Values.opensearchCACert }} - mountPath: /fluentd/es-tls/ name: {{ include "lagoon-logs-concentrator.fullname" . }}-es-tls {{- end }} @@ -112,7 +112,7 @@ spec: defaultMode: 420 secretName: {{ include "lagoon-logs-concentrator.fullname" . }}-users name: {{ include "lagoon-logs-concentrator.fullname" . }}-users - {{- if .Values.elasticsearchCACert }} + {{- if .Values.opensearchCACert }} - secret: defaultMode: 420 secretName: {{ include "lagoon-logs-concentrator.fullname" . }}-es-tls diff --git a/charts/lagoon-logs-concentrator/values.yaml b/charts/lagoon-logs-concentrator/values.yaml index 7ba5e188..6d9cff3e 100644 --- a/charts/lagoon-logs-concentrator/values.yaml +++ b/charts/lagoon-logs-concentrator/values.yaml @@ -12,7 +12,7 @@ image: repository: uselagoon/logs-concentrator pullPolicy: IfNotPresent # Overrides the image tag whose default is "latest". - tag: "v3.0.0" + tag: "v3.1.0" imagePullSecrets: [] nameOverride: "" @@ -66,22 +66,22 @@ tolerations: [] affinity: {} -# this is set to false in CI so that the concentrator will start without ES +# this is set to false in CI so that the concentrator will start without OS # being installed -verifyESVersionAtStartup: true -# Verification of the certificate presented by the elasticsearch endpoint can +verifyOSVersionAtStartup: true +# Verification of the certificate presented by the opensearch endpoint can # be disabled by setting this option to false, which can be useful for CI and # manual testing. Do not disable this in production. -elasticsearchTLSVerify: true +opensearchTLSVerify: true # The values below must be supplied during installation. # Certificates should be provided in PEM format, and are generated as described # in the README. -elasticsearchAdminUser: "admin" +opensearchAdminUser: "admin" # Sample data shown below. -# elasticsearchHost: "logs-db-service.elasticsearch.svc.cluster.local" -# elasticsearchAdminPassword: "securepass" +# opensearchHost: "logs-db-service.opensearch.svc.cluster.local" +# opensearchAdminPassword: "securepass" # tls: # caCert: | # -----BEGIN CERTIFICATE----- @@ -104,14 +104,14 @@ elasticsearchAdminUser: "admin" # The values below are optional. -# elasticsearchHostPort: "443" # default 9200 -# elasticsearchScheme: https # default http +# opensearchHostPort: "443" # default 9200 +# opensearchScheme: https # default http # service: # type: LoadBalancer # default ClusterIP. Set to LoadBalancer to # # expose the logs-concentrator service # # publicly. # -# elasticsearchCACert: | # if elasticsearch is presenting a certificate +# opensearchCACert: | # if opensearch is presenting a certificate # -----BEGIN CERTIFICATE----- # signed by a private CA, then define the CA # ... # root certificate here. # -----END CERTIFICATE----- diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock index 89fa902d..9d772790 100644 --- a/charts/lagoon-remote/Chart.lock +++ b/charts/lagoon-remote/Chart.lock @@ -1,18 +1,15 @@ dependencies: - name: lagoon-build-deploy repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.15.0 + version: 0.22.0 - name: dioscuri repository: https://amazeeio.github.io/charts/ version: 0.4.1 - name: dbaas-operator repository: https://amazeeio.github.io/charts/ version: 0.3.0 -- name: lagoon-insights-remote - repository: https://uselagoon.github.io/lagoon-charts/ - version: 0.1.2 - name: nats repository: https://nats-io.github.io/k8s/helm/charts/ - version: 0.18.0 -digest: sha256:bebff0f36b3944e203344f5fc9c5dacff35c6a253c0e5c5d16ae649bcebbe217 -generated: "2022-10-05T09:10:46.336962729+11:00" + version: 0.18.3 +digest: sha256:10455412d7c67ba412139825412301795bce15d2d21476324c147aa88d0cdd10 +generated: "2023-05-08T13:23:41.167070051+10:00" diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml index e8aeec2f..caa4be1b 100644 --- a/charts/lagoon-remote/Chart.yaml +++ b/charts/lagoon-remote/Chart.yaml @@ -10,7 +10,7 @@ maintainers: - name: smlx email: scott.leggett@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" # Application charts are a collection of templates that can be packaged into # versioned archives to be deployed. @@ -19,11 +19,11 @@ type: application # This is the chart version. This version number should be incremented each # time you make changes to the chart and its templates, including the app # version. -version: 1.0.0 +version: 0.79.0 dependencies: - name: lagoon-build-deploy - version: ~0.15.0 + version: ~0.22.0 repository: https://uselagoon.github.io/lagoon-charts/ condition: lagoon-build-deploy.enabled - name: dioscuri @@ -34,11 +34,15 @@ dependencies: version: ~0.3.0 repository: https://amazeeio.github.io/charts/ condition: dbaas-operator.enabled -- name: lagoon-insights-remote - version: ~0.1.0 - repository: https://uselagoon.github.io/lagoon-charts/ - condition: lagoon-insights-remote.enabled - name: nats version: ~0.18.0 repository: https://nats-io.github.io/k8s/helm/charts/ condition: nats.enabled + +# This section is used to collect a changelog for artifacthub.io +# It should be started afresh for each release +# Valid supported kinds are added, changed, deprecated, removed, fixed and security +annotations: + artifacthub.io/changes: | + - kind: changed + description: update lagoon-build-deploy subchart to 0.22.0 diff --git a/charts/lagoon-remote/ci/linter-values.yaml b/charts/lagoon-remote/ci/linter-values.yaml index 29b31bb1..9c7e7d9d 100644 --- a/charts/lagoon-remote/ci/linter-values.yaml +++ b/charts/lagoon-remote/ci/linter-values.yaml @@ -1,12 +1,18 @@ -lagoon-build-deploy: - enabled: true +global: rabbitMQUsername: lagoon rabbitMQPassword: ci rabbitMQHostname: lagoon-core-broker + +lagoon-build-deploy: + enabled: true lagoonTargetName: ci-local-control-k8s taskSSHHost: lagoon-core-ssh.lagoon.svc taskSSHPort: 2020 taskAPIHost: http://lagoon-core-api.lagoon.svc:80 + # remove on next release + rabbitMQUsername: lagoon + rabbitMQPassword: ci + rabbitMQHostname: lagoon-core-broker dockerHost: image: @@ -19,11 +25,8 @@ imageTag: "" dbaas-operator: enabled: true -lagoon-insights-remote: - enabled: false - rabbitMQUsername: lagoon - rabbitMQPassword: ci - rabbitMQHostname: lagoon-core-broker +insightsRemote: + enabled: true mxoutHost: mxout1.example.com @@ -92,3 +95,6 @@ sshPortal: AAAECW61aE011GKLSFBJ82G6oGEOjJSUV3STx16veSvX38kD9iqXNt1OpHncEdwOG8/QRV 6lnrpkhPYdpdKnF3PCEyAAAAAAECAwQF -----END OPENSSH PRIVATE KEY----- + +storageCalculator: + enabled: true diff --git a/charts/lagoon-remote/templates/_helpers.tpl b/charts/lagoon-remote/templates/_helpers.tpl index 32b7d914..9da7dca5 100644 --- a/charts/lagoon-remote/templates/_helpers.tpl +++ b/charts/lagoon-remote/templates/_helpers.tpl @@ -83,6 +83,78 @@ app.kubernetes.io/component: {{ include "lagoon-remote.dockerHost.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Create the name of the service account to use for storageCalculator. +*/}} +{{- define "lagoon-remote.storageCalculator.serviceAccountName" -}} +{{- default (include "lagoon-remote.storageCalculator.fullname" .) .Values.storageCalculator.serviceAccount.name }} +{{- end }} + +{{/* +Create a default fully qualified app name for storageCalculator. +*/}} +{{- define "lagoon-remote.storageCalculator.fullname" -}} +{{- include "lagoon-remote.fullname" . }}-storage-calculator +{{- end }} + +{{/* +Common labels storageCalculator.` +*/}} +{{- define "lagoon-remote.storageCalculator.labels" -}} +helm.sh/chart: {{ include "lagoon-remote.chart" . }} +{{ include "lagoon-remote.storageCalculator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels storageCalculator. +*/}} +{{- define "lagoon-remote.storageCalculator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "lagoon-remote.name" . }} +app.kubernetes.io/component: {{ include "lagoon-remote.storageCalculator.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use for kubernetesBuildDeploy. +*/}} +{{- define "lagoon-remote.kubernetesBuildDeploy.serviceAccountName" -}} +{{- default (include "lagoon-remote.kubernetesBuildDeploy.fullname" .) .Values.kubernetesBuildDeploy.serviceAccount.name }} +{{- end }} + +{{/* +Create a default fully qualified app name for kubernetesBuildDeploy. +*/}} +{{- define "lagoon-remote.kubernetesBuildDeploy.fullname" -}} +{{- include "lagoon-remote.fullname" . }}-kubernetes-build-deploy +{{- end }} + +{{/* +Common labels kubernetesBuildDeploy. +*/}} +{{- define "lagoon-remote.kubernetesBuildDeploy.labels" -}} +helm.sh/chart: {{ include "lagoon-remote.chart" . }} +{{ include "lagoon-remote.kubernetesBuildDeploy.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels kubernetesBuildDeploy. +*/}} +{{- define "lagoon-remote.kubernetesBuildDeploy.selectorLabels" -}} +app.kubernetes.io/name: {{ include "lagoon-remote.name" . }} +app.kubernetes.io/component: {{ include "lagoon-remote.kubernetesBuildDeploy.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + + + {{/* Create the name of the service account to use for sshPortal. */}} @@ -117,3 +189,40 @@ app.kubernetes.io/name: {{ include "lagoon-remote.name" . }} app.kubernetes.io/component: {{ include "lagoon-remote.sshPortal.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} + + + +{{/* +Create the name of the service account to use for insights-remote +*/}} +{{- define "lagoon-remote.insightsRemote.serviceAccountName" -}} +{{- default (include "lagoon-remote.insightsRemote.fullname" .) .Values.insightsRemote.serviceAccount.name }} +{{- end }} + +{{/* +Create a default fully qualified app name for insights-remote. +*/}} +{{- define "lagoon-remote.insightsRemote.fullname" -}} +{{- include "lagoon-remote.fullname" . }}-insights-remote +{{- end }} + +{{/* +Common labels insights-remote +*/}} +{{- define "lagoon-remote.insightsRemote.labels" -}} +helm.sh/chart: {{ include "lagoon-remote.chart" . }} +{{ include "lagoon-remote.insightsRemote.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels insightsRemote +*/}} +{{- define "lagoon-remote.insightsRemote.selectorLabels" -}} +app.kubernetes.io/name: {{ include "lagoon-remote.name" . }} +app.kubernetes.io/component: {{ include "lagoon-remote.insightsRemote.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml b/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml new file mode 100644 index 00000000..ddab9fff --- /dev/null +++ b/charts/lagoon-remote/templates/insights-remote.clusterrole.yaml @@ -0,0 +1,15 @@ +{{- if .Values.insightsRemote.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-manager + labels: + {{- include "lagoon-remote.insightsRemote.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - "*" + {{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/insights-remote.clusterrolebinding.yaml b/charts/lagoon-remote/templates/insights-remote.clusterrolebinding.yaml new file mode 100644 index 00000000..1d96e331 --- /dev/null +++ b/charts/lagoon-remote/templates/insights-remote.clusterrolebinding.yaml @@ -0,0 +1,14 @@ +{{- if .Values.insightsRemote.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-manager +subjects: +- kind: ServiceAccount + name: {{ include "lagoon-remote.insightsRemote.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +roleRef: + kind: ClusterRole + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-manager + apiGroup: rbac.authorization.k8s.io +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/insights-remote.deployment.yaml b/charts/lagoon-remote/templates/insights-remote.deployment.yaml new file mode 100644 index 00000000..e450ae32 --- /dev/null +++ b/charts/lagoon-remote/templates/insights-remote.deployment.yaml @@ -0,0 +1,71 @@ +{{- if .Values.insightsRemote.enabled -}} + +{{- $rabbitMQHostname := coalesce .Values.global.rabbitMQHostname .Values.insightsRemote.rabbitMQHostname }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }} + labels: + {{- include "lagoon-remote.insightsRemote.labels" . | nindent 4 }} +spec: + {{- if not .Values.insightsRemote.autoscaling.enabled }} + replicas: {{ .Values.insightsRemote.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "lagoon-remote.insightsRemote.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.insightsRemote.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "lagoon-remote.insightsRemote.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.insightsRemote.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "lagoon-remote.insightsRemote.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.insightsRemote.podSecurityContext | nindent 8 }} + containers: + - name: insights-remote + securityContext: + {{- toYaml .Values.insightsRemote.securityContext | nindent 12 }} + image: "{{ .Values.insightsRemote.image.repository }}:{{ coalesce .Values.insightsRemote.image.tag .Values.imageTag "latest" }}" + imagePullPolicy: {{ .Values.insightsRemote.image.pullPolicy }} + env: + {{- if .Values.insightsRemote.burnAfterReading }} + - name: BURN_AFTER_READING + value: "TRUE" + {{- end }} + - name: RABBITMQ_ADDRESS + value: {{ required "A valid rabbitMQHostname required!" $rabbitMQHostname | quote }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret + key: password + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret + key: username + resources: + {{- toYaml .Values.insightsRemote.resources | nindent 12 }} + {{- with .Values.insightsRemote.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.insightsRemote.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.insightsRemote.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/insights-remote.secrets.yaml b/charts/lagoon-remote/templates/insights-remote.secrets.yaml new file mode 100644 index 00000000..c018d9ce --- /dev/null +++ b/charts/lagoon-remote/templates/insights-remote.secrets.yaml @@ -0,0 +1,14 @@ +{{- if .Values.insightsRemote.enabled -}} + +{{- $rabbitMQUsername := coalesce .Values.global.rabbitMQUsername .Values.insightsRemote.rabbitMQUsername }} +{{- $rabbitMQPassword := coalesce .Values.global.rabbitMQPassword .Values.insightsRemote.rabbitMQPassword }} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "lagoon-remote.insightsRemote.fullname" . }}-rabbitmqsecret +type: kubernetes.io/basic-auth +stringData: + username: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }} + password: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/insights-remote.serviceaccount.yaml b/charts/lagoon-remote/templates/insights-remote.serviceaccount.yaml new file mode 100644 index 00000000..5e966ff4 --- /dev/null +++ b/charts/lagoon-remote/templates/insights-remote.serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if .Values.insightsRemote.enabled -}} +{{- if .Values.insightsRemote.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "lagoon-remote.insightsRemote.serviceAccountName" . }} + labels: + {{- include "lagoon-remote.insightsRemote.labels" . | nindent 4 }} + {{- with .Values.insightsRemote.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/lagoon-remote/templates/ssh-portal.service.yaml b/charts/lagoon-remote/templates/ssh-portal.service.yaml index e2ff71b5..1c345d83 100644 --- a/charts/lagoon-remote/templates/ssh-portal.service.yaml +++ b/charts/lagoon-remote/templates/ssh-portal.service.yaml @@ -5,6 +5,10 @@ metadata: name: {{ include "lagoon-remote.sshPortal.fullname" . }} labels: {{- include "lagoon-remote.sshPortal.labels" . | nindent 4 }} + {{- with .Values.sshPortal.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.sshPortal.service.type }} ports: diff --git a/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml b/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml new file mode 100644 index 00000000..ae483899 --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.clusterrole.yaml @@ -0,0 +1,51 @@ +{{- if .Values.storageCalculator.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - pods/exec + verbs: + - create +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list +{{- end }} diff --git a/charts/lagoon-remote/templates/storage-calculator.deployment.yaml b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml new file mode 100644 index 00000000..f4cc3ecf --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.deployment.yaml @@ -0,0 +1,81 @@ +{{- if .Values.storageCalculator.enabled -}} + +{{- $rabbitMQHostname := coalesce .Values.global.rabbitMQHostname .Values.storageCalculator.rabbitMQHostname }} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "lagoon-remote.storageCalculator.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/secret: {{ include (print $.Template.BasePath "/storage-calculator.secret.yaml") . | sha256sum }} + labels: + {{- include "lagoon-remote.storageCalculator.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.storageCalculator.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "lagoon-remote.storageCalculator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.storageCalculator.podSecurityContext | nindent 8 }} + containers: + - name: manager + securityContext: + {{- toYaml .Values.storageCalculator.securityContext | nindent 10 }} + image: "{{ .Values.storageCalculator.image.repository }}:{{ .Values.storageCalculator.image.tag | default .Chart.AppVersion}}" + imagePullPolicy: {{ .Values.storageCalculator.image.pullPolicy }} + command: + - /manager + args: + - "--metrics-bind-address=127.0.0.1:8080" + {{- with .Values.storageCalculator.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + env: + {{- range $name, $value := .Values.storageCalculator.extraEnvs }} + - name: {{ .name }} + value: {{ .value | quote }} + {{- end }} + {{- with .Values.storageCalculator.cronjob }} + - name: CALCULATOR_CRON + value: {{ . | quote }} + {{- end }} + {{- with .Values.storageCalculator.ignoreRegex }} + - name: LAGOON_STORAGE_IGNORE_REGEX + value: {{ . | quote }} + {{- end }} + - name: RABBITMQ_HOSTNAME + value: {{ required "A valid rabbitMQHostname required!" $rabbitMQHostname | quote }} + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + key: RABBITMQ_PASSWORD + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + key: RABBITMQ_USERNAME + resources: + {{- toYaml .Values.storageCalculator.resources | nindent 10 }} + {{- with .Values.storageCalculator.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.storageCalculator.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.storageCalculator.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml b/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml new file mode 100644 index 00000000..0ea9f30e --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.rolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.storageCalculator.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "lagoon-remote.storageCalculator.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/storage-calculator.secret.yaml b/charts/lagoon-remote/templates/storage-calculator.secret.yaml new file mode 100644 index 00000000..e218b73b --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.storageCalculator.enabled -}} + +{{- $rabbitMQUsername := coalesce .Values.global.rabbitMQUsername .Values.storageCalculator.rabbitMQUsername }} +{{- $rabbitMQPassword := coalesce .Values.global.rabbitMQPassword .Values.storageCalculator.rabbitMQPassword }} + +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "lagoon-remote.storageCalculator.fullname" . }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +stringData: + RABBITMQ_PASSWORD: {{ required "A valid rabbitMQPassword required!" $rabbitMQPassword | quote }} + RABBITMQ_USERNAME: {{ required "A valid rabbitMQUsername required!" $rabbitMQUsername | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/templates/storage-calculator.serviceaccount.yaml b/charts/lagoon-remote/templates/storage-calculator.serviceaccount.yaml new file mode 100644 index 00000000..67241e57 --- /dev/null +++ b/charts/lagoon-remote/templates/storage-calculator.serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.storageCalculator.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "lagoon-remote.storageCalculator.serviceAccountName" . }} + labels: + {{- include "lagoon-remote.storageCalculator.labels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml index 2bfdaab4..b02132fe 100644 --- a/charts/lagoon-remote/values.yaml +++ b/charts/lagoon-remote/values.yaml @@ -4,6 +4,9 @@ global: # set to true to enable openshift support openshift: false + rabbitMQUsername: "" + rabbitMQPassword: "" + rabbitMQHostname: "" imagePullSecrets: [] @@ -24,7 +27,7 @@ dockerHost: repository: uselagoon/docker-host pullPolicy: Always # Overrides the image tag whose default is "latest". - tag: "v3.0.0" + tag: "v3.3.0" name: docker-host @@ -112,12 +115,13 @@ sshPortal: repository: ghcr.io/uselagoon/lagoon-ssh-portal/ssh-portal pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. - tag: "v0.20.1" + tag: "v0.28.0" service: type: LoadBalancer ports: sshserver: 22 + annotations: {} metricsService: type: ClusterIP @@ -154,9 +158,6 @@ lagoon-build-deploy: enabled: false # these values are used by the lagoon-build-deploy controller and do not have # sensible defaults. - # rabbitMQUsername: - # rabbitMQPassword: - # rabbitMQHostname: # lagoonTargetName: # taskSSHHost: "" # taskSSHPort: "" @@ -184,10 +185,92 @@ dbaas-operator: # setting this will always override whatever `dbaas-operator` would set, useful if you want to target a different endpoint dbaasHTTPEndpoint: "" -lagoon-insights-remote: - enabled: false +# lagoon-insights-remote: +# enabled: false # burnAfterReading: false +insightsRemote: + enabled: false + # sets insights configMaps to be removed after being processed + burnAfterReading: true + + replicaCount: 1 + + image: + repository: uselagoon/insights-remote + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "v0.0.4" + + imagePullSecrets: [] + nameOverride: "" + fullnameOverride: "" + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + + podAnnotations: {} + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + # service: + # type: ClusterIP + # port: 80 + # ingress: + # enabled: false + # className: "" + # annotations: {} + # # kubernetes.io/ingress.class: nginx + # # kubernetes.io/tls-acme: "true" + # hosts: + # - host: chart-example.local + # paths: + # - path: / + # pathType: ImplementationSpecific + # tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + # the nats chart is a subchart which is configured for use by lagoon-remote nats: enabled: false @@ -243,3 +326,19 @@ natsConfig: # be named lagoon-remote-nats-tls. This secret should contain fields # tls.crt and tls.key, and the certificate should be issued by a public # authority. + +storageCalculator: + enabled: false + # cronjob: 5 */12 * * * + # ignoreRegex: "solr|redis" + serviceAccount: + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname + # template + name: + + image: + repository: uselagoon/remote-calculator + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: v0.2.3 diff --git a/charts/lagoon-test/Chart.yaml b/charts/lagoon-test/Chart.yaml index c4280cd9..f72b6baf 100644 --- a/charts/lagoon-test/Chart.yaml +++ b/charts/lagoon-test/Chart.yaml @@ -7,10 +7,18 @@ maintainers: - name: smlx email: scott.leggett@amazee.io url: https://amazee.io -kubeVersion: ">= 1.19.0-0" +kubeVersion: ">= 1.21.0-0" type: application -version: 0.39.0 +version: 0.46.0 -appVersion: v2.9.0 +appVersion: v2.15.0 + +# This section is used to collect a changelog for artifacthub.io +# It should be started afresh for each release +# Valid supported kinds are added, changed, deprecated, removed, fixed and security +annotations: + artifacthub.io/changes: | + - kind: changed + description: update Lagoon appVersion to v2.15.0 diff --git a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml b/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml index 07b4627d..eadd3040 100644 --- a/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml +++ b/charts/lagoon-test/templates/local-api-data-watcher-pusher.deployment.yaml @@ -49,16 +49,13 @@ spec: key: JWTSECRET - name: TOKEN value: {{ required "A valid .Values.token required!" .Values.token | quote }} - readinessProbe: + startupProbe: exec: command: - - /bin/sh - - -c - # this container uses wget to inject test fixtures into the lagoon api. - # once wget stops running, it's good to go. - - "for i in $(seq 4); do pgrep wget && exit 1 || sleep 1; done" - initialDelaySeconds: 32 - timeoutSeconds: 8 + - test + - -f + - /tmp/api-data-pushed + failureThreshold: 90 resources: {{- toYaml .Values.localAPIDataWatcherPusher.resources | nindent 10 }} {{- with .Values.localAPIDataWatcherPusher.nodeSelector }} diff --git a/charts/lagoon-test/templates/secret.yaml b/charts/lagoon-test/templates/secret.yaml index e2e63997..d548d911 100644 --- a/charts/lagoon-test/templates/secret.yaml +++ b/charts/lagoon-test/templates/secret.yaml @@ -27,6 +27,8 @@ stringData: SSH_PORT: {{ .Values.sshPort | quote }} SSH_PORTAL_HOST: {{ .Values.sshPortalHost | quote }} SSH_PORTAL_PORT: {{ .Values.sshPortalPort | quote }} + SSH_TOKEN_HOST: {{ .Values.sshTokenHost | quote }} + SSH_TOKEN_PORT: {{ .Values.sshTokenPort | quote }} SSH_PRIVATE_KEY: | {{- .Values.sshPrivateKey | nindent 4 }} WEBHOOK_HOST: {{ .Values.webhookHost | quote }} diff --git a/charts/lagoon-test/values.yaml b/charts/lagoon-test/values.yaml index b2cb9d8f..0bea382c 100644 --- a/charts/lagoon-test/values.yaml +++ b/charts/lagoon-test/values.yaml @@ -14,6 +14,8 @@ sshHost: lagoon-core-ssh sshPort: 2020 sshPortalHost: lagoon-remote-ssh-portal sshPortalPort: 2222 +sshTokenHost: lagoon-core-ssh-token +sshTokenPort: 2223 sshPrivateKey: |- -----BEGIN RSA PRIVATE KEY----- MIIJKAIBAAKCAgEAxGZZrOV7Islo5p51Moabfd1YB8qbHvQZfJDZJmSU4jNxMf8G @@ -133,7 +135,23 @@ tests: tests: [] # This value is required when suiteEnabled is true, and must be set to one or # more of the valid test suites: - # - features-kubernetes # - active-standby-kubernetes + # - api + # - deploytarget + # - features-kubernetes + # - features-kubernetes-2 + # - features-variables + # - services + # - ssh-portal + # - tasks + # - bitbucket + # - bulk-deployment + # - drush + # - generic + # - github + # - gitlab + # - image-cache # - nginx - # - drupal + # - node + # - python + # - workflows diff --git a/ci/calico/README.md b/ci/calico/README.md new file mode 100644 index 00000000..ec040995 --- /dev/null +++ b/ci/calico/README.md @@ -0,0 +1,4 @@ +Download manifests linked in the instructions in https://projectcalico.docs.tigera.io/getting-started/kubernetes/k3s/quickstart#install-calico + + + diff --git a/ci/calico/custom-resources.yaml b/ci/calico/custom-resources.yaml index bf5d3f63..121f6824 100644 --- a/ci/calico/custom-resources.yaml +++ b/ci/calico/custom-resources.yaml @@ -1,5 +1,6 @@ +# Source https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml # This section includes base Calico installation configuration. -# For more information, see: https://projectcalico.docs.tigera.io/v3.23/reference/installation/api#operator.tigera.io/v1.Installation +# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.Installation apiVersion: operator.tigera.io/v1 kind: Installation metadata: @@ -18,7 +19,7 @@ spec: --- # This section configures the Calico API server. -# For more information, see: https://projectcalico.docs.tigera.io/v3.23/reference/installation/api#operator.tigera.io/v1.APIServer +# For more information, see: https://projectcalico.docs.tigera.io/master/reference/installation/api#operator.tigera.io/v1.APIServer apiVersion: operator.tigera.io/v1 kind: APIServer metadata: diff --git a/ci/calico/tigera-operator.yaml b/ci/calico/tigera-operator.yaml index 7e5bd6a3..482bad15 100644 --- a/ci/calico/tigera-operator.yaml +++ b/ci/calico/tigera-operator.yaml @@ -1,12 +1,10 @@ +# Source https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/tigera-operator.yaml apiVersion: v1 kind: Namespace metadata: name: tigera-operator labels: name: tigera-operator - ---- - --- # Source: crds/calico/crd.projectcalico.org_bgpconfigurations.yaml apiVersion: apiextensions.k8s.io/v1 @@ -20,6 +18,7 @@ spec: listKind: BGPConfigurationList plural: bgpconfigurations singular: bgpconfiguration + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -73,6 +72,12 @@ spec: type: string type: object type: array + ignoredInterfaces: + description: IgnoredInterfaces indicates the network interfaces that + needs to be excluded when reading device routes. + items: + type: string + type: array listenPort: description: ListenPort is the port where BGP protocol should listen. Defaults to 179 @@ -201,6 +206,7 @@ spec: listKind: BGPPeerList plural: bgppeers singular: bgppeer + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -291,12 +297,23 @@ spec: remote AS number comes from the remote node's NodeBGPSpec.ASNumber, or the global default if that is not set. type: string + reachableBy: + description: Add an exact, i.e. /32, static route toward peer IP in + order to prevent route flapping. ReachableBy contains the address + of the gateway which peer can be reached by. + type: string sourceAddress: description: Specifies whether and how to configure a source address for the peerings generated by this BGPPeer resource. Default value "UseNodeIP" means to configure the node IP as the source address. "None" means not to configure a source address. type: string + ttlSecurity: + description: TTLSecurity enables the generalized TTL security mechanism + (GTSM) which protects against spoofed packets by ignoring received + packets with a smaller than expected TTL value. The provided value + is the number of hops (edges) between the peers. + type: integer type: object type: object served: true @@ -321,6 +338,7 @@ spec: listKind: BlockAffinityList plural: blockaffinities singular: blockaffinity + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -386,6 +404,7 @@ spec: listKind: CalicoNodeStatusList plural: caliconodestatuses singular: caliconodestatus + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -647,6 +666,7 @@ spec: listKind: ClusterInformationList plural: clusterinformations singular: clusterinformation + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -712,6 +732,7 @@ spec: listKind: FelixConfigurationList plural: felixconfigurations singular: felixconfiguration + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -781,15 +802,16 @@ spec: [Default: false]' type: boolean bpfEnforceRPF: - description: 'BPFEnforceRPF enforce strict RPF on all interfaces with - BPF programs regardless of what is the per-interfaces or global - setting. Possible values are Disabled or Strict. [Default: Strict]' + description: 'BPFEnforceRPF enforce strict RPF on all host interfaces + with BPF programs regardless of what is the per-interfaces or global + setting. Possible values are Disabled, Strict or Loose. [Default: + Strict]' type: string bpfExtToServiceConnmark: description: 'BPFExtToServiceConnmark in BPF mode, control a 32bit mark that is set on connections from an external client to a local service. This mark allows us to control how packets of that connection - are routed within the host and how is routing intepreted by RPF + are routed within the host and how is routing interpreted by RPF check. [Default: 0]' type: integer bpfExternalServiceMode: @@ -802,6 +824,11 @@ spec: node appears to use the IP of the ingress node; this requires a permissive L2 network. [Default: Tunnel]' type: string + bpfHostConntrackBypass: + description: 'BPFHostConntrackBypass Controls whether to bypass Linux + conntrack in BPF mode for workloads and services. [Default: true + - bypass Linux conntrack]' + type: boolean bpfKubeProxyEndpointSlicesEnabled: description: BPFKubeProxyEndpointSlicesEnabled in BPF mode, controls whether Felix's embedded kube-proxy accepts EndpointSlices or not. @@ -818,6 +845,14 @@ spec: kube-proxy. Lower values give reduced set-up latency. Higher values reduce Felix CPU usage by batching up more work. [Default: 1s]' type: string + bpfL3IfacePattern: + description: BPFL3IfacePattern is a regular expression that allows + to list tunnel devices like wireguard or vxlan (i.e., L3 devices) + in addition to BPFDataIfacePattern. That is, tunnel interfaces not + created by Calico, that Calico workload traffic flows over as well + as any interfaces that handle incoming traffic to nodeports and + services from outside the cluster. + type: string bpfLogLevel: description: 'BPFLogLevel controls the log level of the BPF programs when in BPF dataplane mode. One of "Off", "Info", or "Debug". The @@ -837,6 +872,11 @@ spec: policy. Selectors such as "all()" can result in large numbers of entries (one entry per endpoint in that case). type: integer + bpfMapSizeIfState: + description: BPFMapSizeIfState sets the size for ifstate map. The + ifstate map must be large enough to hold an entry for each device + (host + workloads) on a host. + type: integer bpfMapSizeNATAffinity: type: integer bpfMapSizeNATBackend: @@ -869,6 +909,11 @@ spec: are inclusive. [Default: 20000:29999]' pattern: ^.* x-kubernetes-int-or-string: true + bpfPolicyDebugEnabled: + description: BPFPolicyDebugEnabled when true, Felix records detailed + information about the BPF policy programs, which can be examined + with the calico-bpf command-line tool. + type: boolean chainInsertMode: description: 'ChainInsertMode controls whether Felix hooks the kernel''s top-level iptables chains by inserting a rule at the top of the @@ -883,11 +928,12 @@ spec: to use. Only used if UseInternalDataplaneDriver is set to false. type: string dataplaneWatchdogTimeout: - description: 'DataplaneWatchdogTimeout is the readiness/liveness timeout - used for Felix''s (internal) dataplane driver. Increase this value + description: "DataplaneWatchdogTimeout is the readiness/liveness timeout + used for Felix's (internal) dataplane driver. Increase this value if you experience spurious non-ready or non-live events when Felix is under heavy load. Decrease the value to get felix to report non-live - or non-ready more quickly. [Default: 90s]' + or non-ready more quickly. [Default: 90s] \n Deprecated: replaced + by the generic HealthTimeoutOverrides." type: string debugDisableLogDropping: type: boolean @@ -991,16 +1037,21 @@ spec: type: object type: array featureDetectOverride: - description: FeatureDetectOverride is used to override the feature - detection. Values are specified in a comma separated list with no - spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". - "true" or "false" will force the feature, empty or omitted values - are auto-detected. + description: FeatureDetectOverride is used to override feature detection + based on auto-detected platform capabilities. Values are specified + in a comma separated list with no spaces, example; "SNATFullyRandom=true,MASQFullyRandom=false,RestoreSupportsLock=". "true" + or "false" will force the feature, empty or omitted values are auto-detected. + type: string + featureGates: + description: FeatureGates is used to enable or disable tech-preview + Calico features. Values are specified in a comma separated list + with no spaces, example; "BPFConnectTimeLoadBalancingWorkaround=enabled,XyZ=false". + This is used to enable features that are not fully production ready. type: string floatingIPs: - default: Disabled description: FloatingIPs configures whether or not Felix will program - floating IP addresses. + non-OpenStack floating IP addresses. (OpenStack-derived floating + IPs are always programmed, regardless of this setting.) enum: - Enabled - Disabled @@ -1017,6 +1068,23 @@ spec: type: string healthPort: type: integer + healthTimeoutOverrides: + description: HealthTimeoutOverrides allows the internal watchdog timeouts + of individual subcomponents to be overriden. This is useful for + working around "false positive" liveness timeouts that can occur + in particularly stressful workloads or if CPU is constrained. For + a list of active subcomponents, see Felix's logs. + items: + properties: + name: + type: string + timeout: + type: string + required: + - name + - timeout + type: object + type: array interfaceExclude: description: 'InterfaceExclude is a comma-separated list of interfaces that Felix should exclude when monitoring for host endpoints. The @@ -1058,7 +1126,7 @@ spec: type: string iptablesBackend: description: IptablesBackend specifies which backend of iptables will - be used. The default is legacy. + be used. The default is Auto. type: string iptablesFilterAllowAction: type: string @@ -1260,6 +1328,10 @@ spec: information. - WorkloadIPs: use workload endpoints to construct routes. - CalicoIPAM: the default - use IPAM data to construct routes.' type: string + routeSyncDisabled: + description: RouteSyncDisabled will disable all operations performed + on the route table. Set to true to run in network-policy mode only. + type: boolean routeTableRange: description: Deprecated in favor of RouteTableRanges. Calico programs additional Linux route tables for various purposes. RouteTableRange @@ -1321,8 +1393,8 @@ spec: type: boolean vxlanEnabled: description: 'VXLANEnabled overrides whether Felix should create the - VXLAN tunnel device for VXLAN networking. Optional as Felix determines - this based on the existing IP pools. [Default: nil (unset)]' + VXLAN tunnel device for IPv4 VXLAN networking. Optional as Felix + determines this based on the existing IP pools. [Default: nil (unset)]' type: boolean vxlanMTU: description: 'VXLANMTU is the MTU to set on the IPv4 VXLAN tunnel @@ -1337,7 +1409,13 @@ spec: vxlanVNI: type: integer wireguardEnabled: - description: 'WireguardEnabled controls whether Wireguard is enabled. + description: 'WireguardEnabled controls whether Wireguard is enabled + for IPv4 (encapsulating IPv4 traffic over an IPv4 underlay network). + [Default: false]' + type: boolean + wireguardEnabledV6: + description: 'WireguardEnabledV6 controls whether Wireguard is enabled + for IPv6 (encapsulating IPv6 traffic over an IPv6 underlay network). [Default: false]' type: boolean wireguardHostEncryptionEnabled: @@ -1346,7 +1424,11 @@ spec: type: boolean wireguardInterfaceName: description: 'WireguardInterfaceName specifies the name to use for - the Wireguard interface. [Default: wg.calico]' + the IPv4 Wireguard interface. [Default: wireguard.cali]' + type: string + wireguardInterfaceNameV6: + description: 'WireguardInterfaceNameV6 specifies the name to use for + the IPv6 Wireguard interface. [Default: wg-v6.cali]' type: string wireguardKeepAlive: description: 'WireguardKeepAlive controls Wireguard PersistentKeepalive @@ -1354,11 +1436,19 @@ spec: type: string wireguardListeningPort: description: 'WireguardListeningPort controls the listening port used - by Wireguard. [Default: 51820]' + by IPv4 Wireguard. [Default: 51820]' + type: integer + wireguardListeningPortV6: + description: 'WireguardListeningPortV6 controls the listening port + used by IPv6 Wireguard. [Default: 51821]' type: integer wireguardMTU: - description: 'WireguardMTU controls the MTU on the Wireguard interface. - See Configuring MTU [Default: 1420]' + description: 'WireguardMTU controls the MTU on the IPv4 Wireguard + interface. See Configuring MTU [Default: 1440]' + type: integer + wireguardMTUV6: + description: 'WireguardMTUV6 controls the MTU on the IPv6 Wireguard + interface. See Configuring MTU [Default: 1420]' type: integer wireguardRoutingRulePriority: description: 'WireguardRoutingRulePriority controls the priority value @@ -1404,6 +1494,7 @@ spec: listKind: GlobalNetworkPolicyList plural: globalnetworkpolicies singular: globalnetworkpolicy + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2260,6 +2351,7 @@ spec: listKind: GlobalNetworkSetList plural: globalnetworksets singular: globalnetworkset + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2314,6 +2406,7 @@ spec: listKind: HostEndpointList plural: hostendpoints singular: hostendpoint + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2423,6 +2516,7 @@ spec: listKind: IPAMBlockList plural: ipamblocks singular: ipamblock + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2543,6 +2637,7 @@ spec: listKind: IPAMConfigList plural: ipamconfigs singular: ipamconfig + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2570,6 +2665,8 @@ spec: maxBlocksPerHost: description: MaxBlocksPerHost, if non-zero, is the max number of blocks that can be affine to each host. + maximum: 2147483647 + minimum: 0 type: integer strictAffinity: type: boolean @@ -2600,6 +2697,7 @@ spec: listKind: IPAMHandleList plural: ipamhandles singular: ipamhandle + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2657,6 +2755,7 @@ spec: listKind: IPPoolList plural: ippools singular: ippool + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2728,7 +2827,7 @@ spec: for internal use only.' type: boolean natOutgoing: - description: When nat-outgoing is true, packets sent from Calico networked + description: When natOutgoing is true, packets sent from Calico networked containers in this pool to destinations outside of this pool will be masqueraded. type: boolean @@ -2770,6 +2869,7 @@ spec: listKind: IPReservationList plural: ipreservations singular: ipreservation + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -2822,6 +2922,7 @@ spec: listKind: KubeControllersConfigurationList plural: kubecontrollersconfigurations singular: kubecontrollersconfiguration + preserveUnknownFields: false scope: Cluster versions: - name: v1 @@ -3076,6 +3177,7 @@ spec: listKind: NetworkPolicyList plural: networkpolicies singular: networkpolicy + preserveUnknownFields: false scope: Namespaced versions: - name: v1 @@ -3913,6 +4015,7 @@ spec: listKind: NetworkSetList plural: networksets singular: networkset + preserveUnknownFields: false scope: Namespaced versions: - name: v1 @@ -3954,6 +4057,8 @@ status: --- # Source: crds/operator.tigera.io_apiservers_crd.yaml + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -3989,6 +4094,1308 @@ spec: type: object spec: description: Specification of the desired state for the Tigera API server. + properties: + apiServerDeployment: + description: APIServerDeployment configures the calico-apiserver (or + tigera-apiserver in Enterprise) Deployment. If used in conjunction + with ControlPlaneNodeSelector or ControlPlaneTolerations, then these + overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's metadata + that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to the + object's annotations provided the key does not already exist + in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values that + may match replicaset and service selectors. Each of these + key/value pairs are added to the object's labels provided + the key does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the specification of the API server Deployment. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds + for which a newly created Deployment pod should be ready + without any of its container crashing, for it to be considered + available. If specified, this overrides any minReadySeconds + value that may be set on the API server Deployment. If omitted, + the API server Deployment will use its default value for + minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the API server Deployment + pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added + to the object's annotations provided the key does + not already exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. + Each of these key/value pairs are added to the object's + labels provided the key does not already exist in + the object's labels. + type: object + type: object + spec: + description: Spec is the API server Deployment's PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity scheduling + rules for the API server pods. If specified, this + overrides any affinity that may be set on the API + server Deployment. If omitted, the API server Deployment + will use its default value for affinity. WARNING: + Please note that this field will override the default + API server Deployment affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod + label update), the system may or may not + try to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with the + greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system may + or may not try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of API server containers. + If specified, this overrides the specified API server + Deployment containers. If omitted, the API server + Deployment will use its default values for its containers. + items: + description: APIServerDeploymentContainer is an + API server Deployment container. + properties: + name: + description: Name is an enum which identifies + the API server Deployment container by name. + enum: + - calico-apiserver + - tigera-queryserver + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named API server Deployment + container's resources. If omitted, the API + server Deployment will use its default value + for this container's resources. If used in + conjunction with the deprecated ComponentResources, + then this value takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + initContainers: + description: InitContainers is a list of API server + init containers. If specified, this overrides the + specified API server Deployment init containers. + If omitted, the API server Deployment will use its + default values for its init containers. + items: + description: APIServerDeploymentInitContainer is + an API server Deployment init container. + properties: + name: + description: Name is an enum which identifies + the API server Deployment init container by + name. + enum: + - calico-apiserver-certs-key-cert-provisioner + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named API server Deployment + init container's resources. If omitted, the + API server Deployment will use its default + value for this init container's resources. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the API server pod''s + scheduling constraints. If specified, each of the + key/value pairs are added to the API server Deployment + nodeSelector provided the key does not already exist + in the object''s nodeSelector. If used in conjunction + with ControlPlaneNodeSelector, that nodeSelector + is set on the API server Deployment and each of + this field''s key/value pairs are added to the API + server Deployment nodeSelector provided the key + does not already exist in the object''s nodeSelector. + If omitted, the API server Deployment will use its + default value for nodeSelector. WARNING: Please + note that this field will modify the default API + server Deployment nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the API server pod''s + tolerations. If specified, this overrides any tolerations + that may be set on the API server Deployment. If + omitted, the API server Deployment will use its + default value for tolerations. WARNING: Please note + that this field will override the default API server + Deployment tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object type: object status: description: Most recently observed status for the Tigera API server. @@ -4002,9 +5409,17 @@ spec: storage: true subresources: status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] --- # Source: crds/operator.tigera.io_imagesets_crd.yaml + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -4025,7 +5440,7 @@ spec: openAPIV3Schema: description: ImageSet is used to specify image digests for the images that the operator deploys. The name of the ImageSet is expected to be in the - format `-`. The `variant` used is `enterprise` if the + format `-`. The `variant` used is `enterprise` if the InstallationSpec Variant is `TigeraSecureEnterprise` otherwise it is `calico`. The `release` must match the version of the variant that the operator is built to deploy, this version can be obtained by passing the `--version` @@ -4083,6 +5498,8 @@ status: --- # Source: crds/operator.tigera.io_installations_crd.yaml + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -4122,6 +5539,1255 @@ spec: description: Specification of the desired state for the Calico or Calico Enterprise installation. properties: + calicoKubeControllersDeployment: + description: CalicoKubeControllersDeployment configures the calico-kube-controllers + Deployment. If used in conjunction with the deprecated ComponentResources, + then these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's metadata + that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to the + object's annotations provided the key does not already exist + in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values that + may match replicaset and service selectors. Each of these + key/value pairs are added to the object's labels provided + the key does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-kube-controllers + Deployment. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds + for which a newly created Deployment pod should be ready + without any of its container crashing, for it to be considered + available. If specified, this overrides any minReadySeconds + value that may be set on the calico-kube-controllers Deployment. + If omitted, the calico-kube-controllers Deployment will + use its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-kube-controllers + Deployment pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added + to the object's annotations provided the key does + not already exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. + Each of these key/value pairs are added to the object's + labels provided the key does not already exist in + the object's labels. + type: object + type: object + spec: + description: Spec is the calico-kube-controllers Deployment's + PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity scheduling + rules for the calico-kube-controllers pods. If specified, + this overrides any affinity that may be set on the + calico-kube-controllers Deployment. If omitted, + the calico-kube-controllers Deployment will use + its default value for affinity. WARNING: Please + note that this field will override the default calico-kube-controllers + Deployment affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod + label update), the system may or may not + try to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with the + greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system may + or may not try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-kube-controllers + containers. If specified, this overrides the specified + calico-kube-controllers Deployment containers. If + omitted, the calico-kube-controllers Deployment + will use its default values for its containers. + items: + description: CalicoKubeControllersDeploymentContainer + is a calico-kube-controllers Deployment container. + properties: + name: + description: Name is an enum which identifies + the calico-kube-controllers Deployment container + by name. + enum: + - calico-kube-controllers + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named calico-kube-controllers + Deployment container's resources. If omitted, + the calico-kube-controllers Deployment will + use its default value for this container's + resources. If used in conjunction with the + deprecated ComponentResources, then this value + takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-kube-controllers + pod''s scheduling constraints. If specified, each + of the key/value pairs are added to the calico-kube-controllers + Deployment nodeSelector provided the key does not + already exist in the object''s nodeSelector. If + used in conjunction with ControlPlaneNodeSelector, + that nodeSelector is set on the calico-kube-controllers + Deployment and each of this field''s key/value pairs + are added to the calico-kube-controllers Deployment + nodeSelector provided the key does not already exist + in the object''s nodeSelector. If omitted, the calico-kube-controllers + Deployment will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-kube-controllers Deployment nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-kube-controllers + pod''s tolerations. If specified, this overrides + any tolerations that may be set on the calico-kube-controllers + Deployment. If omitted, the calico-kube-controllers + Deployment will use its default value for tolerations. + WARNING: Please note that this field will override + the default calico-kube-controllers Deployment tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object calicoNetwork: description: CalicoNetwork specifies networking configuration options for Calico. @@ -4165,6 +6831,12 @@ spec: description: CIDR contains the address range for the IP Pool in classless inter-domain routing format. type: string + disableBGPExport: + default: false + description: 'DisableBGPExport specifies whether routes + from this IP pool''s CIDR are exported over BGP. Default: + false' + type: boolean encapsulation: description: 'Encapsulation specifies the encapsulation type that will be used with the IP Pool. Default: IPIP' @@ -4289,6 +6961,2547 @@ spec: type: string type: object type: object + calicoNodeDaemonSet: + description: CalicoNodeDaemonSet configures the calico-node DaemonSet. + If used in conjunction with the deprecated ComponentResources, then + these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's metadata + that is added to the DaemonSet. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to the + object's annotations provided the key does not already exist + in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values that + may match replicaset and service selectors. Each of these + key/value pairs are added to the object's labels provided + the key does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-node DaemonSet. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds + for which a newly created DaemonSet pod should be ready + without any of its container crashing, for it to be considered + available. If specified, this overrides any minReadySeconds + value that may be set on the calico-node DaemonSet. If omitted, + the calico-node DaemonSet will use its default value for + minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-node DaemonSet + pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added + to the object's annotations provided the key does + not already exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. + Each of these key/value pairs are added to the object's + labels provided the key does not already exist in + the object's labels. + type: object + type: object + spec: + description: Spec is the calico-node DaemonSet's PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity scheduling + rules for the calico-node pods. If specified, this + overrides any affinity that may be set on the calico-node + DaemonSet. If omitted, the calico-node DaemonSet + will use its default value for affinity. WARNING: + Please note that this field will override the default + calico-node DaemonSet affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod + label update), the system may or may not + try to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with the + greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system may + or may not try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-node containers. + If specified, this overrides the specified calico-node + DaemonSet containers. If omitted, the calico-node + DaemonSet will use its default values for its containers. + items: + description: CalicoNodeDaemonSetContainer is a calico-node + DaemonSet container. + properties: + name: + description: Name is an enum which identifies + the calico-node DaemonSet container by name. + enum: + - calico-node + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named calico-node DaemonSet + container's resources. If omitted, the calico-node + DaemonSet will use its default value for this + container's resources. If used in conjunction + with the deprecated ComponentResources, then + this value takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + initContainers: + description: InitContainers is a list of calico-node + init containers. If specified, this overrides the + specified calico-node DaemonSet init containers. + If omitted, the calico-node DaemonSet will use its + default values for its init containers. + items: + description: CalicoNodeDaemonSetInitContainer is + a calico-node DaemonSet init container. + properties: + name: + description: Name is an enum which identifies + the calico-node DaemonSet init container by + name. + enum: + - install-cni + - hostpath-init + - flexvol-driver + - mount-bpffs + - node-certs-key-cert-provisioner + - calico-node-prometheus-server-tls-key-cert-provisioner + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named calico-node DaemonSet + init container's resources. If omitted, the + calico-node DaemonSet will use its default + value for this container's resources. If used + in conjunction with the deprecated ComponentResources, + then this value takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-node pod''s + scheduling constraints. If specified, each of the + key/value pairs are added to the calico-node DaemonSet + nodeSelector provided the key does not already exist + in the object''s nodeSelector. If omitted, the calico-node + DaemonSet will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-node DaemonSet nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-node pod''s + tolerations. If specified, this overrides any tolerations + that may be set on the calico-node DaemonSet. If + omitted, the calico-node DaemonSet will use its + default value for tolerations. WARNING: Please note + that this field will override the default calico-node + DaemonSet tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object + calicoWindowsUpgradeDaemonSet: + description: CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade + DaemonSet. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's metadata + that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to the + object's annotations provided the key does not already exist + in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values that + may match replicaset and service selectors. Each of these + key/value pairs are added to the object's labels provided + the key does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-windows-upgrade + DaemonSet. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds + for which a newly created Deployment pod should be ready + without any of its container crashing, for it to be considered + available. If specified, this overrides any minReadySeconds + value that may be set on the calico-windows-upgrade DaemonSet. + If omitted, the calico-windows-upgrade DaemonSet will use + its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-windows-upgrade + DaemonSet pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added + to the object's annotations provided the key does + not already exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. + Each of these key/value pairs are added to the object's + labels provided the key does not already exist in + the object's labels. + type: object + type: object + spec: + description: Spec is the calico-windows-upgrade DaemonSet's + PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity scheduling + rules for the calico-windows-upgrade pods. If specified, + this overrides any affinity that may be set on the + calico-windows-upgrade DaemonSet. If omitted, the + calico-windows-upgrade DaemonSet will use its default + value for affinity. WARNING: Please note that this + field will override the default calico-windows-upgrade + DaemonSet affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod + label update), the system may or may not + try to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with the + greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system may + or may not try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-windows-upgrade + containers. If specified, this overrides the specified + calico-windows-upgrade DaemonSet containers. If + omitted, the calico-windows-upgrade DaemonSet will + use its default values for its containers. + items: + description: CalicoWindowsUpgradeDaemonSetContainer + is a calico-windows-upgrade DaemonSet container. + properties: + name: + description: Name is an enum which identifies + the calico-windows-upgrade DaemonSet container + by name. + enum: + - calico-windows-upgrade + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named calico-windows-upgrade + DaemonSet container's resources. If omitted, + the calico-windows-upgrade DaemonSet will + use its default value for this container's + resources. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-windows-upgrade + pod''s scheduling constraints. If specified, each + of the key/value pairs are added to the calico-windows-upgrade + DaemonSet nodeSelector provided the key does not + already exist in the object''s nodeSelector. If + omitted, the calico-windows-upgrade DaemonSet will + use its default value for nodeSelector. WARNING: + Please note that this field will modify the default + calico-windows-upgrade DaemonSet nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-windows-upgrade + pod''s tolerations. If specified, this overrides + any tolerations that may be set on the calico-windows-upgrade + DaemonSet. If omitted, the calico-windows-upgrade + DaemonSet will use its default value for tolerations. + WARNING: Please note that this field will override + the default calico-windows-upgrade DaemonSet tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object certificateManagement: description: CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 API in order to obtain TLS certificates. @@ -4385,12 +9598,14 @@ spec: - type type: object componentResources: - description: ComponentResources can be used to customize the resource - requirements for each component. Node, Typha, and KubeControllers - are supported for installations. + description: Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, + and KubeControllersDeployment. ComponentResources can be used to + customize the resource requirements for each component. Node, Typha, + and KubeControllers are supported for installations. items: - description: The ComponentResource struct associates a ResourceRequirements - with a component by name + description: Deprecated. Please use component resource config fields + in Installation.Spec instead. The ComponentResource struct associates + a ResourceRequirements with a component by name properties: componentName: description: ComponentName is an enum which identifies the component @@ -4487,6 +9702,14 @@ spec: type: string type: object type: array + fipsMode: + description: 'FIPSMode uses images and features only that are using + FIPS 140-2 validated cryptographic modules and standards. Default: + Disabled' + enum: + - Enabled + - Disabled + type: string flexVolumePath: description: FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled by default. @@ -4527,6 +9750,11 @@ spec: type: string type: object type: array + kubeletVolumePluginPath: + description: 'KubeletVolumePluginPath optionally specifies enablement + of Calico CSI plugin. If not specified, CSI will be enabled by default. + If set to ''None'', CSI will be disabled. Default: /var/lib/kubelet' + type: string kubernetesProvider: description: KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. @@ -4587,7 +9815,7 @@ spec: on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption. This is - an alpha field and requires enabling DaemonSetUpdateSurge + beta field and enabled/disabled by DaemonSetUpdateSurge feature gate.' x-kubernetes-int-or-string: true maxUnavailable: @@ -4598,18 +9826,17 @@ spec: be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number - is calculated from percentage by rounding down to a minimum - of one. This cannot be 0 if MaxSurge is 0 Default value - is 1. Example: when this is set to 30%, at most 30% of the - total number of nodes that should be running the daemon - pod (i.e. status.desiredNumberScheduled) can have their - pods stopped for an update at any given time. The update - starts by stopping at most 30% of those DaemonSet pods and - then brings up new DaemonSet pods in their place. Once the - new pods are available, it then proceeds onto other DaemonSet - pods, thus ensuring that at least 70% of original number - of DaemonSet pods are available at all times during the - update.' + is calculated from percentage by rounding up. This cannot + be 0 if MaxSurge is 0 Default value is 1. Example: when + this is set to 30%, at most 30% of the total number of nodes + that should be running the daemon pod (i.e. status.desiredNumberScheduled) + can have their pods stopped for an update at any given time. + The update starts by stopping at most 30% of those DaemonSet + pods and then brings up new DaemonSet pods in their place. + Once the new pods are available, it then proceeds onto other + DaemonSet pods, thus ensuring that at least 70% of original + number of DaemonSet pods are available at all times during + the update.' x-kubernetes-int-or-string: true type: object type: @@ -4632,7 +9859,8 @@ spec: above format." type: string typhaAffinity: - description: TyphaAffinity allows configuration of node affinity characteristics + description: Deprecated. Please use Installation.Spec.TyphaDeployment + instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods. properties: nodeAffinity: @@ -4843,6 +10071,1301 @@ spec: type: object type: object type: object + typhaDeployment: + description: TyphaDeployment configures the typha Deployment. If used + in conjunction with the deprecated ComponentResources or TyphaAffinity, + then these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's metadata + that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to the + object's annotations provided the key does not already exist + in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values that + may match replicaset and service selectors. Each of these + key/value pairs are added to the object's labels provided + the key does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the specification of the typha Deployment. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of seconds + for which a newly created Deployment pod should be ready + without any of its container crashing, for it to be considered + available. If specified, this overrides any minReadySeconds + value that may be set on the typha Deployment. If omitted, + the typha Deployment will use its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the typha Deployment pod that + will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added + to the object's annotations provided the key does + not already exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. + Each of these key/value pairs are added to the object's + labels provided the key does not already exist in + the object's labels. + type: object + type: object + spec: + description: Spec is the typha Deployment's PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity scheduling + rules for the typha pods. If specified, this overrides + any affinity that may be set on the typha Deployment. + If omitted, the typha Deployment will use its default + value for affinity. If used in conjunction with + the deprecated TyphaAffinity, then this value takes + precedence. WARNING: Please note that this field + will override the default calico-typha Deployment + affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the + most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null preferred + scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node selector + term matches no objects. The requirements + of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector + requirements by node's labels. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector + requirements by node's fields. + items: + description: A node selector requirement + is a selector that contains + values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key + that the selector applies + to. + type: string + operator: + description: Represents a + key's relationship to a + set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string + values. If the operator + is In or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the values + array must be empty. If + the operator is Gt or Lt, + the values array must have + a single element, which + will be interpreted as an + integer. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same node, + zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + affinity expressions specified by this field, + but it may choose a node that violates one + or more of the expressions. The node that + is most preferred is the one with the greatest + sum of weights, i.e. for each node that + meets all of the scheduling requirements + (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum + by iterating through the elements of this + field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest + sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the affinity requirements specified + by this field cease to be met at some point + during pod execution (e.g. due to a pod + label update), the system may or may not + try to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to + schedule pods to nodes that satisfy the + anti-affinity expressions specified by this + field, but it may choose a node that violates + one or more of the expressions. The node + that is most preferred is the one with the + greatest sum of weights, i.e. for each node + that meets all of the scheduling requirements + (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute + a sum by iterating through the elements + of this field and adding "weight" to the + sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the matched + WeightedPodAffinityTerm fields are added + per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met at scheduling + time, the pod will not be scheduled onto + the node. If the anti-affinity requirements + specified by this field cease to be met + at some point during pod execution (e.g. + due to a pod label update), the system may + or may not try to eventually evict the pod + from its node. When there are multiple elements, + the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all + terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this pod + should be co-located (affinity) or not + co-located (anti-affinity) with, where + co-located is defined as running on a + node whose value of the label with key + matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set + of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's + namespace". An empty selector ({}) + matches all namespaces. This field + is beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is + a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector + requirement is a selector that + contains values, a key, and + an operator that relates the + key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In or + NotIn, the values array + must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be + empty. This array is replaced + during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single + {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator is + "In", and the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a + static list of namespace names that + the term applies to. The term is applied + to the union of the namespaces listed + in this field and the ones selected + by namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where + co-located is defined as running on + a node whose value of the label with + key topologyKey matches that of any + node on which any of the selected + pods is running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of typha containers. + If specified, this overrides the specified typha + Deployment containers. If omitted, the typha Deployment + will use its default values for its containers. + items: + description: TyphaDeploymentContainer is a typha + Deployment container. + properties: + name: + description: Name is an enum which identifies + the typha Deployment container by name. + enum: + - calico-typha + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named typha Deployment container's + resources. If omitted, the typha Deployment + will use its default value for this container's + resources. If used in conjunction with the + deprecated ComponentResources, then this value + takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + initContainers: + description: InitContainers is a list of typha init + containers. If specified, this overrides the specified + typha Deployment init containers. If omitted, the + typha Deployment will use its default values for + its init containers. + items: + description: TyphaDeploymentInitContainer is a typha + Deployment init container. + properties: + name: + description: Name is an enum which identifies + the typha Deployment init container by name. + enum: + - typha-certs-key-cert-provisioner + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, this + overrides the named typha Deployment init + container's resources. If omitted, the typha + Deployment will use its default value for + this init container's resources. If used in + conjunction with the deprecated ComponentResources, + then this value takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-typha pod''s + scheduling constraints. If specified, each of the + key/value pairs are added to the calico-typha Deployment + nodeSelector provided the key does not already exist + in the object''s nodeSelector. If omitted, the calico-typha + Deployment will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-typha Deployment nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the typha pod''s tolerations. + If specified, this overrides any tolerations that + may be set on the typha Deployment. If omitted, + the typha Deployment will use its default value + for tolerations. WARNING: Please note that this + field will override the default calico-typha Deployment + tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint effect + to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, + PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; + this combination means to match all values + and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and + Equal. Defaults to Equal. Exists is equivalent + to wildcard for value, so that a pod can tolerate + all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the + period of time the toleration (which must + be of effect NoExecute, otherwise this field + is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint + forever (do not evict). Zero and negative + values will be treated as 0 (evict immediately) + by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the + value should be empty, otherwise just a regular + string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object typhaMetricsPort: description: TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. @@ -4864,6 +11387,1355 @@ spec: description: Computed is the final installation including overlaid resources. properties: + calicoKubeControllersDeployment: + description: CalicoKubeControllersDeployment configures the calico-kube-controllers + Deployment. If used in conjunction with the deprecated ComponentResources, + then these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to + the object's annotations provided the key does not already + exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. Each + of these key/value pairs are added to the object's labels + provided the key does not already exist in the object's + labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-kube-controllers + Deployment. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of + seconds for which a newly created Deployment pod should + be ready without any of its container crashing, for + it to be considered available. If specified, this overrides + any minReadySeconds value that may be set on the calico-kube-controllers + Deployment. If omitted, the calico-kube-controllers + Deployment will use its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-kube-controllers + Deployment pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes + object's metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary + non-identifying metadata. Each of these key/value + pairs are added to the object's annotations + provided the key does not already exist in the + object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and + values that may match replicaset and service + selectors. Each of these key/value pairs are + added to the object's labels provided the key + does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the calico-kube-controllers Deployment's + PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity + scheduling rules for the calico-kube-controllers + pods. If specified, this overrides any affinity + that may be set on the calico-kube-controllers + Deployment. If omitted, the calico-kube-controllers + Deployment will use its default value for affinity. + WARNING: Please note that this field will override + the default calico-kube-controllers Deployment + affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-kube-controllers + containers. If specified, this overrides the + specified calico-kube-controllers Deployment + containers. If omitted, the calico-kube-controllers + Deployment will use its default values for its + containers. + items: + description: CalicoKubeControllersDeploymentContainer + is a calico-kube-controllers Deployment container. + properties: + name: + description: Name is an enum which identifies + the calico-kube-controllers Deployment + container by name. + enum: + - calico-kube-controllers + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named calico-kube-controllers + Deployment container's resources. If omitted, + the calico-kube-controllers Deployment + will use its default value for this container's + resources. If used in conjunction with + the deprecated ComponentResources, then + this value takes precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-kube-controllers + pod''s scheduling constraints. If specified, + each of the key/value pairs are added to the + calico-kube-controllers Deployment nodeSelector + provided the key does not already exist in the + object''s nodeSelector. If used in conjunction + with ControlPlaneNodeSelector, that nodeSelector + is set on the calico-kube-controllers Deployment + and each of this field''s key/value pairs are + added to the calico-kube-controllers Deployment + nodeSelector provided the key does not already + exist in the object''s nodeSelector. If omitted, + the calico-kube-controllers Deployment will + use its default value for nodeSelector. WARNING: + Please note that this field will modify the + default calico-kube-controllers Deployment nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-kube-controllers + pod''s tolerations. If specified, this overrides + any tolerations that may be set on the calico-kube-controllers + Deployment. If omitted, the calico-kube-controllers + Deployment will use its default value for tolerations. + WARNING: Please note that this field will override + the default calico-kube-controllers Deployment + tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match all + taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means + to match all values and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. + By default, it is not set, which means + tolerate the taint forever (do not evict). + Zero and negative values will be treated + as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator + is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object calicoNetwork: description: CalicoNetwork specifies networking configuration options for Calico. @@ -4908,6 +12780,12 @@ spec: description: CIDR contains the address range for the IP Pool in classless inter-domain routing format. type: string + disableBGPExport: + default: false + description: 'DisableBGPExport specifies whether routes + from this IP pool''s CIDR are exported over BGP. Default: + false' + type: boolean encapsulation: description: 'Encapsulation specifies the encapsulation type that will be used with the IP Pool. Default: @@ -5035,6 +12913,2748 @@ spec: type: string type: object type: object + calicoNodeDaemonSet: + description: CalicoNodeDaemonSet configures the calico-node DaemonSet. + If used in conjunction with the deprecated ComponentResources, + then these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the DaemonSet. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to + the object's annotations provided the key does not already + exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. Each + of these key/value pairs are added to the object's labels + provided the key does not already exist in the object's + labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-node + DaemonSet. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of + seconds for which a newly created DaemonSet pod should + be ready without any of its container crashing, for + it to be considered available. If specified, this overrides + any minReadySeconds value that may be set on the calico-node + DaemonSet. If omitted, the calico-node DaemonSet will + use its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-node DaemonSet + pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes + object's metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary + non-identifying metadata. Each of these key/value + pairs are added to the object's annotations + provided the key does not already exist in the + object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and + values that may match replicaset and service + selectors. Each of these key/value pairs are + added to the object's labels provided the key + does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the calico-node DaemonSet's PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity + scheduling rules for the calico-node pods. If + specified, this overrides any affinity that + may be set on the calico-node DaemonSet. If + omitted, the calico-node DaemonSet will use + its default value for affinity. WARNING: Please + note that this field will override the default + calico-node DaemonSet affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-node + containers. If specified, this overrides the + specified calico-node DaemonSet containers. + If omitted, the calico-node DaemonSet will use + its default values for its containers. + items: + description: CalicoNodeDaemonSetContainer is + a calico-node DaemonSet container. + properties: + name: + description: Name is an enum which identifies + the calico-node DaemonSet container by + name. + enum: + - calico-node + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named calico-node DaemonSet + container's resources. If omitted, the + calico-node DaemonSet will use its default + value for this container's resources. + If used in conjunction with the deprecated + ComponentResources, then this value takes + precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + initContainers: + description: InitContainers is a list of calico-node + init containers. If specified, this overrides + the specified calico-node DaemonSet init containers. + If omitted, the calico-node DaemonSet will use + its default values for its init containers. + items: + description: CalicoNodeDaemonSetInitContainer + is a calico-node DaemonSet init container. + properties: + name: + description: Name is an enum which identifies + the calico-node DaemonSet init container + by name. + enum: + - install-cni + - hostpath-init + - flexvol-driver + - mount-bpffs + - node-certs-key-cert-provisioner + - calico-node-prometheus-server-tls-key-cert-provisioner + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named calico-node DaemonSet + init container's resources. If omitted, + the calico-node DaemonSet will use its + default value for this container's resources. + If used in conjunction with the deprecated + ComponentResources, then this value takes + precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-node + pod''s scheduling constraints. If specified, + each of the key/value pairs are added to the + calico-node DaemonSet nodeSelector provided + the key does not already exist in the object''s + nodeSelector. If omitted, the calico-node DaemonSet + will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-node DaemonSet nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-node pod''s + tolerations. If specified, this overrides any + tolerations that may be set on the calico-node + DaemonSet. If omitted, the calico-node DaemonSet + will use its default value for tolerations. + WARNING: Please note that this field will override + the default calico-node DaemonSet tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match all + taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means + to match all values and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. + By default, it is not set, which means + tolerate the taint forever (do not evict). + Zero and negative values will be treated + as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator + is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object + calicoWindowsUpgradeDaemonSet: + description: CalicoWindowsUpgradeDaemonSet configures the calico-windows-upgrade + DaemonSet. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to + the object's annotations provided the key does not already + exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. Each + of these key/value pairs are added to the object's labels + provided the key does not already exist in the object's + labels. + type: object + type: object + spec: + description: Spec is the specification of the calico-windows-upgrade + DaemonSet. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of + seconds for which a newly created Deployment pod should + be ready without any of its container crashing, for + it to be considered available. If specified, this overrides + any minReadySeconds value that may be set on the calico-windows-upgrade + DaemonSet. If omitted, the calico-windows-upgrade DaemonSet + will use its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the calico-windows-upgrade + DaemonSet pod that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes + object's metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary + non-identifying metadata. Each of these key/value + pairs are added to the object's annotations + provided the key does not already exist in the + object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and + values that may match replicaset and service + selectors. Each of these key/value pairs are + added to the object's labels provided the key + does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the calico-windows-upgrade DaemonSet's + PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity + scheduling rules for the calico-windows-upgrade + pods. If specified, this overrides any affinity + that may be set on the calico-windows-upgrade + DaemonSet. If omitted, the calico-windows-upgrade + DaemonSet will use its default value for affinity. + WARNING: Please note that this field will override + the default calico-windows-upgrade DaemonSet + affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of calico-windows-upgrade + containers. If specified, this overrides the + specified calico-windows-upgrade DaemonSet containers. + If omitted, the calico-windows-upgrade DaemonSet + will use its default values for its containers. + items: + description: CalicoWindowsUpgradeDaemonSetContainer + is a calico-windows-upgrade DaemonSet container. + properties: + name: + description: Name is an enum which identifies + the calico-windows-upgrade DaemonSet container + by name. + enum: + - calico-windows-upgrade + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named calico-windows-upgrade + DaemonSet container's resources. If omitted, + the calico-windows-upgrade DaemonSet will + use its default value for this container's + resources. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-windows-upgrade + pod''s scheduling constraints. If specified, + each of the key/value pairs are added to the + calico-windows-upgrade DaemonSet nodeSelector + provided the key does not already exist in the + object''s nodeSelector. If omitted, the calico-windows-upgrade + DaemonSet will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-windows-upgrade DaemonSet + nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the calico-windows-upgrade + pod''s tolerations. If specified, this overrides + any tolerations that may be set on the calico-windows-upgrade + DaemonSet. If omitted, the calico-windows-upgrade + DaemonSet will use its default value for tolerations. + WARNING: Please note that this field will override + the default calico-windows-upgrade DaemonSet + tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match all + taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means + to match all values and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. + By default, it is not set, which means + tolerate the taint forever (do not evict). + Zero and negative values will be treated + as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator + is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object certificateManagement: description: CertificateManagement configures pods to submit a CertificateSigningRequest to the certificates.k8s.io/v1beta1 @@ -5133,12 +15753,15 @@ spec: - type type: object componentResources: - description: ComponentResources can be used to customize the resource - requirements for each component. Node, Typha, and KubeControllers - are supported for installations. + description: Deprecated. Please use CalicoNodeDaemonSet, TyphaDeployment, + and KubeControllersDeployment. ComponentResources can be used + to customize the resource requirements for each component. Node, + Typha, and KubeControllers are supported for installations. items: - description: The ComponentResource struct associates a ResourceRequirements - with a component by name + description: Deprecated. Please use component resource config + fields in Installation.Spec instead. The ComponentResource + struct associates a ResourceRequirements with a component + by name properties: componentName: description: ComponentName is an enum which identifies the @@ -5238,6 +15861,14 @@ spec: type: string type: object type: array + fipsMode: + description: 'FIPSMode uses images and features only that are + using FIPS 140-2 validated cryptographic modules and standards. + Default: Disabled' + enum: + - Enabled + - Disabled + type: string flexVolumePath: description: FlexVolumePath optionally specifies a custom path for FlexVolume. If not specified, FlexVolume will be enabled @@ -5278,6 +15909,12 @@ spec: type: string type: object type: array + kubeletVolumePluginPath: + description: 'KubeletVolumePluginPath optionally specifies enablement + of Calico CSI plugin. If not specified, CSI will be enabled + by default. If set to ''None'', CSI will be disabled. Default: + /var/lib/kubelet' + type: string kubernetesProvider: description: KubernetesProvider specifies a particular provider of the Kubernetes platform and enables provider-specific configuration. @@ -5339,8 +15976,8 @@ spec: by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions - during disruption. This is an alpha field and requires - enabling DaemonSetUpdateSurge feature gate.' + during disruption. This is beta field and enabled/disabled + by DaemonSetUpdateSurge feature gate.' x-kubernetes-int-or-string: true maxUnavailable: anyOf: @@ -5351,10 +15988,10 @@ spec: absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding - down to a minimum of one. This cannot be 0 if MaxSurge - is 0 Default value is 1. Example: when this is set to - 30%, at most 30% of the total number of nodes that should - be running the daemon pod (i.e. status.desiredNumberScheduled) + up. This cannot be 0 if MaxSurge is 0 Default value + is 1. Example: when this is set to 30%, at most 30% + of the total number of nodes that should be running + the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods @@ -5385,7 +16022,8 @@ spec: the above format." type: string typhaAffinity: - description: TyphaAffinity allows configuration of node affinity + description: Deprecated. Please use Installation.Spec.TyphaDeployment + instead. TyphaAffinity allows configuration of node affinity characteristics for Typha pods. properties: nodeAffinity: @@ -5605,6 +16243,1403 @@ spec: type: object type: object type: object + typhaDeployment: + description: TyphaDeployment configures the typha Deployment. + If used in conjunction with the deprecated ComponentResources + or TyphaAffinity, then these overrides take precedence. + properties: + metadata: + description: Metadata is a subset of a Kubernetes object's + metadata that is added to the Deployment. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary non-identifying + metadata. Each of these key/value pairs are added to + the object's annotations provided the key does not already + exist in the object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and values + that may match replicaset and service selectors. Each + of these key/value pairs are added to the object's labels + provided the key does not already exist in the object's + labels. + type: object + type: object + spec: + description: Spec is the specification of the typha Deployment. + properties: + minReadySeconds: + description: MinReadySeconds is the minimum number of + seconds for which a newly created Deployment pod should + be ready without any of its container crashing, for + it to be considered available. If specified, this overrides + any minReadySeconds value that may be set on the typha + Deployment. If omitted, the typha Deployment will use + its default value for minReadySeconds. + format: int32 + maximum: 2147483647 + minimum: 0 + type: integer + template: + description: Template describes the typha Deployment pod + that will be created. + properties: + metadata: + description: Metadata is a subset of a Kubernetes + object's metadata that is added to the pod's metadata. + properties: + annotations: + additionalProperties: + type: string + description: Annotations is a map of arbitrary + non-identifying metadata. Each of these key/value + pairs are added to the object's annotations + provided the key does not already exist in the + object's annotations. + type: object + labels: + additionalProperties: + type: string + description: Labels is a map of string keys and + values that may match replicaset and service + selectors. Each of these key/value pairs are + added to the object's labels provided the key + does not already exist in the object's labels. + type: object + type: object + spec: + description: Spec is the typha Deployment's PodSpec. + properties: + affinity: + description: 'Affinity is a group of affinity + scheduling rules for the typha pods. If specified, + this overrides any affinity that may be set + on the typha Deployment. If omitted, the typha + Deployment will use its default value for affinity. + If used in conjunction with the deprecated TyphaAffinity, + then this value takes precedence. WARNING: Please + note that this field will override the default + calico-typha Deployment affinity.' + properties: + nodeAffinity: + description: Describes node affinity scheduling + rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node matches the corresponding + matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling + term matches all objects with implicit + weight 0 (i.e. it's a no-op). A null + preferred scheduling term matches + no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, + associated with the corresponding + weight. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with + matching the corresponding nodeSelectorTerm, + in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to an update), + the system may or may not try to eventually + evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node + selector terms. The terms are ORed. + items: + description: A null or empty node + selector term matches no objects. + The requirements of them are ANDed. + The TopologySelectorTerm type + implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node + selector requirements by node's + labels. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node + selector requirements by node's + fields. + items: + description: A node selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: The label + key that the selector + applies to. + type: string + operator: + description: Represents + a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array + of string values. If + the operator is In or + NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the + values array must be + empty. If the operator + is Gt or Lt, the values + array must have a single + element, which will + be interpreted as an + integer. This array + is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling + rules (e.g. co-locate this pod in the same + node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the affinity expressions specified by + this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling + rules (e.g. avoid putting this pod in the + same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer + to schedule pods to nodes that satisfy + the anti-affinity expressions specified + by this field, but it may choose a node + that violates one or more of the expressions. + The node that is most preferred is the + one with the greatest sum of weights, + i.e. for each node that meets all of + the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by + iterating through the elements of this + field and adding "weight" to the sum + if the node has pods which matches the + corresponding podAffinityTerm; the node(s) + with the highest sum are the most preferred. + items: + description: The weights of all of the + matched WeightedPodAffinityTerm fields + are added per-node to find the most + preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity + term, associated with the corresponding + weight. + properties: + labelSelector: + description: A label query over + a set of resources, in this + case pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that + the term applies to. The term + is applied to the union of + the namespaces selected by + this field and the ones listed + in the namespaces field. null + selector and null or empty + namespaces list means "this + pod's namespace". An empty + selector ({}) matches all + namespaces. This field is + beta-level and is only honored + when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, + a key, and an operator + that relates the key + and values. + properties: + key: + description: key is + the label key that + the selector applies + to. + type: string + operator: + description: operator + represents a key's + relationship to + a set of values. + Valid operators + are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values + is an array of string + values. If the operator + is In or NotIn, + the values array + must be non-empty. + If the operator + is Exists or DoesNotExist, + the values array + must be empty. This + array is replaced + during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels + is a map of {key,value} + pairs. A single {key,value} + in the matchLabels map + is equivalent to an element + of matchExpressions, whose + key field is "key", the + operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace + names that the term applies + to. The term is applied to + the union of the namespaces + listed in this field and the + ones selected by namespaceSelector. + null or empty namespaces list + and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should + be co-located (affinity) or + not co-located (anti-affinity) + with the pods matching the + labelSelector in the specified + namespaces, where co-located + is defined as running on a + node whose value of the label + with key topologyKey matches + that of any node on which + any of the selected pods is + running. Empty topologyKey + is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with + matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements + specified by this field are not met + at scheduling time, the pod will not + be scheduled onto the node. If the anti-affinity + requirements specified by this field + cease to be met at some point during + pod execution (e.g. due to a pod label + update), the system may or may not try + to eventually evict the pod from its + node. When there are multiple elements, + the lists of nodes corresponding to + each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely + those matching the labelSelector relative + to the given namespace(s)) that this + pod should be co-located (affinity) + or not co-located (anti-affinity) + with, where co-located is defined + as running on a node whose value of + the label with key matches + that of any node on which a pod of + the set of pods is running + properties: + labelSelector: + description: A label query over + a set of resources, in this case + pods. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over + the set of namespaces that the + term applies to. The term is applied + to the union of the namespaces + selected by this field and the + ones listed in the namespaces + field. null selector and null + or empty namespaces list means + "this pod's namespace". An empty + selector ({}) matches all namespaces. + This field is beta-level and is + only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a + key, and an operator that + relates the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator + represents a key's relationship + to a set of values. + Valid operators are + In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is + an array of string values. + If the operator is In + or NotIn, the values + array must be non-empty. + If the operator is Exists + or DoesNotExist, the + values array must be + empty. This array is + replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is + a map of {key,value} pairs. + A single {key,value} in the + matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", + the operator is "In", and + the values array contains + only "value". The requirements + are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies + a static list of namespace names + that the term applies to. The + term is applied to the union of + the namespaces listed in this + field and the ones selected by + namespaceSelector. null or empty + namespaces list and null namespaceSelector + means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be + co-located (affinity) or not co-located + (anti-affinity) with the pods + matching the labelSelector in + the specified namespaces, where + co-located is defined as running + on a node whose value of the label + with key topologyKey matches that + of any node on which any of the + selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: Containers is a list of typha containers. + If specified, this overrides the specified typha + Deployment containers. If omitted, the typha + Deployment will use its default values for its + containers. + items: + description: TyphaDeploymentContainer is a typha + Deployment container. + properties: + name: + description: Name is an enum which identifies + the typha Deployment container by name. + enum: + - calico-typha + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named typha Deployment + container's resources. If omitted, the + typha Deployment will use its default + value for this container's resources. + If used in conjunction with the deprecated + ComponentResources, then this value takes + precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + initContainers: + description: InitContainers is a list of typha + init containers. If specified, this overrides + the specified typha Deployment init containers. + If omitted, the typha Deployment will use its + default values for its init containers. + items: + description: TyphaDeploymentInitContainer is + a typha Deployment init container. + properties: + name: + description: Name is an enum which identifies + the typha Deployment init container by + name. + enum: + - typha-certs-key-cert-provisioner + type: string + resources: + description: Resources allows customization + of limits and requests for compute resources + such as cpu and memory. If specified, + this overrides the named typha Deployment + init container's resources. If omitted, + the typha Deployment will use its default + value for this init container's resources. + If used in conjunction with the deprecated + ComponentResources, then this value takes + precedence. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the + minimum amount of compute resources + required. If Requests is omitted for + a container, it defaults to Limits + if that is explicitly specified, otherwise + to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is the calico-typha + pod''s scheduling constraints. If specified, + each of the key/value pairs are added to the + calico-typha Deployment nodeSelector provided + the key does not already exist in the object''s + nodeSelector. If omitted, the calico-typha Deployment + will use its default value for nodeSelector. + WARNING: Please note that this field will modify + the default calico-typha Deployment nodeSelector.' + type: object + tolerations: + description: 'Tolerations is the typha pod''s + tolerations. If specified, this overrides any + tolerations that may be set on the typha Deployment. + If omitted, the typha Deployment will use its + default value for tolerations. WARNING: Please + note that this field will override the default + calico-typha Deployment tolerations.' + items: + description: The pod this Toleration is attached + to tolerates any taint that matches the triple + using the matching operator + . + properties: + effect: + description: Effect indicates the taint + effect to match. Empty means match all + taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule + and NoExecute. + type: string + key: + description: Key is the taint key that the + toleration applies to. Empty means match + all taint keys. If the key is empty, operator + must be Exists; this combination means + to match all values and all keys. + type: string + operator: + description: Operator represents a key's + relationship to the value. Valid operators + are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints + of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents + the period of time the toleration (which + must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. + By default, it is not set, which means + tolerate the taint forever (do not evict). + Zero and negative values will be treated + as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the + toleration matches to. If the operator + is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + type: object + type: object + type: object typhaMetricsPort: description: TyphaMetricsPort specifies which port calico/typha serves prometheus metrics on. By default, metrics are not enabled. @@ -5618,6 +17653,78 @@ spec: - TigeraSecureEnterprise type: string type: object + conditions: + description: Conditions represents the latest observed set of conditions + for the component. A component may be one or more of Ready, Progressing, + Degraded or other customer types. + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array imageSet: description: ImageSet is the name of the ImageSet being used, if there is an ImageSet that is being used. If an ImageSet is not being used @@ -5651,6 +17758,8 @@ status: --- # Source: crds/operator.tigera.io_tigerastatuses_crd.yaml + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -5724,6 +17833,14 @@ spec: description: Optionally, a detailed message providing additional context. type: string + observedGeneration: + description: observedGeneration represents the generation that + the condition was set based upon. For instance, if generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + type: integer reason: description: A brief reason explaining the condition. type: string @@ -5757,59 +17874,14 @@ status: storedVersions: [] --- -# Source: tigera-operator/templates/tigera-operator/02-podsecuritypolicy-tigera-operator.yaml -# This should not be rendered for an OpenShift install. -# OpenShift uses SecurityContextConstraints instead. -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: tigera-operator - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - - ALL - volumes: - - 'hostPath' - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - # Assume that persistentVolumes set up by the cluster admin are safe to use. - - 'persistentVolumeClaim' - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false ---- # Source: tigera-operator/templates/tigera-operator/02-serviceaccount-tigera-operator.yaml apiVersion: v1 kind: ServiceAccount metadata: name: tigera-operator namespace: tigera-operator +imagePullSecrets: + [] --- # Source: tigera-operator/templates/tigera-operator/02-role-tigera-operator.yaml # Permissions required when running the operator for a Calico cluster. @@ -5980,7 +18052,7 @@ rules: verbs: - list - watch - - create + - create - update # Needed for operator lock - apiGroups: @@ -5994,6 +18066,17 @@ rules: - update - delete - watch + - apiGroups: + - storage.k8s.io + resources: + - csidrivers + verbs: + - list + - watch + - update + - get + - create + - delete # Add the appropriate pod security policy permissions - apiGroups: - policy @@ -6021,6 +18104,7 @@ rules: - certificatesigningrequests verbs: - list + - watch --- # Source: tigera-operator/templates/tigera-operator/02-rolebinding-tigera-operator.yaml kind: ClusterRoleBinding @@ -6068,7 +18152,7 @@ spec: dnsPolicy: ClusterFirstWithHostNet containers: - name: tigera-operator - image: quay.io/tigera/operator:v1.27.12 + image: quay.io/tigera/operator:v1.29.0 imagePullPolicy: IfNotPresent command: - operator @@ -6086,7 +18170,7 @@ spec: - name: OPERATOR_NAME value: "tigera-operator" - name: TIGERA_OPERATOR_INIT_IMAGE_VERSION - value: v1.27.12 + value: v1.29.0 envFrom: - configMapRef: name: kubernetes-services-endpoint @@ -6095,4 +18179,3 @@ spec: - name: var-lib-calico hostPath: path: /var/lib/calico - diff --git a/ci/storageclass/local-path-bulk.yaml b/ci/storageclass/local-path-bulk.yaml new file mode 100644 index 00000000..39908e8b --- /dev/null +++ b/ci/storageclass/local-path-bulk.yaml @@ -0,0 +1,7 @@ +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: bulk +provisioner: rancher.io/local-path +reclaimPolicy: Delete +volumeBindingMode: WaitForFirstConsumer diff --git a/test-suite-lint.ct.yaml b/test-suite-lint.ct.yaml index a281f86c..17dc40f5 100644 --- a/test-suite-lint.ct.yaml +++ b/test-suite-lint.ct.yaml @@ -8,4 +8,4 @@ excluded-charts: - lagoon-logs-concentrator - lagoon-build-deploy - lagoon-gatekeeper -helm-extra-args: --timeout 10m +helm-extra-args: --timeout 20m diff --git a/test-suite-run.ct.yaml b/test-suite-run.ct.yaml index defb2526..a24596d3 100644 --- a/test-suite-run.ct.yaml +++ b/test-suite-run.ct.yaml @@ -6,4 +6,4 @@ namespace: lagoon # release-label is required when specifying namespace: # https://github.com/helm/chart-testing/blob/v3.1.1/pkg/config/config.go#L117 release-label: app.kubernetes.io/instance -helm-extra-args: --timeout 40m +helm-extra-args: --timeout 60m diff --git a/test-suite.kind-config.calico.yaml.tpl b/test-suite.kind-config.calico.yaml.tpl index 684658c4..d4869849 100644 --- a/test-suite.kind-config.calico.yaml.tpl +++ b/test-suite.kind-config.calico.yaml.tpl @@ -1,5 +1,6 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 +name: chart-testing networking: disableDefaultCNI: true podSubnet: 192.168.0.0/16 diff --git a/test-suite.kind-config.yaml.tpl b/test-suite.kind-config.yaml.tpl index 282156c4..da546684 100644 --- a/test-suite.kind-config.yaml.tpl +++ b/test-suite.kind-config.yaml.tpl @@ -1,5 +1,6 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 +name: chart-testing containerdConfigPatches: - |- [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.${KIND_NODE_IP}.nip.io:32443".tls]