diff --git a/README.md b/README.md index 91c70960fc6b..c42cad092999 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ Druid is designed for workflows where fast queries and ingest really matter. Dru ### Getting started -You can get started with Druid with our [local](https://druid.apache.org/docs/latest/tutorials/quickstart.html) or [Docker](http://druid.apache.org/docs/latest/tutorials/docker.html) quickstart. +You can get started with Druid with our [local](https://druid.apache.org/docs/latest/tutorials/quickstart.html) or [Docker](http://druid.apache.org/docs/latest/tutorials/docker.html) quickstart. For Kubernetes deployments, the [druid-operator](https://github.com/apache/druid-operator) is maintained in a separate repository. Druid provides a rich set of APIs (via HTTP and [JDBC](https://druid.apache.org/docs/latest/querying/sql.html#jdbc)) for loading, managing, and querying your data. You can also interact with Druid via the built-in [web console](https://druid.apache.org/docs/latest/operations/web-console.html) (shown below). diff --git a/druid-operator/.dockerignore b/druid-operator/.dockerignore deleted file mode 100644 index df1f0d33cbf2..000000000000 --- a/druid-operator/.dockerignore +++ /dev/null @@ -1,20 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- - -# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file -# Ignore build and test binaries. -bin/ -testbin/ diff --git a/druid-operator/.gitignore b/druid-operator/.gitignore deleted file mode 100644 index fac433609e9f..000000000000 --- a/druid-operator/.gitignore +++ /dev/null @@ -1,80 +0,0 @@ -# Temporary Build Files -build/_output -build/_test -bin -# Created by https://www.gitignore.io/api/go,vim,emacs,visualstudiocode -### Emacs ### -# -*- mode: gitignore; -*- -*~ -\#*\# -/.emacs.desktop -/.emacs.desktop.lock -*.elc -auto-save-list -tramp -.\#* -# Org-mode -.org-id-locations -*_archive -# flymake-mode -*_flymake.* -# eshell files -/eshell/history -/eshell/lastdir -# elpa packages -/elpa/ -# reftex files -*.rel -# AUCTeX auto folder -/auto/ -# cask packages -.cask/ -dist/ -# Flycheck -flycheck_*.el -# server auth directory -/server/ -# projectiles files -.projectile -projectile-bookmarks.eld -# directory configuration -.dir-locals.el -# saveplace -places -# url cache -url/cache/ -# cedet -ede-projects.el -# smex -smex-items -# company-statistics -company-statistics-cache.el -# anaconda-mode -anaconda-mode/ -### Go ### -# Binaries for programs and plugins -*.exe -*.exe~ -*.dll -*.so -*.dylib -# Test binary, build with 'go test -c' -*.test -# Output of the go coverage tool, specifically when used with LiteIDE -*.out -### Vim ### -# swap -.sw[a-p] -.*.sw[a-p] -# session -Session.vim -# temporary -.netrwhist -# auto-generated tag files -tags -### VisualStudioCode ### -.vscode/* -.history -.idea* -.idea/* -# End of https://www.gitignore.io/api/go,vim,emacs,visualstudiocode diff --git a/druid-operator/ADOPTERS.md b/druid-operator/ADOPTERS.md deleted file mode 100644 index b53fa3e5d986..000000000000 --- a/druid-operator/ADOPTERS.md +++ /dev/null @@ -1,32 +0,0 @@ - - -# Druid Operator Adopters - -This is a list of production adopters of Druid Operator: - -| Company | Industry | -| :--- |:----------------------------------| -|[Dailymotion](https://dailymotion.com/)| Video streaming, Adtech | -|[AppsFlyer](https://www.appsflyer.com/)| Mobile Marketing Software, Adtech | - -Open Source Solutions based on Druid Operator: -| Company | Industry | -| :--- |:----------------------------------| -|[AWS](https://github.com/aws-solutions/scalable-analytics-using-apache-druid-on-aws)| diff --git a/druid-operator/Dockerfile b/druid-operator/Dockerfile deleted file mode 100644 index 7e76b7fbade8..000000000000 --- a/druid-operator/Dockerfile +++ /dev/null @@ -1,51 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -#------------------------------------------------------------------------- -# Build the manager binary -FROM golang:1.21 as builder -ARG TARGETOS -ARG TARGETARCH - -WORKDIR /workspace -# Copy the Go Modules manifests -COPY go.mod go.mod -COPY go.sum go.sum -# cache deps before building and copying source so that we don't need to re-download as much -# and so that source changes don't invalidate our downloaded layer -RUN go mod download - -# Copy the go source -COPY main.go main.go -COPY apis/ apis/ -COPY controllers/ controllers/ -COPY pkg/ pkg/ - -# Build -# the GOARCH has not a default value to allow the binary be built according to the host where the command -# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO -# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, -# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. -RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager main.go - -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details -FROM gcr.io/distroless/static:nonroot -WORKDIR / -COPY --from=builder /workspace/manager . -USER 65532:65532 - -ENTRYPOINT ["/manager"] diff --git a/druid-operator/Makefile b/druid-operator/Makefile deleted file mode 100644 index 5fccbe50260c..000000000000 --- a/druid-operator/Makefile +++ /dev/null @@ -1,277 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- - -# IMG TAG -IMG_TAG ?= "latest" -TEST_IMG_TAG ?= "test" -# Image URL to use all building/pushing image targets -IMG ?= "datainfrahq/druid-operator" -# Local Image URL to be pushed to kind registery -IMG_KIND ?= "localhost:5001/druid-operator" -# NAMESPACE for druid operator e2e -NAMESPACE_DRUID_OPERATOR ?= "druid-operator-system" -# NAMESPACE for zk operator e2e -NAMESPACE_ZK_OPERATOR ?= "zk-operator" -# NAMESPACE for zk operator e2e -NAMESPACE_MINIO_OPERATOR ?= "minio-operator" -# MinIO version to install. Specific version is set to avoid breaking changes -# using latest version. This version is tested with the operator. -MINIO_VERSION ?= "6.0.4" -# NAMESPACE for druid app e2e -NAMESPACE_DRUID ?= "druid" - -# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.26.0 - -# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) -ifeq (,$(shell go env GOBIN)) -GOBIN=$(shell go env GOPATH)/bin -else -GOBIN=$(shell go env GOBIN) -endif - -# Setting SHELL to bash allows bash commands to be executed by recipes. -# Options are set to exit when a recipe line exits non-zero or a piped command fails. -SHELL = /usr/bin/env bash -o pipefail -.SHELLFLAGS = -ec - -.PHONY: all -all: build - -##@ General - -# The help target prints out all targets with their descriptions organized -# beneath their categories. The categories are represented by '##@' and the -# target descriptions by '##'. The awk commands is responsible for reading the -# entire set of makefiles included in this invocation, looking for lines of the -# file as xyz: ## something, and then pretty-format the target and help. Then, -# if there's a line with ##@ something, that gets pretty-printed as a category. -# More info on the usage of ANSI control characters for terminal formatting: -# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters -# More info on the awk command: -# http://linuxcommand.org/lc3_adv_awk.php - -.PHONY: help -help: ## Display this help. - @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) - -##@ Development - -.PHONY: kind -kind: ## Bootstrap Kind Locally - sh e2e/kind.sh - -.PHONY: manifests -manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) crd:generateEmbeddedObjectMeta=true rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases - $(CONTROLLER_GEN) crd:generateEmbeddedObjectMeta=true paths="./..." output:crd:artifacts:config=chart/crds/ - -.PHONY: generate -generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. - $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." - -.PHONY: fmt -fmt: ## Run go fmt against code. - go fmt ./... - -.PHONY: vet -vet: ## Run go vet against code. - go vet ./... - -##@ Test -.PHONY: test -test: manifests generate fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out - -.PHONY: e2e -e2e: ## Runs e2e tests - e2e/e2e.sh - -.PHONY: docker-build-local-test -docker-build-local-test: ## Build docker image with the manager for test on kind. - docker build -t ${IMG_KIND}:${TEST_IMG_TAG} -f e2e/Dockerfile-testpod . - -.PHONY: docker-push-local-test -docker-push-local-test: ## Push docker image with the manager to kind registry. - docker push ${IMG_KIND}:${TEST_IMG_TAG} - -.PHONY: deploy-testjob -deploy-testjob: ## Run a wikipedia test pod - kubectl create job wiki-test --image=${IMG_KIND}:${TEST_IMG_TAG} -- sh /wikipedia-test.sh - JOB_ID="wiki-test" bash e2e/monitor-task.sh - -.PHONY: deploy-testingestionjob -deploy-testingestionjob: ## wait for the druidIngestion to complete and then verify dataset - kubectl create job ingestion-test --image=${IMG_KIND}:${TEST_IMG_TAG} -- sh /druid-ingestion-test.sh ${TASK_ID} - JOB_ID="ingestion-test" bash e2e/monitor-task.sh - -.PHONY: helm-install-druid-operator -helm-install-druid-operator: ## Helm install to deploy the druid operator - helm upgrade --install \ - --namespace ${NAMESPACE_DRUID_OPERATOR} \ - --create-namespace \ - ${NAMESPACE_DRUID_OPERATOR} chart/ \ - --set image.repository=${IMG_KIND} \ - --set image.tag=${IMG_TAG} - -.PHONY: helm-minio-install -helm-minio-install: ## Helm deploy minio operator and minio - helm repo add minio https://operator.min.io/ - helm repo update minio - helm upgrade --install \ - --namespace ${NAMESPACE_MINIO_OPERATOR} \ - --create-namespace \ - ${NAMESPACE_MINIO_OPERATOR} minio/operator \ - --version ${MINIO_VERSION} \ - -f e2e/configs/minio-operator-override.yaml - helm upgrade --install \ - --namespace ${NAMESPACE_DRUID} \ - --version ${MINIO_VERSION} \ - --create-namespace \ - ${NAMESPACE_DRUID}-minio minio/tenant \ - -f e2e/configs/minio-tenant-override.yaml - -##@ Build - -.PHONY: build -build: manifests generate fmt vet ## Build manager binary. - go build -o bin/manager main.go - -.PHONY: run -run: manifests generate fmt vet ## Run a controller from your host. - go run ./main.go - -# If you wish built the manager image targeting other platforms you can use the --platform flag. -# (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it. -# More info: https://docs.docker.com/develop/develop-images/build_enhancements/ -.PHONY: docker-build -docker-build: test ## Build docker image with the manager. - docker build -t ${IMG}:${IMG_TAG} . - -.PHONY: docker-push -docker-push: ## Push docker image with the manager. - docker push ${IMG}:${IMG_TAG} - -.PHONY: docker-build-local -docker-build-local: ## Build docker image with the manager for kind registry. - docker build -t ${IMG_KIND}:${IMG_TAG} . - -.PHONY: docker-push-local -docker-push-local: ## Push docker image with the manager to kind registry. - docker push ${IMG_KIND}:${IMG_TAG} - -# PLATFORMS defines the target platforms for the manager image be build to provide support to multiple -# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: -# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ -# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/ -# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=> then the export will fail) -# To properly provided solutions that supports more than one platform you should use this option. -PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le -.PHONY: docker-buildx -docker-buildx: test ## Build and push docker image for the manager for cross-platform support - # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile - sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross - - docker buildx create --name project-v3-builder - docker buildx use project-v3-builder - - docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG}:${IMG_TAG} -f Dockerfile.cross . - - docker buildx rm project-v3-builder - rm Dockerfile.cross - -##@ Deployment - -ifndef ignore-not-found - ignore-not-found = false -endif - -.PHONY: install -install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/crd | kubectl apply --server-side -f - - -.PHONY: uninstall -uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. - $(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f - - -.PHONY: deploy -deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. - cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}:${IMG_TAG} - $(KUSTOMIZE) build config/default | kubectl apply --server-side -f - - -.PHONY: undeploy -undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. - $(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f - - -##@ Helm -.PHONY: helm-generate -helm-generate: ## Generate the Helm chart directory - $(KUSTOMIZE) build config/crd > chart/crds/druid.apache.org_druids.yaml - -.PHONY: helm-lint -helm-lint: ## Lint Helm chart. - helm lint ./chart - -.PHONY: helm-template -helm-template: ## Run Helm template. - helm -n druid-operator-system template --create-namespace ${NAMESPACE_DRUID_OPERATOR} ./chart --debug - -##@ Documentation - -.PHONY: api-docs -api-docs: gen-crd-api-reference-docs ## Generate API reference documentation - $(GEN_CRD_API_REFERENCE_DOCS) -api-dir=./apis/druid/v1alpha1 -config=./hack/api-docs/config.json -template-dir=./hack/api-docs/template -out-file=./docs/api_specifications/druid.md - -##@ Build Dependencies - -## Location to install dependencies to -LOCALBIN ?= $(shell pwd)/bin -$(LOCALBIN): - mkdir -p $(LOCALBIN) - -## Tool Binaries -KUSTOMIZE ?= $(LOCALBIN)/kustomize -CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen -GEN_CRD_API_REFERENCE_DOCS = $(LOCALBIN)/gen-crd-api-reference-docs -ENVTEST ?= $(LOCALBIN)/setup-envtest - -## Tool Versions -KUSTOMIZE_VERSION ?= v3.8.7 -CONTROLLER_TOOLS_VERSION ?= v0.14.0 -GEN_CRD_API_REF_VERSION ?= v0.3.0 - -KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" -.PHONY: kustomize -kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading. -$(KUSTOMIZE): $(LOCALBIN) - @if test -x $(LOCALBIN)/kustomize && ! $(LOCALBIN)/kustomize version | grep -q $(KUSTOMIZE_VERSION); then \ - echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ - rm -rf $(LOCALBIN)/kustomize; \ - fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } - -.PHONY: controller-gen -controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. -$(CONTROLLER_GEN): $(LOCALBIN) - test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \ - GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION) - -.PHONY: envtest -envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. -$(ENVTEST): $(LOCALBIN) - test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest - -.PHONY: gen-crd-api-reference-docs -gen-crd-api-reference-docs: $(GEN_CRD_API_REFERENCE_DOCS) -$(GEN_CRD_API_REFERENCE_DOCS): $(LOCALBIN) - GOBIN=$(LOCALBIN) go install github.com/ahmetb/gen-crd-api-reference-docs@$(GEN_CRD_API_REF_VERSION) diff --git a/druid-operator/PROJECT b/druid-operator/PROJECT deleted file mode 100644 index 5e1e782ca565..000000000000 --- a/druid-operator/PROJECT +++ /dev/null @@ -1,46 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- - -# Code generated by tool. DO NOT EDIT. -# This file is used to track the info used to scaffold your project -# and allow the plugins properly work. -# More info: https://book.kubebuilder.io/reference/project-config.html -domain: apache.org -layout: -- go.kubebuilder.io/v3 -multigroup: true -projectName: druid-operator -repo: github.com/datainfrahq/druid-operator -resources: -- api: - crdVersion: v1 - namespaced: true - controller: true - domain: apache.org - group: druid - kind: Druid - path: github.com/datainfrahq/druid-operator/apis/druid/v1alpha1 - version: v1alpha1 -- api: - crdVersion: v1 - namespaced: true - controller: true - domain: apache.org - group: druid - kind: DruidIngestion - path: github.com/datainfrahq/druid-operator/apis/druid/v1alpha1 - version: v1alpha1 -version: "3" diff --git a/druid-operator/README.md b/druid-operator/README.md deleted file mode 100644 index 0b6253022b5d..000000000000 --- a/druid-operator/README.md +++ /dev/null @@ -1,72 +0,0 @@ - - -

-
- Kubernetes Operator For Apache Druid -

- -
- -
- -- Druid Operator provisions and manages [Apache Druid](https://druid.apache.org/) cluster on kubernetes. -- Druid Operator is designed to provision and manage [Apache Druid](https://druid.apache.org/) in distributed mode only. -- It is built in Golang using [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder). -- Refer to [Documentation](./docs/README.md) for getting started. - -### Newsletter - Monthly updates on running druid on kubernetes. -- [Apache Druid on Kubernetes](https://druidonk8s.substack.com/) - -### Talks and Blogs on Druid Operator - -- [Druid Summit 2023](https://druidsummit.org/agenda?agendaPath=session/1256850) -- [Dok Community](https://www.youtube.com/live/X4A3lWJRGHk?feature=share) -- [Druid Summit](https://youtu.be/UqPrttXRBDg) -- [Druid Operator Blog](https://www.cloudnatively.com/apache-druid-on-kubernetes/) -- [Druid On K8s Without ZK](https://youtu.be/TRYOvkz5Wuw) -- [Building Apache Druid on Kubernetes: How Dailymotion Serves Partner Data](https://youtu.be/FYFq-tGJOQk) - -### Supported CR's - -- The operator supports CR's of type ```Druid``` and ```DruidIngestion```. -- ```Druid``` and ```DruidIngestion``` CR belongs to api Group ```druid.apache.org``` and version ```v1alpha1``` - -### Druid Operator Architecture - -![Druid Operator](docs/images/druid-operator.png?raw=true "Druid Operator") - -### Notifications - -- The project moved to Kubebuilder v3 which requires a [manual change](docs/kubebuilder_v3_migration.md) in the operator. -- Users are encourage to use operator version 0.0.9+. -- The operator has moved from HPA apiVersion autoscaling/v2beta1 to autoscaling/v2 API users will need to update there HPA Specs according v2 api in order to work with the latest druid-operator release. -- druid-operator has moved Ingress apiVersion networking/v1beta1 to networking/v1. Users will need to update there Ingress Spec in the druid CR according networking/v1 syntax. In case users are using schema validated CRD, the CRD will also be needed to be updated. -- The v1.0.0 release for druid-operator is compatible with k8s version 1.25. HPA API is kept to version v2beta2. -- Release v1.2.2 had a bug for namespace scoped operator deployments, this is fixed in 1.2.3. - -### Kubernetes version compatibility - -| druid-operator | 0.0.9 | v1.0.0 | v1.1.0 | v1.2.2 | v1.2.3 | v1.2.4 | v1.2.5 | v1.3.0 | -| :------------- | :-------------: | :-----: | :---: | :---: | :---: | :---: | :---: | :---: | -| kubernetes <= 1.20 | :x:| :x: | :x: | :x: | :x: | :x: | :x: | :x: | -| kubernetes == 1.21 | :white_check_mark:| :x: | :x: | :x: | :x: | :x: | :x: | :x: | -| kubernetes >= 1.22 and <= 1.25 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | -| kubernetes > 1.25 and <= 1.33.1 | :x: | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | - diff --git a/druid-operator/apis/druid/v1alpha1/doc.go b/druid-operator/apis/druid/v1alpha1/doc.go deleted file mode 100644 index 2d7b7b006623..000000000000 --- a/druid-operator/apis/druid/v1alpha1/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -// +kubebuilder:object:generate=true -// +groupName=druid.apache.org -package v1alpha1 diff --git a/druid-operator/apis/druid/v1alpha1/druid_types.go b/druid-operator/apis/druid/v1alpha1/druid_types.go deleted file mode 100644 index bb62d6941f9e..000000000000 --- a/druid-operator/apis/druid/v1alpha1/druid_types.go +++ /dev/null @@ -1,612 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package v1alpha1 - -import ( - "encoding/json" - - druidapi "github.com/datainfrahq/druid-operator/pkg/druidapi" - appsv1 "k8s.io/api/apps/v1" - autoscalev2 "k8s.io/api/autoscaling/v2" - v1 "k8s.io/api/core/v1" - networkingv1 "k8s.io/api/networking/v1" - policyv1 "k8s.io/api/policy/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// druid-operator deploys a druid cluster from given spec below, based on the spec it would create following -// k8s resources -// - one ConfigMap containing common.runtime.properties -// - for each item in the "nodes" field in spec -// - one StatefulSet that manages one or more Druid pods with same config -// - one ConfigMap containing runtime.properties, jvm.config, log4j.xml contents to be used by above Pods -// - zero or more Headless/ClusterIP/LoadBalancer etc Service resources backed by above Pods -// - optional PodDisruptionBudget resource for the StatefulSet -// - -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -// AdditionalContainer defines additional sidecar containers to be deployed with the `Druid` pods. -// (will be part of Kubernetes native in the future: -// https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/753-sidecar-containers/README.md#summary). -type AdditionalContainer struct { - // RunAsInit indicate whether this should be an init container. - // +optional - RunAsInit bool `json:"runAsInit"` - - // Image Image of the additional container. - // +required - Image string `json:"image"` - - // ContainerName name of the additional container. - // +required - ContainerName string `json:"containerName"` - - // Command command for the additional container. - // +required - Command []string `json:"command"` - - // ImagePullPolicy If not present, will be taken from top level spec. - // +optional - ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` - - // Args Arguments to call the command. - // +optional - Args []string `json:"args,omitempty"` - - // ContainerSecurityContext If not present, will be taken from top level pod. - // +optional - ContainerSecurityContext *v1.SecurityContext `json:"securityContext,omitempty"` - - // Resources Kubernetes Native `resources` specification. - // +optional - Resources v1.ResourceRequirements `json:"resources,omitempty"` - - // VolumeMounts Kubernetes Native `VolumeMount` specification. - // +optional - VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"` - - // Env Environment variables for the additional container. - // +optional - Env []v1.EnvVar `json:"env,omitempty"` - - // EnvFrom Extra environment variables from remote source (ConfigMaps, Secrets...). - // +optional - EnvFrom []v1.EnvFromSource `json:"envFrom,omitempty"` -} - -// DruidSpec defines the desired state of the Druid cluster. -type DruidSpec struct { - - // Ignored is now deprecated API. In order to avoid reconciliation of objects use the - // `druid.apache.org/ignored: "true"` annotation. - // +optional - // +kubebuilder:default:=false - Ignored bool `json:"ignored,omitempty"` - - // CommonRuntimeProperties Content fo the `common.runtime.properties` configuration file. - // +required - CommonRuntimeProperties string `json:"common.runtime.properties"` - - // ExtraCommonConfig References to ConfigMaps holding more configuration files to mount to the - // common configuration path. - // +optional - ExtraCommonConfig []*v1.ObjectReference `json:"extraCommonConfig"` - - // ForceDeleteStsPodOnError Delete the StatefulSet's pods if the StatefulSet is set to ordered ready. - // issue: https://github.com/kubernetes/kubernetes/issues/67250 - // doc: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#forced-rollback - // +optional - // +kubebuilder:default:=true - ForceDeleteStsPodOnError bool `json:"forceDeleteStsPodOnError,omitempty"` - - // ScalePvcSts When enabled, operator will allow volume expansion of StatefulSet's PVCs. - // +optional - // +kubebuilder:default:=false - ScalePvcSts bool `json:"scalePvcSts,omitempty"` - - // CommonConfigMountPath In-container directory to mount the Druid common configuration - // +optional - // +kubebuilder:default:="/opt/druid/conf/druid/cluster/_common" - CommonConfigMountPath string `json:"commonConfigMountPath"` - - // DisablePVCDeletionFinalizer Whether PVCs shall be deleted on the deletion of the Druid cluster. - // +optional - // +kubebuilder:default:=false - DisablePVCDeletionFinalizer bool `json:"disablePVCDeletionFinalizer,omitempty"` - - // DeleteOrphanPvc Orphaned (unmounted PVCs) shall be cleaned up by the operator. - // +optional - // +kubebuilder:default:=true - DeleteOrphanPvc bool `json:"deleteOrphanPvc"` - - // StartScript Path to Druid's start script to be run on start. - // +optional - // +kubebuilder:default:="/druid.sh" - StartScript string `json:"startScript"` - - // Image Required here or at the NodeSpec level. - // +optional - Image string `json:"image,omitempty"` - - // ServiceAccount - // +optional - ServiceAccount string `json:"serviceAccount,omitempty"` - - // ImagePullSecrets - // +optional - ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` - - // ImagePullPolicy - // +optional - // +kubebuilder:default:="IfNotPresent" - ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` - - // Env Environment variables for druid containers. - // +optional - Env []v1.EnvVar `json:"env,omitempty"` - - // EnvFrom Extra environment variables from remote source (ConfigMaps, Secrets...). - // +optional - EnvFrom []v1.EnvFromSource `json:"envFrom,omitempty"` - - // JvmOptions Contents of the shared `jvm.options` configuration file for druid JVM processes. - // +optional - JvmOptions string `json:"jvm.options,omitempty"` - - // Log4jConfig contents `log4j.config` configuration file. - // +optional - Log4jConfig string `json:"log4j.config,omitempty"` - - // PodSecurityContext - // +optional - PodSecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` - - // ContainerSecurityContext - // +optional - ContainerSecurityContext *v1.SecurityContext `json:"containerSecurityContext,omitempty"` - - // VolumeClaimTemplates Kubernetes Native `VolumeClaimTemplate` specification. - // +optional - VolumeClaimTemplates []v1.PersistentVolumeClaim `json:"volumeClaimTemplates,omitempty"` - - // VolumeMounts Kubernetes Native `VolumeMount` specification. - // +optional - VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"` - - // Volumes Kubernetes Native `Volumes` specification. - // +optional - Volumes []v1.Volume `json:"volumes,omitempty"` - - // PodAnnotations Custom annotations to be populated in `Druid` pods. - // +optional - PodAnnotations map[string]string `json:"podAnnotations,omitempty"` - - // WorkloadAnnotations annotations to be populated in StatefulSet or Deployment spec. - // if the same key is specified at both the DruidNodeSpec level and DruidSpec level, the DruidNodeSpec WorkloadAnnotations will take precedence. - // +optional - WorkloadAnnotations map[string]string `json:"workloadAnnotations,omitempty"` - - // PodManagementPolicy - // +optional - // +kubebuilder:default:="Parallel" - PodManagementPolicy appsv1.PodManagementPolicyType `json:"podManagementPolicy,omitempty"` - - // PodLabels Custom labels to be populated in `Druid` pods. - // +optional - PodLabels map[string]string `json:"podLabels,omitempty"` - - // PriorityClassName Kubernetes native `priorityClassName` specification. - // +optional - PriorityClassName string `json:"priorityClassName,omitempty"` - - // UpdateStrategy - // +optional - UpdateStrategy *appsv1.StatefulSetUpdateStrategy `json:"updateStrategy,omitempty"` - - // LivenessProbe - // Port is set to `druid.port` if not specified with httpGet handler. - // +optional - LivenessProbe *v1.Probe `json:"livenessProbe,omitempty"` - - // ReadinessProbe - // Port is set to `druid.port` if not specified with httpGet handler. - // +optional - ReadinessProbe *v1.Probe `json:"readinessProbe,omitempty"` - - // StartUpProbe - // +optional - StartUpProbe *v1.Probe `json:"startUpProbe,omitempty"` - - // Services Kubernetes services to be created for each workload. - // +optional - Services []v1.Service `json:"services,omitempty"` - - // NodeSelector Kubernetes native `nodeSelector` specification. - // +optional - NodeSelector map[string]string `json:"nodeSelector,omitempty"` - - // Tolerations Kubernetes native `tolerations` specification. - // +optional - Tolerations []v1.Toleration `json:"tolerations,omitempty"` - - // Affinity Kubernetes native `affinity` specification. - // +optional - Affinity *v1.Affinity `json:"affinity,omitempty"` - - // Nodes a list of `Druid` Node types and their configurations. - // `DruidSpec` is used to create Kubernetes workload specs. Many of the fields above can be overridden at the specific - // `NodeSpec` level. - // +required - Nodes map[string]DruidNodeSpec `json:"nodes"` - - // AdditionalContainer defines additional sidecar containers to be deployed with the `Druid` pods. - // +optional - AdditionalContainer []AdditionalContainer `json:"additionalContainer,omitempty"` - - // RollingDeploy Whether to deploy the components in a rolling update as described in the documentation: - // https://druid.apache.org/docs/latest/operations/rolling-updates.html - // If set to true then operator checks the rollout status of previous version workloads before updating the next. - // This will be done only for update actions. - // +optional - // +kubebuilder:default:=true - RollingDeploy bool `json:"rollingDeploy"` - - // DefaultProbes If set to true this will add default probes (liveness / readiness / startup) for all druid components - // but it won't override existing probes - // +optional - // +kubebuilder:default:=true - DefaultProbes bool `json:"defaultProbes"` - - // Zookeeper IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator. - // +optional - Zookeeper *ZookeeperSpec `json:"zookeeper,omitempty"` - - // MetadataStore IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator. - // +optional - MetadataStore *MetadataStoreSpec `json:"metadataStore,omitempty"` - - // DeepStorage IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator. - // +optional - DeepStorage *DeepStorageSpec `json:"deepStorage,omitempty"` - - // DimensionsMapPath Custom Dimension Map Path for statsd emitter. - // stastd documentation is described in the following documentation: - // https://druid.apache.org/docs/latest/development/extensions-contrib/statsd.html - // +optional - DimensionsMapPath string `json:"metricDimensions.json,omitempty"` - - // HdfsSite Contents of `hdfs-site.xml`. - // +optional - HdfsSite string `json:"hdfs-site.xml,omitempty"` - - // CoreSite Contents of `core-site.xml`. - // +optional - CoreSite string `json:"core-site.xml,omitempty"` - - // Dynamic Configurations for Druid. Applied through the dynamic configuration API. - // +optional - DynamicConfig runtime.RawExtension `json:"dynamicConfig,omitempty"` - - // +optional - Auth druidapi.Auth `json:"auth,omitempty"` - - // See v1.DNSPolicy for more details. - // +optional - DNSPolicy v1.DNSPolicy `json:"dnsPolicy,omitempty" protobuf:"bytes,6,opt,name=dnsPolicy,casttype=DNSPolicy"` - - // See v1.PodDNSConfig for more details. - // +optional - DNSConfig *v1.PodDNSConfig `json:"dnsConfig,omitempty" protobuf:"bytes,26,opt,name=dnsConfig"` -} - -// DruidNodeSpec Specification of `Druid` Node type and its configurations. -// The key in following map can be arbitrary string that helps you identify resources for a specific nodeSpec. -// It is used in the Kubernetes resources' names, so it must be compliant with restrictions -// placed on Kubernetes resource names: -// https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ -type DruidNodeSpec struct { - // NodeDruid `Druid` node type. - // +required - // +kubebuilder:validation:Enum:=historical;overlord;middleManager;indexer;broker;coordinator;router - NodeType string `json:"nodeType"` - - // DruidPort Used by the `Druid` process. - // +required - DruidPort int32 `json:"druid.port"` - - // Kind Can be StatefulSet or Deployment. - // Note: volumeClaimTemplates are ignored when kind=Deployment - // +optional - // +kubebuilder:default:="StatefulSet" - Kind string `json:"kind,omitempty"` - - // Replicas replica of the workload - // +optional - // +kubebuilder:validation:Minimum=0 - Replicas int32 `json:"replicas"` - - // PodLabels Custom labels to be populated in the workload's pods. - // +optional - PodLabels map[string]string `json:"podLabels,omitempty"` - - // PodDisruptionBudgetSpec Kubernetes native `podDisruptionBudget` specification. - // +optional - PodDisruptionBudgetSpec *policyv1.PodDisruptionBudgetSpec `json:"podDisruptionBudgetSpec,omitempty"` - - // PriorityClassName Kubernetes native `priorityClassName` specification. - // +optional - PriorityClassName string `json:"priorityClassName,omitempty"` - - // RuntimeProperties Additional runtime configuration for the specific workload. - // +required - RuntimeProperties string `json:"runtime.properties"` - - // JvmOptions overrides `JvmOptions` at top level. - // +optional - JvmOptions string `json:"jvm.options,omitempty"` - - // ExtraJvmOptions Appends extra jvm options to the `JvmOptions` field. - // +optional - ExtraJvmOptions string `json:"extra.jvm.options,omitempty"` - - // Log4jConfig Overrides `Log4jConfig` at top level. - // +optional - Log4jConfig string `json:"log4j.config,omitempty"` - - // NodeConfigMountPath in-container directory to mount with runtime.properties, jvm.config, log4j2.xml files. - // +required - NodeConfigMountPath string `json:"nodeConfigMountPath"` - - // Services Overrides services at top level. - // +optional - Services []v1.Service `json:"services,omitempty"` - - // Tolerations Kubernetes native `tolerations` specification. - // +optional - Tolerations []v1.Toleration `json:"tolerations,omitempty"` - - // Affinity Kubernetes native `affinity` specification. - // +optional - Affinity *v1.Affinity `json:"affinity,omitempty"` - - // NodeSelector Kubernetes native `nodeSelector` specification. - // +optional - NodeSelector map[string]string `json:"nodeSelector,omitempty"` - - // TerminationGracePeriodSeconds - // +optional - TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"` - - // Ports Extra ports to be added to pod spec. - // +optional - Ports []v1.ContainerPort `json:"ports,omitempty"` - - // Image Overrides image from top level, Required if no image specified at top level. - // +optional - Image string `json:"image,omitempty"` - - // ImagePullSecrets Overrides `imagePullSecrets` from top level. - // +optional - ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"` - - // ImagePullPolicy Overrides `imagePullPolicy` from top level. - // +optional - ImagePullPolicy v1.PullPolicy `json:"imagePullPolicy,omitempty"` - - // Env Environment variables for druid containers. - // +optional - Env []v1.EnvVar `json:"env,omitempty"` - - // EnvFrom Extra environment variables from remote source (ConfigMaps, Secrets...). - // +optional - EnvFrom []v1.EnvFromSource `json:"envFrom,omitempty"` - - // Resources Kubernetes Native `resources` specification. - // +optional - Resources v1.ResourceRequirements `json:"resources,omitempty"` - - // PodSecurityContext Overrides `securityContext` at top level. - // +optional - PodSecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"` - - // ContainerSecurityContext - // +optional - ContainerSecurityContext *v1.SecurityContext `json:"containerSecurityContext,omitempty"` - - // PodAnnotations Custom annotation to be populated in the workload's pods. - // +optional - PodAnnotations map[string]string `json:"podAnnotations,omitempty"` - - // PodManagementPolicy - // +optional - // +kubebuilder:default:="Parallel" - PodManagementPolicy appsv1.PodManagementPolicyType `json:"podManagementPolicy,omitempty"` - - // MaxSurge For Deployment object only. - // Set to 25% by default. - // +optional - MaxSurge *int32 `json:"maxSurge,omitempty"` - - // MaxUnavailable For deployment object only. - // Set to 25% by default - // +optional - MaxUnavailable *int32 `json:"maxUnavailable,omitempty"` - - // UpdateStrategy - // +optional - UpdateStrategy *appsv1.StatefulSetUpdateStrategy `json:"updateStrategy,omitempty"` - - // LivenessProbe - // Port is set to `druid.port` if not specified with httpGet handler. - // +optional - LivenessProbe *v1.Probe `json:"livenessProbe,omitempty"` - - // ReadinessProbe - // Port is set to `druid.port` if not specified with httpGet handler. - // +optional - ReadinessProbe *v1.Probe `json:"readinessProbe,omitempty"` - - // StartUpProbe - // +optional - StartUpProbe *v1.Probe `json:"startUpProbe,omitempty"` - - // IngressAnnotations `Ingress` annotations to be populated in ingress spec. - // +optional - IngressAnnotations map[string]string `json:"ingressAnnotations,omitempty"` - - // WorkloadAnnotations annotations to be populated in StatefulSet or Deployment spec. - // +optional - WorkloadAnnotations map[string]string `json:"workloadAnnotations,omitempty"` - - // Ingress Kubernetes Native `Ingress` specification. - // +optional - Ingress *networkingv1.IngressSpec `json:"ingress,omitempty"` - - // VolumeClaimTemplates Kubernetes Native `VolumeClaimTemplate` specification. - // +optional - PersistentVolumeClaim []v1.PersistentVolumeClaim `json:"persistentVolumeClaim,omitempty"` - - // Lifecycle - // +optional - Lifecycle *v1.Lifecycle `json:"lifecycle,omitempty"` - - // HPAutoScaler Kubernetes Native `HorizontalPodAutoscaler` specification. - // +optional - HPAutoScaler *autoscalev2.HorizontalPodAutoscalerSpec `json:"hpAutoscaler,omitempty"` - - // TopologySpreadConstraints Kubernetes Native `topologySpreadConstraints` specification. - // +optional - TopologySpreadConstraints []v1.TopologySpreadConstraint `json:"topologySpreadConstraints,omitempty"` - - // VolumeClaimTemplates Kubernetes Native `volumeClaimTemplates` specification. - // +optional - VolumeClaimTemplates []v1.PersistentVolumeClaim `json:"volumeClaimTemplates,omitempty"` - - // VolumeMounts Kubernetes Native `volumeMounts` specification. - // +optional - VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"` - - // Volumes Kubernetes Native `volumes` specification. - // +optional - Volumes []v1.Volume `json:"volumes,omitempty"` - - // Operator deploys the sidecar container based on these properties. - // +optional - AdditionalContainer []AdditionalContainer `json:"additionalContainer,omitempty"` - - // ServiceAccountName Kubernetes native `serviceAccountName` specification. - // +optional - ServiceAccountName string `json:"serviceAccountName,omitempty"` - - // Dynamic Configurations for Druid. Applied through the dynamic configuration API. - // +optional - DynamicConfig runtime.RawExtension `json:"dynamicConfig,omitempty"` - - // See v1.DNSPolicy for more details. - // +optional - DNSPolicy v1.DNSPolicy `json:"dnsPolicy,omitempty" protobuf:"bytes,6,opt,name=dnsPolicy,casttype=DNSPolicy"` - - // See v1.PodDNSConfig for more details. - // +optional - DNSConfig *v1.PodDNSConfig `json:"dnsConfig,omitempty" protobuf:"bytes,26,opt,name=dnsConfig"` -} - -// ZookeeperSpec IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator. -type ZookeeperSpec struct { - Type string `json:"type"` - Spec json.RawMessage `json:"spec"` -} - -// MetadataStoreSpec IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator. -type MetadataStoreSpec struct { - Type string `json:"type"` - Spec json.RawMessage `json:"spec"` -} - -// DeepStorageSpec IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator. -type DeepStorageSpec struct { - Type string `json:"type"` - Spec json.RawMessage `json:"spec"` -} - -// These are valid conditions of a druid Node. -const ( - // DruidClusterReady indicates the underlying druid objects is fully deployed. - // Underlying pods are able to handle requests. - DruidClusterReady DruidNodeConditionType = "DruidClusterReady" - - // DruidNodeRollingUpdate means that Druid Node is rolling update. - DruidNodeRollingUpdate DruidNodeConditionType = "DruidNodeRollingUpdate" - - // DruidNodeErrorState indicates the DruidNode is in an error state. - DruidNodeErrorState DruidNodeConditionType = "DruidNodeErrorState" -) - -type DruidNodeConditionType string - -type DruidNodeTypeStatus struct { - DruidNode string `json:"druidNode,omitempty"` - DruidNodeConditionStatus v1.ConditionStatus `json:"druidNodeConditionStatus,omitempty"` - DruidNodeConditionType DruidNodeConditionType `json:"druidNodeConditionType,omitempty"` - Reason string `json:"reason,omitempty"` -} - -// DruidClusterStatus Defines the observed state of Druid. -type DruidClusterStatus struct { - // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - // Important: Run "make" to regenerate code after modifying this file - DruidNodeStatus DruidNodeTypeStatus `json:"druidNodeStatus,omitempty"` - StatefulSets []string `json:"statefulSets,omitempty"` - Deployments []string `json:"deployments,omitempty"` - Services []string `json:"services,omitempty"` - ConfigMaps []string `json:"configMaps,omitempty"` - PodDisruptionBudgets []string `json:"podDisruptionBudgets,omitempty"` - Ingress []string `json:"ingress,omitempty"` - HPAutoScalers []string `json:"hpAutoscalers,omitempty"` - Pods []string `json:"pods,omitempty"` - PersistentVolumeClaims []string `json:"persistentVolumeClaims,omitempty"` -} - -// Druid is the Schema for the druids API. -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -type Druid struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec DruidSpec `json:"spec"` - Status DruidClusterStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// DruidList contains a list of Druid -type DruidList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []Druid `json:"items"` -} - -func init() { - SchemeBuilder.Register(&Druid{}, &DruidList{}) -} diff --git a/druid-operator/apis/druid/v1alpha1/druidingestion_types.go b/druid-operator/apis/druid/v1alpha1/druidingestion_types.go deleted file mode 100644 index 82b92aacfc64..000000000000 --- a/druid-operator/apis/druid/v1alpha1/druidingestion_types.go +++ /dev/null @@ -1,105 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package v1alpha1 - -import ( - druidapi "github.com/datainfrahq/druid-operator/pkg/druidapi" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -type DruidIngestionMethod string - -const ( - Kafka DruidIngestionMethod = "kafka" - Kinesis DruidIngestionMethod = "kinesis" - NativeBatchIndexParallel DruidIngestionMethod = "native-batch" - QueryControllerSQL DruidIngestionMethod = "sql" - HadoopIndexHadoop DruidIngestionMethod = "index-hadoop" -) - -type DruidIngestionSpec struct { - // +optional - Suspend bool `json:"suspend"` - // +required - DruidClusterName string `json:"druidCluster"` - // +required - Ingestion IngestionSpec `json:"ingestion"` - // +optional - Auth druidapi.Auth `json:"auth"` -} - -type IngestionSpec struct { - // +required - Type DruidIngestionMethod `json:"type"` - // +optional - // Spec should be passed in as a JSON string. - // Note: This field is planned for deprecation in favor of nativeSpec. - Spec string `json:"spec,omitempty"` - // +optional - // nativeSpec allows the ingestion specification to be defined in a native Kubernetes format. - // This is particularly useful for environment-specific configurations and will eventually - // replace the JSON-based Spec field. - // Note: Spec will be ignored if nativeSpec is provided. - NativeSpec runtime.RawExtension `json:"nativeSpec,omitempty"` - // +optional - Compaction runtime.RawExtension `json:"compaction,omitempty"` - // +optional - Rules []runtime.RawExtension `json:"rules,omitempty"` -} - -type DruidIngestionStatus struct { - TaskId string `json:"taskId"` - Type string `json:"type,omitempty"` - Status v1.ConditionStatus `json:"status,omitempty"` - Reason string `json:"reason,omitempty"` - Message string `json:"message,omitempty"` - LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty"` - // CurrentIngestionSpec is a string instead of RawExtension to maintain compatibility with existing - // IngestionSpecs that are stored as JSON strings. - CurrentIngestionSpec string `json:"currentIngestionSpec.json"` - CurrentRules []runtime.RawExtension `json:"rules,omitempty"` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:printcolumn:name="Type",type="string",JSONPath=".spec.ingestionSpec.type" -// Ingestion is the Schema for the Ingestion API -type DruidIngestion struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec DruidIngestionSpec `json:"spec"` - Status DruidIngestionStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true -// IngestionList contains a list of Ingestion -type DruidIngestionList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []DruidIngestion `json:"items"` -} - -func init() { - SchemeBuilder.Register(&DruidIngestion{}, &DruidIngestionList{}) -} diff --git a/druid-operator/apis/druid/v1alpha1/groupversion_info.go b/druid-operator/apis/druid/v1alpha1/groupversion_info.go deleted file mode 100644 index ff4554893f77..000000000000 --- a/druid-operator/apis/druid/v1alpha1/groupversion_info.go +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -// Package v1alpha1 contains API Schema definitions for the druid v1alpha1 API group -// +kubebuilder:object:generate=true -// +groupName=druid.apache.org -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/controller-runtime/pkg/scheme" -) - -var ( - // GroupVersion is group version used to register these objects - GroupVersion = schema.GroupVersion{Group: "druid.apache.org", Version: "v1alpha1"} - - // SchemeBuilder is used to add go types to the GroupVersionKind scheme - SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} - - // AddToScheme adds the types in this group-version to the given scheme. - AddToScheme = SchemeBuilder.AddToScheme -) diff --git a/druid-operator/apis/druid/v1alpha1/zz_generated.deepcopy.go b/druid-operator/apis/druid/v1alpha1/zz_generated.deepcopy.go deleted file mode 100644 index 8dff886e81ef..000000000000 --- a/druid-operator/apis/druid/v1alpha1/zz_generated.deepcopy.go +++ /dev/null @@ -1,790 +0,0 @@ -//go:build !ignore_autogenerated - -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -// Code generated by controller-gen. DO NOT EDIT. - -package v1alpha1 - -import ( - "encoding/json" - appsv1 "k8s.io/api/apps/v1" - "k8s.io/api/autoscaling/v2" - "k8s.io/api/core/v1" - networkingv1 "k8s.io/api/networking/v1" - policyv1 "k8s.io/api/policy/v1" - "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdditionalContainer) DeepCopyInto(out *AdditionalContainer) { - *out = *in - if in.Command != nil { - in, out := &in.Command, &out.Command - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Args != nil { - in, out := &in.Args, &out.Args - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ContainerSecurityContext != nil { - in, out := &in.ContainerSecurityContext, &out.ContainerSecurityContext - *out = new(v1.SecurityContext) - (*in).DeepCopyInto(*out) - } - in.Resources.DeepCopyInto(&out.Resources) - if in.VolumeMounts != nil { - in, out := &in.VolumeMounts, &out.VolumeMounts - *out = make([]v1.VolumeMount, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Env != nil { - in, out := &in.Env, &out.Env - *out = make([]v1.EnvVar, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.EnvFrom != nil { - in, out := &in.EnvFrom, &out.EnvFrom - *out = make([]v1.EnvFromSource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdditionalContainer. -func (in *AdditionalContainer) DeepCopy() *AdditionalContainer { - if in == nil { - return nil - } - out := new(AdditionalContainer) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DeepStorageSpec) DeepCopyInto(out *DeepStorageSpec) { - *out = *in - if in.Spec != nil { - in, out := &in.Spec, &out.Spec - *out = make(json.RawMessage, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeepStorageSpec. -func (in *DeepStorageSpec) DeepCopy() *DeepStorageSpec { - if in == nil { - return nil - } - out := new(DeepStorageSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *Druid) DeepCopyInto(out *Druid) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Druid. -func (in *Druid) DeepCopy() *Druid { - if in == nil { - return nil - } - out := new(Druid) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *Druid) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DruidClusterStatus) DeepCopyInto(out *DruidClusterStatus) { - *out = *in - out.DruidNodeStatus = in.DruidNodeStatus - if in.StatefulSets != nil { - in, out := &in.StatefulSets, &out.StatefulSets - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Deployments != nil { - in, out := &in.Deployments, &out.Deployments - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Services != nil { - in, out := &in.Services, &out.Services - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.ConfigMaps != nil { - in, out := &in.ConfigMaps, &out.ConfigMaps - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.PodDisruptionBudgets != nil { - in, out := &in.PodDisruptionBudgets, &out.PodDisruptionBudgets - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Ingress != nil { - in, out := &in.Ingress, &out.Ingress - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.HPAutoScalers != nil { - in, out := &in.HPAutoScalers, &out.HPAutoScalers - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.Pods != nil { - in, out := &in.Pods, &out.Pods - *out = make([]string, len(*in)) - copy(*out, *in) - } - if in.PersistentVolumeClaims != nil { - in, out := &in.PersistentVolumeClaims, &out.PersistentVolumeClaims - *out = make([]string, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DruidClusterStatus. -func (in *DruidClusterStatus) DeepCopy() *DruidClusterStatus { - if in == nil { - return nil - } - out := new(DruidClusterStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DruidIngestion) DeepCopyInto(out *DruidIngestion) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DruidIngestion. -func (in *DruidIngestion) DeepCopy() *DruidIngestion { - if in == nil { - return nil - } - out := new(DruidIngestion) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DruidIngestion) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DruidIngestionList) DeepCopyInto(out *DruidIngestionList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]DruidIngestion, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DruidIngestionList. -func (in *DruidIngestionList) DeepCopy() *DruidIngestionList { - if in == nil { - return nil - } - out := new(DruidIngestionList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DruidIngestionList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DruidIngestionSpec) DeepCopyInto(out *DruidIngestionSpec) { - *out = *in - in.Ingestion.DeepCopyInto(&out.Ingestion) - out.Auth = in.Auth -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DruidIngestionSpec. -func (in *DruidIngestionSpec) DeepCopy() *DruidIngestionSpec { - if in == nil { - return nil - } - out := new(DruidIngestionSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DruidIngestionStatus) DeepCopyInto(out *DruidIngestionStatus) { - *out = *in - in.LastUpdateTime.DeepCopyInto(&out.LastUpdateTime) - if in.CurrentRules != nil { - in, out := &in.CurrentRules, &out.CurrentRules - *out = make([]runtime.RawExtension, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DruidIngestionStatus. -func (in *DruidIngestionStatus) DeepCopy() *DruidIngestionStatus { - if in == nil { - return nil - } - out := new(DruidIngestionStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DruidList) DeepCopyInto(out *DruidList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]Druid, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DruidList. -func (in *DruidList) DeepCopy() *DruidList { - if in == nil { - return nil - } - out := new(DruidList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *DruidList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DruidNodeSpec) DeepCopyInto(out *DruidNodeSpec) { - *out = *in - if in.PodLabels != nil { - in, out := &in.PodLabels, &out.PodLabels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.PodDisruptionBudgetSpec != nil { - in, out := &in.PodDisruptionBudgetSpec, &out.PodDisruptionBudgetSpec - *out = new(policyv1.PodDisruptionBudgetSpec) - (*in).DeepCopyInto(*out) - } - if in.Services != nil { - in, out := &in.Services, &out.Services - *out = make([]v1.Service, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Tolerations != nil { - in, out := &in.Tolerations, &out.Tolerations - *out = make([]v1.Toleration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Affinity != nil { - in, out := &in.Affinity, &out.Affinity - *out = new(v1.Affinity) - (*in).DeepCopyInto(*out) - } - if in.NodeSelector != nil { - in, out := &in.NodeSelector, &out.NodeSelector - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.TerminationGracePeriodSeconds != nil { - in, out := &in.TerminationGracePeriodSeconds, &out.TerminationGracePeriodSeconds - *out = new(int64) - **out = **in - } - if in.Ports != nil { - in, out := &in.Ports, &out.Ports - *out = make([]v1.ContainerPort, len(*in)) - copy(*out, *in) - } - if in.ImagePullSecrets != nil { - in, out := &in.ImagePullSecrets, &out.ImagePullSecrets - *out = make([]v1.LocalObjectReference, len(*in)) - copy(*out, *in) - } - if in.Env != nil { - in, out := &in.Env, &out.Env - *out = make([]v1.EnvVar, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.EnvFrom != nil { - in, out := &in.EnvFrom, &out.EnvFrom - *out = make([]v1.EnvFromSource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - in.Resources.DeepCopyInto(&out.Resources) - if in.PodSecurityContext != nil { - in, out := &in.PodSecurityContext, &out.PodSecurityContext - *out = new(v1.PodSecurityContext) - (*in).DeepCopyInto(*out) - } - if in.ContainerSecurityContext != nil { - in, out := &in.ContainerSecurityContext, &out.ContainerSecurityContext - *out = new(v1.SecurityContext) - (*in).DeepCopyInto(*out) - } - if in.PodAnnotations != nil { - in, out := &in.PodAnnotations, &out.PodAnnotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.MaxSurge != nil { - in, out := &in.MaxSurge, &out.MaxSurge - *out = new(int32) - **out = **in - } - if in.MaxUnavailable != nil { - in, out := &in.MaxUnavailable, &out.MaxUnavailable - *out = new(int32) - **out = **in - } - if in.UpdateStrategy != nil { - in, out := &in.UpdateStrategy, &out.UpdateStrategy - *out = new(appsv1.StatefulSetUpdateStrategy) - (*in).DeepCopyInto(*out) - } - if in.LivenessProbe != nil { - in, out := &in.LivenessProbe, &out.LivenessProbe - *out = new(v1.Probe) - (*in).DeepCopyInto(*out) - } - if in.ReadinessProbe != nil { - in, out := &in.ReadinessProbe, &out.ReadinessProbe - *out = new(v1.Probe) - (*in).DeepCopyInto(*out) - } - if in.StartUpProbe != nil { - in, out := &in.StartUpProbe, &out.StartUpProbe - *out = new(v1.Probe) - (*in).DeepCopyInto(*out) - } - if in.IngressAnnotations != nil { - in, out := &in.IngressAnnotations, &out.IngressAnnotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.WorkloadAnnotations != nil { - in, out := &in.WorkloadAnnotations, &out.WorkloadAnnotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Ingress != nil { - in, out := &in.Ingress, &out.Ingress - *out = new(networkingv1.IngressSpec) - (*in).DeepCopyInto(*out) - } - if in.PersistentVolumeClaim != nil { - in, out := &in.PersistentVolumeClaim, &out.PersistentVolumeClaim - *out = make([]v1.PersistentVolumeClaim, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Lifecycle != nil { - in, out := &in.Lifecycle, &out.Lifecycle - *out = new(v1.Lifecycle) - (*in).DeepCopyInto(*out) - } - if in.HPAutoScaler != nil { - in, out := &in.HPAutoScaler, &out.HPAutoScaler - *out = new(v2.HorizontalPodAutoscalerSpec) - (*in).DeepCopyInto(*out) - } - if in.TopologySpreadConstraints != nil { - in, out := &in.TopologySpreadConstraints, &out.TopologySpreadConstraints - *out = make([]v1.TopologySpreadConstraint, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.VolumeClaimTemplates != nil { - in, out := &in.VolumeClaimTemplates, &out.VolumeClaimTemplates - *out = make([]v1.PersistentVolumeClaim, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.VolumeMounts != nil { - in, out := &in.VolumeMounts, &out.VolumeMounts - *out = make([]v1.VolumeMount, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Volumes != nil { - in, out := &in.Volumes, &out.Volumes - *out = make([]v1.Volume, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.AdditionalContainer != nil { - in, out := &in.AdditionalContainer, &out.AdditionalContainer - *out = make([]AdditionalContainer, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - in.DynamicConfig.DeepCopyInto(&out.DynamicConfig) - if in.DNSConfig != nil { - in, out := &in.DNSConfig, &out.DNSConfig - *out = new(v1.PodDNSConfig) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DruidNodeSpec. -func (in *DruidNodeSpec) DeepCopy() *DruidNodeSpec { - if in == nil { - return nil - } - out := new(DruidNodeSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DruidNodeTypeStatus) DeepCopyInto(out *DruidNodeTypeStatus) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DruidNodeTypeStatus. -func (in *DruidNodeTypeStatus) DeepCopy() *DruidNodeTypeStatus { - if in == nil { - return nil - } - out := new(DruidNodeTypeStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DruidSpec) DeepCopyInto(out *DruidSpec) { - *out = *in - if in.ExtraCommonConfig != nil { - in, out := &in.ExtraCommonConfig, &out.ExtraCommonConfig - *out = make([]*v1.ObjectReference, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(v1.ObjectReference) - **out = **in - } - } - } - if in.ImagePullSecrets != nil { - in, out := &in.ImagePullSecrets, &out.ImagePullSecrets - *out = make([]v1.LocalObjectReference, len(*in)) - copy(*out, *in) - } - if in.Env != nil { - in, out := &in.Env, &out.Env - *out = make([]v1.EnvVar, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.EnvFrom != nil { - in, out := &in.EnvFrom, &out.EnvFrom - *out = make([]v1.EnvFromSource, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.PodSecurityContext != nil { - in, out := &in.PodSecurityContext, &out.PodSecurityContext - *out = new(v1.PodSecurityContext) - (*in).DeepCopyInto(*out) - } - if in.ContainerSecurityContext != nil { - in, out := &in.ContainerSecurityContext, &out.ContainerSecurityContext - *out = new(v1.SecurityContext) - (*in).DeepCopyInto(*out) - } - if in.VolumeClaimTemplates != nil { - in, out := &in.VolumeClaimTemplates, &out.VolumeClaimTemplates - *out = make([]v1.PersistentVolumeClaim, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.VolumeMounts != nil { - in, out := &in.VolumeMounts, &out.VolumeMounts - *out = make([]v1.VolumeMount, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Volumes != nil { - in, out := &in.Volumes, &out.Volumes - *out = make([]v1.Volume, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.PodAnnotations != nil { - in, out := &in.PodAnnotations, &out.PodAnnotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.WorkloadAnnotations != nil { - in, out := &in.WorkloadAnnotations, &out.WorkloadAnnotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.PodLabels != nil { - in, out := &in.PodLabels, &out.PodLabels - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.UpdateStrategy != nil { - in, out := &in.UpdateStrategy, &out.UpdateStrategy - *out = new(appsv1.StatefulSetUpdateStrategy) - (*in).DeepCopyInto(*out) - } - if in.LivenessProbe != nil { - in, out := &in.LivenessProbe, &out.LivenessProbe - *out = new(v1.Probe) - (*in).DeepCopyInto(*out) - } - if in.ReadinessProbe != nil { - in, out := &in.ReadinessProbe, &out.ReadinessProbe - *out = new(v1.Probe) - (*in).DeepCopyInto(*out) - } - if in.StartUpProbe != nil { - in, out := &in.StartUpProbe, &out.StartUpProbe - *out = new(v1.Probe) - (*in).DeepCopyInto(*out) - } - if in.Services != nil { - in, out := &in.Services, &out.Services - *out = make([]v1.Service, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.NodeSelector != nil { - in, out := &in.NodeSelector, &out.NodeSelector - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Tolerations != nil { - in, out := &in.Tolerations, &out.Tolerations - *out = make([]v1.Toleration, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Affinity != nil { - in, out := &in.Affinity, &out.Affinity - *out = new(v1.Affinity) - (*in).DeepCopyInto(*out) - } - if in.Nodes != nil { - in, out := &in.Nodes, &out.Nodes - *out = make(map[string]DruidNodeSpec, len(*in)) - for key, val := range *in { - (*out)[key] = *val.DeepCopy() - } - } - if in.AdditionalContainer != nil { - in, out := &in.AdditionalContainer, &out.AdditionalContainer - *out = make([]AdditionalContainer, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.Zookeeper != nil { - in, out := &in.Zookeeper, &out.Zookeeper - *out = new(ZookeeperSpec) - (*in).DeepCopyInto(*out) - } - if in.MetadataStore != nil { - in, out := &in.MetadataStore, &out.MetadataStore - *out = new(MetadataStoreSpec) - (*in).DeepCopyInto(*out) - } - if in.DeepStorage != nil { - in, out := &in.DeepStorage, &out.DeepStorage - *out = new(DeepStorageSpec) - (*in).DeepCopyInto(*out) - } - in.DynamicConfig.DeepCopyInto(&out.DynamicConfig) - out.Auth = in.Auth - if in.DNSConfig != nil { - in, out := &in.DNSConfig, &out.DNSConfig - *out = new(v1.PodDNSConfig) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DruidSpec. -func (in *DruidSpec) DeepCopy() *DruidSpec { - if in == nil { - return nil - } - out := new(DruidSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *IngestionSpec) DeepCopyInto(out *IngestionSpec) { - *out = *in - in.NativeSpec.DeepCopyInto(&out.NativeSpec) - in.Compaction.DeepCopyInto(&out.Compaction) - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]runtime.RawExtension, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngestionSpec. -func (in *IngestionSpec) DeepCopy() *IngestionSpec { - if in == nil { - return nil - } - out := new(IngestionSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MetadataStoreSpec) DeepCopyInto(out *MetadataStoreSpec) { - *out = *in - if in.Spec != nil { - in, out := &in.Spec, &out.Spec - *out = make(json.RawMessage, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MetadataStoreSpec. -func (in *MetadataStoreSpec) DeepCopy() *MetadataStoreSpec { - if in == nil { - return nil - } - out := new(MetadataStoreSpec) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ZookeeperSpec) DeepCopyInto(out *ZookeeperSpec) { - *out = *in - if in.Spec != nil { - in, out := &in.Spec, &out.Spec - *out = make(json.RawMessage, len(*in)) - copy(*out, *in) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ZookeeperSpec. -func (in *ZookeeperSpec) DeepCopy() *ZookeeperSpec { - if in == nil { - return nil - } - out := new(ZookeeperSpec) - in.DeepCopyInto(out) - return out -} diff --git a/druid-operator/chart/.helmignore b/druid-operator/chart/.helmignore deleted file mode 100644 index 315b55243a95..000000000000 --- a/druid-operator/chart/.helmignore +++ /dev/null @@ -1,39 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- - -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/druid-operator/chart/Chart.yaml b/druid-operator/chart/Chart.yaml deleted file mode 100644 index 4b556db0a571..000000000000 --- a/druid-operator/chart/Chart.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: v2 -name: druid-operator -description: Druid Kubernetes Operator - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.9 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -appVersion: v1.3.0 -# icon -icon: "https://www.apache.org/logos/res/druid/druid-1.png" diff --git a/druid-operator/chart/crds/druid.apache.org_druidingestions.yaml b/druid-operator/chart/crds/druid.apache.org_druidingestions.yaml deleted file mode 100644 index 6bf076d93874..000000000000 --- a/druid-operator/chart/crds/druid.apache.org_druidingestions.yaml +++ /dev/null @@ -1,165 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: druidingestions.druid.apache.org -spec: - group: druid.apache.org - names: - kind: DruidIngestion - listKind: DruidIngestionList - plural: druidingestions - singular: druidingestion - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.ingestionSpec.type - name: Type - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Ingestion is the Schema for the Ingestion API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - auth: - properties: - passwordKey: - description: PasswordKey specifies the key within the Kubernetes - secret that contains the password for authentication. - type: string - secretRef: - description: |- - SecretReference represents a Secret Reference. It has enough information to retrieve secret - in any namespace - properties: - name: - description: name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: namespace defines the space within which the - secret name must be unique. - type: string - type: object - x-kubernetes-map-type: atomic - type: - type: string - usernameKey: - description: UsernameKey specifies the key within the Kubernetes - secret that contains the username for authentication. - type: string - required: - - secretRef - - type - type: object - druidCluster: - type: string - ingestion: - properties: - compaction: - type: object - x-kubernetes-preserve-unknown-fields: true - nativeSpec: - description: |- - nativeSpec allows the ingestion specification to be defined in a native Kubernetes format. - This is particularly useful for environment-specific configurations and will eventually - replace the JSON-based Spec field. - Note: Spec will be ignored if nativeSpec is provided. - type: object - x-kubernetes-preserve-unknown-fields: true - rules: - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - spec: - description: |- - Spec should be passed in as a JSON string. - Note: This field is planned for deprecation in favor of nativeSpec. - type: string - type: - type: string - required: - - type - type: object - suspend: - type: boolean - required: - - druidCluster - - ingestion - type: object - status: - properties: - currentIngestionSpec.json: - description: |- - CurrentIngestionSpec is a string instead of RawExtension to maintain compatibility with existing - IngestionSpecs that are stored as JSON strings. - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - rules: - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - status: - type: string - taskId: - type: string - type: - type: string - required: - - currentIngestionSpec.json - - taskId - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/druid-operator/chart/crds/druid.apache.org_druids.yaml b/druid-operator/chart/crds/druid.apache.org_druids.yaml deleted file mode 100644 index fdde9d6c604c..000000000000 --- a/druid-operator/chart/crds/druid.apache.org_druids.yaml +++ /dev/null @@ -1,12064 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: druids.druid.apache.org -spec: - group: druid.apache.org - names: - kind: Druid - listKind: DruidList - plural: druids - singular: druid - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Druid is the Schema for the druids API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DruidSpec defines the desired state of the Druid cluster. - properties: - additionalContainer: - description: AdditionalContainer defines additional sidecar containers - to be deployed with the `Druid` pods. - items: - description: |- - AdditionalContainer defines additional sidecar containers to be deployed with the `Druid` pods. - (will be part of Kubernetes native in the future: - https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/753-sidecar-containers/README.md#summary). - properties: - args: - description: Args Arguments to call the command. - items: - type: string - type: array - command: - description: Command command for the additional container. - items: - type: string - type: array - containerName: - description: ContainerName name of the additional container. - type: string - env: - description: Env Environment variables for the additional container. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: EnvFrom Extra environment variables from remote - source (ConfigMaps, Secrets...). - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: Image Image of the additional container. - type: string - imagePullPolicy: - description: ImagePullPolicy If not present, will be taken from - top level spec. - type: string - resources: - description: Resources Kubernetes Native `resources` specification. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - runAsInit: - description: RunAsInit indicate whether this should be an init - container. - type: boolean - securityContext: - description: ContainerSecurityContext If not present, will be - taken from top level pod. - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - volumeMounts: - description: VolumeMounts Kubernetes Native `VolumeMount` specification. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - required: - - command - - containerName - - image - type: object - type: array - affinity: - description: Affinity Kubernetes native `affinity` specification. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - auth: - properties: - passwordKey: - description: PasswordKey specifies the key within the Kubernetes - secret that contains the password for authentication. - type: string - secretRef: - description: |- - SecretReference represents a Secret Reference. It has enough information to retrieve secret - in any namespace - properties: - name: - description: name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: namespace defines the space within which the - secret name must be unique. - type: string - type: object - x-kubernetes-map-type: atomic - type: - type: string - usernameKey: - description: UsernameKey specifies the key within the Kubernetes - secret that contains the username for authentication. - type: string - required: - - secretRef - - type - type: object - common.runtime.properties: - description: CommonRuntimeProperties Content fo the `common.runtime.properties` - configuration file. - type: string - commonConfigMountPath: - default: /opt/druid/conf/druid/cluster/_common - description: CommonConfigMountPath In-container directory to mount - the Druid common configuration - type: string - containerSecurityContext: - description: ContainerSecurityContext - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - core-site.xml: - description: CoreSite Contents of `core-site.xml`. - type: string - deepStorage: - description: 'DeepStorage IGNORED (Future API): In order to make Druid - dependency setup extensible from within Druid operator.' - properties: - spec: - description: |- - RawMessage is a raw encoded JSON value. - It implements [Marshaler] and [Unmarshaler] and can - be used to delay JSON decoding or precompute a JSON encoding. - format: byte - type: string - type: - type: string - required: - - spec - - type - type: object - defaultProbes: - default: true - description: |- - DefaultProbes If set to true this will add default probes (liveness / readiness / startup) for all druid components - but it won't override existing probes - type: boolean - deleteOrphanPvc: - default: true - description: DeleteOrphanPvc Orphaned (unmounted PVCs) shall be cleaned - up by the operator. - type: boolean - disablePVCDeletionFinalizer: - default: false - description: DisablePVCDeletionFinalizer Whether PVCs shall be deleted - on the deletion of the Druid cluster. - type: boolean - dnsConfig: - description: See v1.PodDNSConfig for more details. - properties: - nameservers: - description: |- - A list of DNS name server IP addresses. - This will be appended to the base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. - items: - type: string - type: array - options: - description: |- - A list of DNS resolver options. - This will be merged with the base options generated from DNSPolicy. - Duplicated entries will be removed. Resolution options given in Options - will override those that appear in the base DNSPolicy. - items: - description: PodDNSConfigOption defines DNS resolver options - of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: |- - A list of DNS search domains for host-name lookup. - This will be appended to the base search paths generated from DNSPolicy. - Duplicated search paths will be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: See v1.DNSPolicy for more details. - type: string - dynamicConfig: - description: Dynamic Configurations for Druid. Applied through the - dynamic configuration API. - type: object - x-kubernetes-preserve-unknown-fields: true - env: - description: Env Environment variables for druid containers. - items: - description: EnvVar represents an environment variable present in - a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: EnvFrom Extra environment variables from remote source - (ConfigMaps, Secrets...). - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - extraCommonConfig: - description: |- - ExtraCommonConfig References to ConfigMaps holding more configuration files to mount to the - common configuration path. - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - forceDeleteStsPodOnError: - default: true - description: |- - ForceDeleteStsPodOnError Delete the StatefulSet's pods if the StatefulSet is set to ordered ready. - issue: https://github.com/kubernetes/kubernetes/issues/67250 - doc: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#forced-rollback - type: boolean - hdfs-site.xml: - description: HdfsSite Contents of `hdfs-site.xml`. - type: string - ignored: - default: false - description: |- - Ignored is now deprecated API. In order to avoid reconciliation of objects use the - `druid.apache.org/ignored: "true"` annotation. - type: boolean - image: - description: Image Required here or at the NodeSpec level. - type: string - imagePullPolicy: - default: IfNotPresent - description: ImagePullPolicy - type: string - imagePullSecrets: - description: ImagePullSecrets - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - type: array - jvm.options: - description: JvmOptions Contents of the shared `jvm.options` configuration - file for druid JVM processes. - type: string - livenessProbe: - description: |- - LivenessProbe - Port is set to `druid.port` if not specified with httpGet handler. - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number must - be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - log4j.config: - description: Log4jConfig contents `log4j.config` configuration file. - type: string - metadataStore: - description: 'MetadataStore IGNORED (Future API): In order to make - Druid dependency setup extensible from within Druid operator.' - properties: - spec: - description: |- - RawMessage is a raw encoded JSON value. - It implements [Marshaler] and [Unmarshaler] and can - be used to delay JSON decoding or precompute a JSON encoding. - format: byte - type: string - type: - type: string - required: - - spec - - type - type: object - metricDimensions.json: - description: |- - DimensionsMapPath Custom Dimension Map Path for statsd emitter. - stastd documentation is described in the following documentation: - https://druid.apache.org/docs/latest/development/extensions-contrib/statsd.html - type: string - nodeSelector: - additionalProperties: - type: string - description: NodeSelector Kubernetes native `nodeSelector` specification. - type: object - nodes: - additionalProperties: - description: |- - DruidNodeSpec Specification of `Druid` Node type and its configurations. - The key in following map can be arbitrary string that helps you identify resources for a specific nodeSpec. - It is used in the Kubernetes resources' names, so it must be compliant with restrictions - placed on Kubernetes resource names: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ - properties: - additionalContainer: - description: Operator deploys the sidecar container based on - these properties. - items: - description: |- - AdditionalContainer defines additional sidecar containers to be deployed with the `Druid` pods. - (will be part of Kubernetes native in the future: - https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/753-sidecar-containers/README.md#summary). - properties: - args: - description: Args Arguments to call the command. - items: - type: string - type: array - command: - description: Command command for the additional container. - items: - type: string - type: array - containerName: - description: ContainerName name of the additional container. - type: string - env: - description: Env Environment variables for the additional - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: EnvFrom Extra environment variables from - remote source (ConfigMaps, Secrets...). - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to - each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: Image Image of the additional container. - type: string - imagePullPolicy: - description: ImagePullPolicy If not present, will be taken - from top level spec. - type: string - resources: - description: Resources Kubernetes Native `resources` specification. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - runAsInit: - description: RunAsInit indicate whether this should be - an init container. - type: boolean - securityContext: - description: ContainerSecurityContext If not present, - will be taken from top level pod. - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - volumeMounts: - description: VolumeMounts Kubernetes Native `VolumeMount` - specification. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - required: - - command - - containerName - - image - type: object - type: array - affinity: - description: Affinity Kubernetes native `affinity` specification. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range - 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - containerSecurityContext: - description: ContainerSecurityContext - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - dnsConfig: - description: See v1.PodDNSConfig for more details. - properties: - nameservers: - description: |- - A list of DNS name server IP addresses. - This will be appended to the base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. - items: - type: string - type: array - options: - description: |- - A list of DNS resolver options. - This will be merged with the base options generated from DNSPolicy. - Duplicated entries will be removed. Resolution options given in Options - will override those that appear in the base DNSPolicy. - items: - description: PodDNSConfigOption defines DNS resolver options - of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: |- - A list of DNS search domains for host-name lookup. - This will be appended to the base search paths generated from DNSPolicy. - Duplicated search paths will be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: See v1.DNSPolicy for more details. - type: string - druid.port: - description: DruidPort Used by the `Druid` process. - format: int32 - type: integer - dynamicConfig: - description: Dynamic Configurations for Druid. Applied through - the dynamic configuration API. - type: object - x-kubernetes-preserve-unknown-fields: true - env: - description: Env Environment variables for druid containers. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: EnvFrom Extra environment variables from remote - source (ConfigMaps, Secrets...). - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - extra.jvm.options: - description: ExtraJvmOptions Appends extra jvm options to the - `JvmOptions` field. - type: string - hpAutoscaler: - description: HPAutoScaler Kubernetes Native `HorizontalPodAutoscaler` - specification. - properties: - behavior: - description: |- - behavior configures the scaling behavior of the target - in both Up and Down directions (scaleUp and scaleDown fields respectively). - If not set, the default HPAScalingRules for scale up and scale down are used. - properties: - scaleDown: - description: |- - scaleDown is scaling policy for scaling Down. - If not set, the default value is to allow to scale down to minReplicas pods, with a - 300 second stabilization window (i.e., the highest recommendation for - the last 300sec is used). - properties: - policies: - description: |- - policies is a list of potential scaling polices which can be used during scaling. - At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid - items: - description: HPAScalingPolicy is a single policy - which must hold true for a specified past interval. - properties: - periodSeconds: - description: |- - periodSeconds specifies the window of time for which the policy should hold true. - PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). - format: int32 - type: integer - type: - description: type is used to specify the scaling - policy. - type: string - value: - description: |- - value contains the amount of change which is permitted by the policy. - It must be greater than zero - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - x-kubernetes-list-type: atomic - selectPolicy: - description: |- - selectPolicy is used to specify which policy should be used. - If not set, the default value Max is used. - type: string - stabilizationWindowSeconds: - description: |- - stabilizationWindowSeconds is the number of seconds for which past recommendations should be - considered while scaling up or scaling down. - StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). - If not set, use the default values: - - For scale up: 0 (i.e. no stabilization is done). - - For scale down: 300 (i.e. the stabilization window is 300 seconds long). - format: int32 - type: integer - type: object - scaleUp: - description: |- - scaleUp is scaling policy for scaling Up. - If not set, the default value is the higher of: - * increase no more than 4 pods per 60 seconds - * double the number of pods per 60 seconds - No stabilization is used. - properties: - policies: - description: |- - policies is a list of potential scaling polices which can be used during scaling. - At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid - items: - description: HPAScalingPolicy is a single policy - which must hold true for a specified past interval. - properties: - periodSeconds: - description: |- - periodSeconds specifies the window of time for which the policy should hold true. - PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). - format: int32 - type: integer - type: - description: type is used to specify the scaling - policy. - type: string - value: - description: |- - value contains the amount of change which is permitted by the policy. - It must be greater than zero - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - x-kubernetes-list-type: atomic - selectPolicy: - description: |- - selectPolicy is used to specify which policy should be used. - If not set, the default value Max is used. - type: string - stabilizationWindowSeconds: - description: |- - stabilizationWindowSeconds is the number of seconds for which past recommendations should be - considered while scaling up or scaling down. - StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). - If not set, use the default values: - - For scale up: 0 (i.e. no stabilization is done). - - For scale down: 300 (i.e. the stabilization window is 300 seconds long). - format: int32 - type: integer - type: object - type: object - maxReplicas: - description: |- - maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. - It cannot be less that minReplicas. - format: int32 - type: integer - metrics: - description: |- - metrics contains the specifications for which to use to calculate the - desired replica count (the maximum replica count across all metrics will - be used). The desired replica count is calculated multiplying the - ratio between the target value and the current value by the current - number of pods. Ergo, metrics used must decrease as the pod count is - increased, and vice-versa. See the individual metric source types for - more information about how each type of metric must respond. - If not set, the default metric will be set to 80% average CPU utilization. - items: - description: |- - MetricSpec specifies how to scale based on a single metric - (only `type` and one other matching field should be set at once). - properties: - containerResource: - description: |- - containerResource refers to a resource metric (such as those specified in - requests and limits) known to Kubernetes describing a single container in - each pod of the current scale target (e.g. CPU or memory). Such metrics are - built in to Kubernetes, and have special scaling options on top of those - available to normal per-pod metrics using the "pods" source. - This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. - properties: - container: - description: container is the name of the container - in the pods of the scaling target - type: string - name: - description: name is the name of the resource - in question. - type: string - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: |- - averageUtilization is the target value of the average of the - resource metric across all relevant pods, represented as a percentage of - the requested value of the resource for the pods. - Currently only valid for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: |- - averageValue is the target value of the average of the - metric across all relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - container - - name - - target - type: object - external: - description: |- - external refers to a global metric that is not associated - with any Kubernetes object. It allows autoscaling based on information - coming from components running outside of cluster - (for example length of queue in cloud messaging service, or - QPS from loadbalancer running outside of cluster). - properties: - metric: - description: metric identifies the target metric - by name and selector - properties: - name: - description: name is the name of the given - metric - type: string - selector: - description: |- - selector is the string-encoded form of a standard kubernetes label selector for the given metric - When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - When unset, just the metricName will be used to gather metrics. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - name - type: object - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: |- - averageUtilization is the target value of the average of the - resource metric across all relevant pods, represented as a percentage of - the requested value of the resource for the pods. - Currently only valid for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: |- - averageValue is the target value of the average of the - metric across all relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - metric - - target - type: object - object: - description: |- - object refers to a metric describing a single kubernetes object - (for example, hits-per-second on an Ingress object). - properties: - describedObject: - description: describedObject specifies the descriptions - of a object,such as kind,name apiVersion - properties: - apiVersion: - description: apiVersion is the API version - of the referent - type: string - kind: - description: 'kind is the kind of the referent; - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'name is the name of the referent; - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - kind - - name - type: object - metric: - description: metric identifies the target metric - by name and selector - properties: - name: - description: name is the name of the given - metric - type: string - selector: - description: |- - selector is the string-encoded form of a standard kubernetes label selector for the given metric - When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - When unset, just the metricName will be used to gather metrics. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - name - type: object - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: |- - averageUtilization is the target value of the average of the - resource metric across all relevant pods, represented as a percentage of - the requested value of the resource for the pods. - Currently only valid for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: |- - averageValue is the target value of the average of the - metric across all relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - describedObject - - metric - - target - type: object - pods: - description: |- - pods refers to a metric describing each pod in the current scale target - (for example, transactions-processed-per-second). The values will be - averaged together before being compared to the target value. - properties: - metric: - description: metric identifies the target metric - by name and selector - properties: - name: - description: name is the name of the given - metric - type: string - selector: - description: |- - selector is the string-encoded form of a standard kubernetes label selector for the given metric - When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - When unset, just the metricName will be used to gather metrics. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - name - type: object - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: |- - averageUtilization is the target value of the average of the - resource metric across all relevant pods, represented as a percentage of - the requested value of the resource for the pods. - Currently only valid for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: |- - averageValue is the target value of the average of the - metric across all relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - metric - - target - type: object - resource: - description: |- - resource refers to a resource metric (such as those specified in - requests and limits) known to Kubernetes describing each pod in the - current scale target (e.g. CPU or memory). Such metrics are built in to - Kubernetes, and have special scaling options on top of those available - to normal per-pod metrics using the "pods" source. - properties: - name: - description: name is the name of the resource - in question. - type: string - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: |- - averageUtilization is the target value of the average of the - resource metric across all relevant pods, represented as a percentage of - the requested value of the resource for the pods. - Currently only valid for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: |- - averageValue is the target value of the average of the - metric across all relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - name - - target - type: object - type: - description: |- - type is the type of metric source. It should be one of "ContainerResource", "External", - "Object", "Pods" or "Resource", each mapping to a matching field in the object. - Note: "ContainerResource" type is available on when the feature-gate - HPAContainerMetrics is enabled - type: string - required: - - type - type: object - type: array - x-kubernetes-list-type: atomic - minReplicas: - description: |- - minReplicas is the lower limit for the number of replicas to which the autoscaler - can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the - alpha feature gate HPAScaleToZero is enabled and at least one Object or External - metric is configured. Scaling is active as long as at least one metric value is - available. - format: int32 - type: integer - scaleTargetRef: - description: |- - scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics - should be collected, as well as to actually change the replica count. - properties: - apiVersion: - description: apiVersion is the API version of the referent - type: string - kind: - description: 'kind is the kind of the referent; More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'name is the name of the referent; More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - kind - - name - type: object - required: - - maxReplicas - - scaleTargetRef - type: object - image: - description: Image Overrides image from top level, Required - if no image specified at top level. - type: string - imagePullPolicy: - description: ImagePullPolicy Overrides `imagePullPolicy` from - top level. - type: string - imagePullSecrets: - description: ImagePullSecrets Overrides `imagePullSecrets` from - top level. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - type: array - ingress: - description: Ingress Kubernetes Native `Ingress` specification. - properties: - defaultBackend: - description: |- - defaultBackend is the backend that should handle requests that don't - match any rule. If Rules are not specified, DefaultBackend must be specified. - If DefaultBackend is not set, the handling of requests that do not match any - of the rules will be up to the Ingress controller. - properties: - resource: - description: |- - resource is an ObjectRef to another Kubernetes resource in the namespace - of the Ingress object. If resource is specified, a service.Name and - service.Port must not be specified. - This is a mutually exclusive setting with "Service". - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - service: - description: |- - service references a service as a backend. - This is a mutually exclusive setting with "Resource". - properties: - name: - description: |- - name is the referenced service. The service must exist in - the same namespace as the Ingress object. - type: string - port: - description: |- - port of the referenced service. A port name or port number - is required for a IngressServiceBackend. - properties: - name: - description: |- - name is the name of the port on the Service. - This is a mutually exclusive setting with "Number". - type: string - number: - description: |- - number is the numerical port number (e.g. 80) on the Service. - This is a mutually exclusive setting with "Name". - format: int32 - type: integer - type: object - required: - - name - type: object - type: object - ingressClassName: - description: |- - ingressClassName is the name of an IngressClass cluster resource. Ingress - controller implementations use this field to know whether they should be - serving this Ingress resource, by a transitive connection - (controller -> IngressClass -> Ingress resource). Although the - `kubernetes.io/ingress.class` annotation (simple constant name) was never - formally defined, it was widely supported by Ingress controllers to create - a direct binding between Ingress controller and Ingress resources. Newly - created Ingress resources should prefer using the field. However, even - though the annotation is officially deprecated, for backwards compatibility - reasons, ingress controllers should still honor that annotation if present. - type: string - rules: - description: |- - rules is a list of host rules used to configure the Ingress. If unspecified, - or no rule matches, all traffic is sent to the default backend. - items: - description: |- - IngressRule represents the rules mapping the paths under a specified host to - the related backend services. Incoming requests are first evaluated for a host - match, then routed to the backend associated with the matching IngressRuleValue. - properties: - host: - description: "host is the fully qualified domain name - of a network host, as defined by RFC 3986.\nNote - the following deviations from the \"host\" part - of the\nURI as defined in RFC 3986:\n1. IPs are - not allowed. Currently an IngressRuleValue can only - apply to\n the IP in the Spec of the parent Ingress.\n2. - The `:` delimiter is not respected because ports - are not allowed.\n\t Currently the port of an Ingress - is implicitly :80 for http and\n\t :443 for https.\nBoth - these may change in the future.\nIncoming requests - are matched against the host before the\nIngressRuleValue. - If the host is unspecified, the Ingress routes all\ntraffic - based on the specified IngressRuleValue.\n\n\nhost - can be \"precise\" which is a domain name without - the terminating dot of\na network host (e.g. \"foo.bar.com\") - or \"wildcard\", which is a domain name\nprefixed - with a single wildcard label (e.g. \"*.foo.com\").\nThe - wildcard character '*' must appear by itself as - the first DNS label and\nmatches only a single label. - You cannot have a wildcard label by itself (e.g. - Host == \"*\").\nRequests will be matched against - the Host field in the following way:\n1. If host - is precise, the request matches this rule if the - http host header is equal to Host.\n2. If host is - a wildcard, then the request matches this rule if - the http host header\nis to equal to the suffix - (removing the first label) of the wildcard rule." - type: string - http: - description: |- - HTTPIngressRuleValue is a list of http selectors pointing to backends. - In the example: http:///? -> backend where - where parts of the url correspond to RFC 3986, this resource will be used - to match against everything after the last '/' and before the first '?' - or '#'. - properties: - paths: - description: paths is a collection of paths that - map requests to backends. - items: - description: |- - HTTPIngressPath associates a path with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: |- - backend defines the referenced service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: |- - resource is an ObjectRef to another Kubernetes resource in the namespace - of the Ingress object. If resource is specified, a service.Name and - service.Port must not be specified. - This is a mutually exclusive setting with "Service". - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - service: - description: |- - service references a service as a backend. - This is a mutually exclusive setting with "Resource". - properties: - name: - description: |- - name is the referenced service. The service must exist in - the same namespace as the Ingress object. - type: string - port: - description: |- - port of the referenced service. A port name or port number - is required for a IngressServiceBackend. - properties: - name: - description: |- - name is the name of the port on the Service. - This is a mutually exclusive setting with "Number". - type: string - number: - description: |- - number is the numerical port number (e.g. 80) on the Service. - This is a mutually exclusive setting with "Name". - format: int32 - type: integer - type: object - required: - - name - type: object - type: object - path: - description: |- - path is matched against the path of an incoming request. Currently it can - contain characters disallowed from the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin with a '/' and must be present - when using PathType with value "Exact" or "Prefix". - type: string - pathType: - description: |- - pathType determines the interpretation of the path matching. PathType can - be one of the following values: - * Exact: Matches the URL path exactly. - * Prefix: Matches based on a URL path prefix split by '/'. Matching is - done on a path element by element basis. A path element refers is the - list of labels in the path split by the '/' separator. A request is a - match for path p if every p is an element-wise prefix of p of the - request path. Note that if the last element of the path is a substring - of the last element in request path, it is not a match (e.g. /foo/bar - matches /foo/bar/baz, but does not match /foo/barbaz). - * ImplementationSpecific: Interpretation of the Path matching is up to - the IngressClass. Implementations can treat this as a separate PathType - or treat it identically to Prefix or Exact path types. - Implementations are required to support all path types. - type: string - required: - - backend - - pathType - type: object - type: array - x-kubernetes-list-type: atomic - required: - - paths - type: object - type: object - type: array - x-kubernetes-list-type: atomic - tls: - description: |- - tls represents the TLS configuration. Currently the Ingress only supports a - single TLS port, 443. If multiple members of this list specify different hosts, - they will be multiplexed on the same port according to the hostname specified - through the SNI TLS extension, if the ingress controller fulfilling the - ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an ingress. - properties: - hosts: - description: |- - hosts is a list of hosts included in the TLS certificate. The values in - this list must match the name/s used in the tlsSecret. Defaults to the - wildcard host setting for the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - x-kubernetes-list-type: atomic - secretName: - description: |- - secretName is the name of the secret used to terminate TLS traffic on - port 443. Field is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts with the "Host" - header field used by an IngressRule, the SNI host is used for termination - and value of the "Host" header is used for routing. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - ingressAnnotations: - additionalProperties: - type: string - description: IngressAnnotations `Ingress` annotations to be - populated in ingress spec. - type: object - jvm.options: - description: JvmOptions overrides `JvmOptions` at top level. - type: string - kind: - default: StatefulSet - description: |- - Kind Can be StatefulSet or Deployment. - Note: volumeClaimTemplates are ignored when kind=Deployment - type: string - lifecycle: - description: Lifecycle - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: |- - LivenessProbe - Port is set to `druid.port` if not specified with httpGet handler. - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - log4j.config: - description: Log4jConfig Overrides `Log4jConfig` at top level. - type: string - maxSurge: - description: |- - MaxSurge For Deployment object only. - Set to 25% by default. - format: int32 - type: integer - maxUnavailable: - description: |- - MaxUnavailable For deployment object only. - Set to 25% by default - format: int32 - type: integer - nodeConfigMountPath: - description: NodeConfigMountPath in-container directory to mount - with runtime.properties, jvm.config, log4j2.xml files. - type: string - nodeSelector: - additionalProperties: - type: string - description: NodeSelector Kubernetes native `nodeSelector` specification. - type: object - nodeType: - description: NodeDruid `Druid` node type. - enum: - - historical - - overlord - - middleManager - - indexer - - broker - - coordinator - - router - type: string - persistentVolumeClaim: - description: VolumeClaimTemplates Kubernetes Native `VolumeClaimTemplate` - specification. - items: - description: PersistentVolumeClaim is a user's request for - and claim to a persistent volume - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may - be larger than the actual capacity when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - If a volume expansion capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress and if the actual volume capacity - is equal or lower than the requested capacity. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "ResizeStarted" that means the underlying - persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - resizeStatus: - description: |- - resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty - string by resize controller or kubelet. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: string - type: object - type: object - type: array - podAnnotations: - additionalProperties: - type: string - description: PodAnnotations Custom annotation to be populated - in the workload's pods. - type: object - podDisruptionBudgetSpec: - description: PodDisruptionBudgetSpec Kubernetes native `podDisruptionBudget` - specification. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - An eviction is allowed if at most "maxUnavailable" pods selected by - "selector" are unavailable after the eviction, i.e. even in absence of - the evicted pod. For example, one can prevent all voluntary evictions - by specifying 0. This is a mutually exclusive setting with "minAvailable". - x-kubernetes-int-or-string: true - minAvailable: - anyOf: - - type: integer - - type: string - description: |- - An eviction is allowed if at least "minAvailable" pods selected by - "selector" will still be available after the eviction, i.e. even in the - absence of the evicted pod. So for example you can prevent all voluntary - evictions by specifying "100%". - x-kubernetes-int-or-string: true - selector: - description: |- - Label query over pods whose evictions are managed by the disruption - budget. - A null selector will match no pods, while an empty ({}) selector will select - all pods within the namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyPodEvictionPolicy: - description: |- - UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods - should be considered for eviction. Current implementation considers healthy pods, - as pods that have status.conditions item with type="Ready",status="True". - - - Valid policies are IfHealthyBudget and AlwaysAllow. - If no policy is specified, the default behavior will be used, - which corresponds to the IfHealthyBudget policy. - - - IfHealthyBudget policy means that running pods (status.phase="Running"), - but not yet healthy can be evicted only if the guarded application is not - disrupted (status.currentHealthy is at least equal to status.desiredHealthy). - Healthy pods will be subject to the PDB for eviction. - - - AlwaysAllow policy means that all running pods (status.phase="Running"), - but not yet healthy are considered disrupted and can be evicted regardless - of whether the criteria in a PDB is met. This means perspective running - pods of a disrupted application might not get a chance to become healthy. - Healthy pods will be subject to the PDB for eviction. - - - Additional policies may be added in the future. - Clients making eviction decisions should disallow eviction of unhealthy pods - if they encounter an unrecognized policy in this field. - - - This field is beta-level. The eviction API uses this field when - the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). - type: string - type: object - podLabels: - additionalProperties: - type: string - description: PodLabels Custom labels to be populated in the - workload's pods. - type: object - podManagementPolicy: - default: Parallel - description: PodManagementPolicy - type: string - ports: - description: Ports Extra ports to be added to pod spec. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - priorityClassName: - description: PriorityClassName Kubernetes native `priorityClassName` - specification. - type: string - readinessProbe: - description: |- - ReadinessProbe - Port is set to `druid.port` if not specified with httpGet handler. - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - replicas: - description: Replicas replica of the workload - format: int32 - minimum: 0 - type: integer - resources: - description: Resources Kubernetes Native `resources` specification. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - runtime.properties: - description: RuntimeProperties Additional runtime configuration - for the specific workload. - type: string - securityContext: - description: PodSecurityContext Overrides `securityContext` - at top level. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - fsGroupChangePolicy: - description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. - type: string - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. - Note that this field cannot be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: ServiceAccountName Kubernetes native `serviceAccountName` - specification. - type: string - services: - description: Services Overrides services at top level. - items: - description: |- - Service is a named abstraction of software service (for example, mysql) consisting of local port - (for example 3306) that the proxy listens on, and the selector that determines which pods - will answer requests sent through the proxy. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - Spec defines the behavior of a service. - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - allocateLoadBalancerNodePorts: - description: |- - allocateLoadBalancerNodePorts defines if NodePorts will be automatically - allocated for services with type LoadBalancer. Default is "true". It - may be set to "false" if the cluster load-balancer does not rely on - NodePorts. If the caller requests specific NodePorts (by specifying a - value), those requests will be respected, regardless of this field. - This field may only be set for services with type LoadBalancer and will - be cleared if the type is changed to any other type. - type: boolean - clusterIP: - description: |- - clusterIP is the IP address of the service and is usually assigned - randomly. If an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated to the - service; otherwise creation of the service will fail. This field may not - be changed through updates unless the type field is also being changed - to ExternalName (which requires this field to be blank) or the type - field is being changed from ExternalName (in which case this field may - optionally be specified, as describe above). Valid values are "None", - empty string (""), or a valid IP address. Setting this to "None" makes a - "headless service" (no virtual IP), which is useful when direct endpoint - connections are preferred and proxying is not required. Only applies to - types ClusterIP, NodePort, and LoadBalancer. If this field is specified - when creating a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - type: string - clusterIPs: - description: |- - ClusterIPs is a list of IP addresses assigned to this service, and are - usually assigned randomly. If an address is specified manually, is - in-range (as per system configuration), and is not in use, it will be - allocated to the service; otherwise creation of the service will fail. - This field may not be changed through updates unless the type field is - also being changed to ExternalName (which requires this field to be - empty) or the type field is being changed from ExternalName (in which - case this field may optionally be specified, as describe above). Valid - values are "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual IP), which is - useful when direct endpoint connections are preferred and proxying is - not required. Only applies to types ClusterIP, NodePort, and - LoadBalancer. If this field is specified when creating a Service of type - ExternalName, creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not specified, it will - be initialized from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have the same - value. - - - This field may hold a maximum of two entries (dual-stack IPs, in either order). - These IPs must correspond to the values of the ipFamilies field. Both - clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: |- - externalIPs is a list of IP addresses for which nodes in the cluster - will also accept traffic for this service. These IPs are not managed by - Kubernetes. The user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external load-balancers - that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: |- - externalName is the external reference that discovery mechanisms will - return as an alias for this service (e.g. a DNS CNAME record). No - proxying will be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - type: string - externalTrafficPolicy: - description: |- - externalTrafficPolicy describes how nodes distribute service traffic they - receive on one of the Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - the service in a way that assumes that external load balancers will take care - of balancing the service traffic between nodes, and so each node will deliver - traffic only to the node-local endpoints of the service, without masquerading - the client source IP. (Traffic mistakenly sent to a node with no endpoints will - be dropped.) The default value, "Cluster", uses the standard behavior of - routing to all endpoints evenly (possibly modified by topology and other - features). Note that traffic sent to an External IP or LoadBalancer IP from - within the cluster will always get "Cluster" semantics, but clients sending to - a NodePort from within the cluster may need to take traffic policy into account - when picking a node. - type: string - healthCheckNodePort: - description: |- - healthCheckNodePort specifies the healthcheck nodePort for the service. - This only applies when type is set to LoadBalancer and - externalTrafficPolicy is set to Local. If a value is specified, is - in-range, and is not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. load-balancers) - can use this port to determine if a given node holds endpoints for this - service or not. If this field is specified when creating a Service - which does not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing type). - This field cannot be updated once set. - format: int32 - type: integer - internalTrafficPolicy: - description: |- - InternalTrafficPolicy describes how nodes distribute service traffic they - receive on the ClusterIP. If set to "Local", the proxy will assume that pods - only want to talk to endpoints of the service on the same node as the pod, - dropping the traffic if there are no local endpoints. The default value, - "Cluster", uses the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - type: string - ipFamilies: - description: |- - IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this - service. This field is usually assigned automatically based on cluster - configuration and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise creation of - the service will fail. This field is conditionally mutable: it allows - for adding or removing a secondary IP family, but it does not allow - changing the primary IP family of the Service. Valid values are "IPv4" - and "IPv6". This field only applies to Services of types ClusterIP, - NodePort, and LoadBalancer, and does apply to "headless" services. - This field will be wiped when updating a Service to type ExternalName. - - - This field may hold a maximum of two entries (dual-stack families, in - either order). These families must correspond to the values of the - clusterIPs field, if specified. Both clusterIPs and ipFamilies are - governed by the ipFamilyPolicy field. - items: - description: |- - IPFamily represents the IP Family (IPv4 or IPv6). This type is used - to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: |- - IPFamilyPolicy represents the dual-stack-ness requested or required by - this Service. If there is no value provided, then this field will be set - to SingleStack. Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise fail). The - ipFamilies and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type ExternalName. - type: string - loadBalancerClass: - description: |- - loadBalancerClass is the class of the load balancer implementation this Service belongs to. - If specified, the value of this field must be a label-style identifier, with an optional prefix, - e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - balancer implementation is used, today this is typically done through the cloud provider integration, - but should apply for any default implementation. If set, it is assumed that a load balancer - implementation is watching for Services with a matching class. Any default load balancer - implementation (e.g. cloud providers) should ignore Services that set this field. - This field can only be set when creating or updating a Service to type 'LoadBalancer'. - Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: |- - Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider supports specifying - the loadBalancerIP when a load balancer is created. - This field will be ignored if the cloud-provider does not support the feature. - Deprecated: This field was under-specified and its meaning varies across implementations, - and it cannot support dual-stack. - As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. - This field may be removed in a future API version. - type: string - loadBalancerSourceRanges: - description: |- - If specified and supported by the platform, this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client IPs. This field will be ignored if the - cloud-provider does not support the feature." - More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - items: - type: string - type: array - ports: - description: |- - The list of ports that are exposed by this service. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - items: - description: ServicePort contains information on - service's port. - properties: - appProtocol: - description: |- - The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard service names (as per - RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such as - mycompany.com/my-custom-protocol. - type: string - name: - description: |- - The name of this port within the service. This must be a DNS_LABEL. - All ports within a ServiceSpec must have unique names. When considering - the endpoints for a Service, this must match the 'name' field in the - EndpointPort. - Optional if only one ServicePort is defined on this service. - type: string - nodePort: - description: |- - The port on each node on which this service is exposed when type is - NodePort or LoadBalancer. Usually assigned by the system. If a value is - specified, in-range, and not in use it will be used, otherwise the - operation will fail. If not specified, a port will be allocated if this - Service requires one. If this field is specified when creating a - Service which does not need it, creation will fail. This field will be - wiped when updating a Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). - More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - default: TCP - description: |- - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the pods targeted by the service. - Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named port in the - target Pod's container ports. If this is not specified, the value - of the 'port' field is used (an identity map). - This field is ignored for services with clusterIP=None, and should be - omitted or set equal to the 'port' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: |- - publishNotReadyAddresses indicates that any agent which deals with endpoints for this - Service should disregard any indications of ready/not-ready. - The primary use case for setting this field is for a StatefulSet's Headless Service to - propagate SRV DNS records for its Pods for the purpose of peer discovery. - The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - Services interpret this to mean that all endpoints are considered "ready" even if the - Pods themselves are not. Agents which consume only Kubernetes generated endpoints - through the Endpoints or EndpointSlice resources can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Route service traffic to pods with label keys and values matching this - selector. If empty or not present, the service is assumed to have an - external process managing its endpoints, which Kubernetes will not - modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/ - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: |- - Supports "ClientIP" and "None". Used to maintain session affinity. - Enable client IP based session affinity. - Must be ClientIP or None. - Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: |- - timeoutSeconds specifies the seconds of ClientIP type session sticky time. - The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - Default value is 10800(for 3 hours). - format: int32 - type: integer - type: object - type: object - type: - description: |- - type determines how the Service is exposed. Defaults to ClusterIP. Valid - options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - "ClusterIP" allocates a cluster-internal IP address for load-balancing - to endpoints. Endpoints are determined by the selector or if that is not - specified, by manual construction of an Endpoints object or - EndpointSlice objects. If clusterIP is "None", no virtual IP is - allocated and the endpoints are published as a set of endpoints rather - than a virtual IP. - "NodePort" builds on ClusterIP and allocates a port on every node which - routes to the same endpoints as the clusterIP. - "LoadBalancer" builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the same endpoints - as the clusterIP. - "ExternalName" aliases this service to the specified externalName. - Several other fields do not apply to ExternalName services. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: string - type: object - status: - description: |- - Most recently observed status of the service. - Populated by the system. - Read-only. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - conditions: - description: Current service state - items: - description: "Condition contains details for one - aspect of the current state of this API Resource.\n---\nThis - struct is intended for direct use as an array - at the field path .status.conditions. For example,\n\n\n\ttype - FooStatus struct{\n\t // Represents the observations - of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t - \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t - \ // +listType=map\n\t // +listMapKey=type\n\t - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of - True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - loadBalancer: - description: |- - LoadBalancer contains the current status of the load-balancer, - if one is present. - properties: - ingress: - description: |- - Ingress is a list containing ingress points for the load-balancer. - Traffic intended for the service should be sent to these ingress points. - items: - description: |- - LoadBalancerIngress represents the status of a load-balancer ingress point: - traffic intended for the service should be sent to an ingress point. - properties: - hostname: - description: |- - Hostname is set for load-balancer ingress points that are DNS based - (typically AWS load-balancers) - type: string - ip: - description: |- - IP is set for load-balancer ingress points that are IP based - (typically GCE or OpenStack load-balancers) - type: string - ports: - description: |- - Ports is a list of records of service ports - If used, every port defined in the service should have an entry in it - items: - properties: - error: - description: |- - Error is to record the problem with the service port - The format of the error shall comply with the following rules: - - built-in error values shall be specified in this file and those shall use - CamelCase names - - cloud provider specific error values must have names that comply with the - format foo.example.com/CamelCase. - --- - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number - of the service port of which status - is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: |- - Protocol is the protocol of the service port of which status is recorded here - The supported values are: "TCP", "UDP", "SCTP" - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - type: array - startUpProbe: - description: StartUpProbe - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds - format: int64 - type: integer - tolerations: - description: Tolerations Kubernetes native `tolerations` specification. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints Kubernetes Native `topologySpreadConstraints` - specification. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - - - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - - - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - - - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - - - If this value is nil, the behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - - - If this value is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - updateStrategy: - description: UpdateStrategy - properties: - rollingUpdate: - description: RollingUpdate is used to communicate parameters - when Type is RollingUpdateStatefulSetStrategyType. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage by rounding up. This can not be 0. - Defaults to 1. This field is alpha-level and is only honored by servers that enable the - MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to - Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it - will be counted towards MaxUnavailable. - x-kubernetes-int-or-string: true - partition: - description: |- - Partition indicates the ordinal at which the StatefulSet should be partitioned - for updates. During a rolling update, all pods from ordinal Replicas-1 to - Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. - This is helpful in being able to do a canary based deployment. The default value is 0. - format: int32 - type: integer - type: object - type: - description: |- - Type indicates the type of the StatefulSetUpdateStrategy. - Default is RollingUpdate. - type: string - type: object - volumeClaimTemplates: - description: VolumeClaimTemplates Kubernetes Native `volumeClaimTemplates` - specification. - items: - description: PersistentVolumeClaim is a user's request for - and claim to a persistent volume - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may - be larger than the actual capacity when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - If a volume expansion capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress and if the actual volume capacity - is equal or lower than the requested capacity. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "ResizeStarted" that means the underlying - persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - resizeStatus: - description: |- - resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty - string by resize controller or kubelet. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: string - type: object - type: object - type: array - volumeMounts: - description: VolumeMounts Kubernetes Native `volumeMounts` specification. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes Kubernetes Native `volumes` specification. - items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: |- - awsElasticBlockStore represents an AWS Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - format: int32 - type: integer - readOnly: - description: |- - readOnly value true will force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: boolean - volumeID: - description: |- - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk - in the blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the - blob storage - type: string - fsType: - description: |- - fsType is Filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single - blob disk per storage account Managed: azure managed - data disk (only in managed availability set). defaults - to shared' - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that - contains Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime - properties: - monitors: - description: |- - monitors is Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - items: - type: string - type: array - path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default is - /' - type: string - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: boolean - secretFile: - description: |- - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - secretRef: - description: |- - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is optional: User is the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - required: - - monitors - type: object - cinder: - description: |- - cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: boolean - secretRef: - description: |- - secretRef is optional: points to a secret object containing parameters used to connect - to OpenStack. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: |- - volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: |- - defaultMode is optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: - description: |- - driver is the name of the CSI driver that handles this volume. - Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: |- - fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated CSI driver - which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: |- - nodePublishSecretRef is a reference to the secret object containing - sensitive information to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no secret is required. If the - secret object contains more than one secret, all secret references are passed. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: |- - readOnly specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: |- - volumeAttributes stores driver-specific properties that are passed to the CSI - driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about - the pod that should populate this volume - properties: - defaultMode: - description: |- - Optional: mode bits to use on created files by default. Must be a - Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: Items is a list of downward API volume - file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' path. - Must be utf-8 encoded. The first item of the - relative path must not start with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: |- - emptyDir represents a temporary directory that shares a pod's lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - properties: - medium: - description: |- - medium represents what type of storage medium should back this directory. - The default is "" which means to use the node's default medium. - Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. - The size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would be the minimum value between - the SizeLimit specified here and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: |- - ephemeral represents a volume that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - and deleted when the pod is removed. - - - Use this if: - a) the volume is only needed while the pod runs, - b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, - c) the storage driver is specified through a storage class, and - d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - - Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. - - - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - be used that way - see the documentation of the driver for - more information. - - - A pod can use both types of ephemeral volumes and - persistent volumes at the same time. - properties: - volumeClaimTemplate: - description: |- - Will be used to create a stand-alone PVC to provision the volume. - The pod in which this EphemeralVolumeSource is embedded will be the - owner of the PVC, i.e. the PVC will be deleted together with the - pod. The name of the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` array - entry. Pod validation will reject the pod if the concatenated name - is not valid for a PVC (for example, too long). - - - An existing PVC with that name that is not owned by the pod - will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to updated with an - owner reference to the pod once the pod exists. Normally - this should not be necessary, but it may be useful when - manually reconstructing a broken cluster. - - - This field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. - - - Required, must not be nil. - properties: - metadata: - description: |- - May contain labels and annotations that will be copied into the PVC - when creating it. No other fields are allowed and will be rejected during - validation. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - The specification for the PersistentVolumeClaim. The entire content is - copied unchanged into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: |- - wwids Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - items: - type: string - type: array - type: object - flexVolume: - description: |- - flexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use - for this volume. - type: string - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds - extra command options if any.' - type: object - readOnly: - description: |- - readOnly is Optional: defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef is Optional: secretRef is reference to the secret object containing - sensitive information to pass to the plugin scripts. This may be - empty if no secret object is specified. If the secret object - contains more than one secret, all secrets are passed to the plugin - scripts. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: |- - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: |- - gcePersistentDisk represents a GCE Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - properties: - fsType: - description: |- - fsType is filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - format: int32 - type: integer - pdName: - description: |- - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: boolean - required: - - pdName - type: object - gitRepo: - description: |- - gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - into the Pod's container. - properties: - directory: - description: |- - directory is the target directory name. - Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - git repository. Otherwise, if specified, the volume will contain the git repository in - the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: |- - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md - properties: - endpoints: - description: |- - endpoints is the endpoint name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - path: - description: |- - path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - readOnly: - description: |- - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: |- - hostPath represents a pre-existing file or directory on the host - machine that is directly exposed to the container. This is generally - used for system agents or other privileged things that are allowed - to see the host machine. Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. - properties: - path: - description: |- - path of the directory on the host. - If the path is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - type: - description: |- - type for HostPath Volume - Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - required: - - path - type: object - iscsi: - description: |- - iscsi represents an ISCSI Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support - iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication - type: boolean - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - initiatorName: - description: |- - initiatorName is the custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: |- - iscsiInterface is the interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: |- - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI - target and initiator authentication - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: |- - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: |- - name of the volume. - Must be a DNS_LABEL and unique within the pod. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - nfs: - description: |- - nfs represents an NFS mount on the host that shares a pod's lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - properties: - path: - description: |- - path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - readOnly: - description: |- - readOnly here will force the NFS export to be mounted with read-only permissions. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: boolean - server: - description: |- - server is the hostname or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: |- - persistentVolumeClaimVolumeSource represents a reference to a - PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon - Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources - secrets, configmaps, and downward API - properties: - defaultMode: - description: |- - defaultMode are the mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along - with other supported volume types - properties: - configMap: - description: configMap information about the - configMap data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional specify whether the - ConfigMap or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the - downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a - field of the pod: only annotations, - labels, name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret - data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional field specify whether - the Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to project - properties: - audience: - description: |- - audience is the intended audience of the token. A recipient of a token - must identify itself with an identifier specified in the audience of the - token, and otherwise should reject the token. The audience defaults to the - identifier of the apiserver. - type: string - expirationSeconds: - description: |- - expirationSeconds is the requested duration of validity of the service - account token. As the token approaches expiration, the kubelet volume - plugin will proactively rotate the service account token. The kubelet will - start trying to rotate the token if the token is older than 80 percent of - its time to live or if the token is older than 24 hours.Defaults to 1 hour - and must be at least 10 minutes. - format: int64 - type: integer - path: - description: |- - path is the path relative to the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime - properties: - group: - description: |- - group to map volume access to - Default is no group - type: string - readOnly: - description: |- - readOnly here will force the Quobyte volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: |- - registry represents a single or multiple Quobyte Registry services - specified as a string as host:port pair (multiple entries are separated with commas) - which acts as the central registry for volumes - type: string - tenant: - description: |- - tenant owning the given Quobyte volume in the Backend - Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: |- - user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references an - already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: |- - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - image: - description: |- - image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - keyring: - description: |- - keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - monitors: - description: |- - monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - items: - type: string - type: array - pool: - description: |- - pool is the rados pool name. - Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: boolean - secretRef: - description: |- - secretRef is name of the authentication secret for RBDUser. If provided - overrides keyring. - Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is the rados user name. - Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef references to the secret for ScaleIO user and other - sensitive information. If this is not provided, Login operation will fail. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: |- - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool - associated with the protection domain. - type: string - system: - description: system is the name of the storage system - as configured in ScaleIO. - type: string - volumeName: - description: |- - volumeName is the name of a volume already created in the ScaleIO system - that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: |- - secret represents a secret that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - properties: - defaultMode: - description: |- - defaultMode is Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items If unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether the Secret - or its keys must be defined - type: boolean - secretName: - description: |- - secretName is the name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef specifies the secret to use for obtaining the StorageOS API - credentials. If not specified, default values will be attempted. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: |- - volumeName is the human-readable name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: |- - volumeNamespace specifies the scope of the volume within StorageOS. If no - namespace is specified then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default behaviour. - Set to "default" if you are not using namespaces within StorageOS. - Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy - Based Management (SPBM) profile ID associated with - the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy - Based Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - workloadAnnotations: - additionalProperties: - type: string - description: WorkloadAnnotations annotations to be populated - in StatefulSet or Deployment spec. - type: object - required: - - druid.port - - nodeConfigMountPath - - nodeType - - runtime.properties - type: object - description: |- - Nodes a list of `Druid` Node types and their configurations. - `DruidSpec` is used to create Kubernetes workload specs. Many of the fields above can be overridden at the specific - `NodeSpec` level. - type: object - podAnnotations: - additionalProperties: - type: string - description: PodAnnotations Custom annotations to be populated in - `Druid` pods. - type: object - podLabels: - additionalProperties: - type: string - description: PodLabels Custom labels to be populated in `Druid` pods. - type: object - podManagementPolicy: - default: Parallel - description: PodManagementPolicy - type: string - priorityClassName: - description: PriorityClassName Kubernetes native `priorityClassName` - specification. - type: string - readinessProbe: - description: |- - ReadinessProbe - Port is set to `druid.port` if not specified with httpGet handler. - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number must - be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - rollingDeploy: - default: true - description: |- - RollingDeploy Whether to deploy the components in a rolling update as described in the documentation: - https://druid.apache.org/docs/latest/operations/rolling-updates.html - If set to true then operator checks the rollout status of previous version workloads before updating the next. - This will be done only for update actions. - type: boolean - scalePvcSts: - default: false - description: ScalePvcSts When enabled, operator will allow volume - expansion of StatefulSet's PVCs. - type: boolean - securityContext: - description: PodSecurityContext - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - fsGroupChangePolicy: - description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. - type: string - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. - Note that this field cannot be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccount: - description: ServiceAccount - type: string - services: - description: Services Kubernetes services to be created for each workload. - items: - description: |- - Service is a named abstraction of software service (for example, mysql) consisting of local port - (for example 3306) that the proxy listens on, and the selector that determines which pods - will answer requests sent through the proxy. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - Spec defines the behavior of a service. - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - allocateLoadBalancerNodePorts: - description: |- - allocateLoadBalancerNodePorts defines if NodePorts will be automatically - allocated for services with type LoadBalancer. Default is "true". It - may be set to "false" if the cluster load-balancer does not rely on - NodePorts. If the caller requests specific NodePorts (by specifying a - value), those requests will be respected, regardless of this field. - This field may only be set for services with type LoadBalancer and will - be cleared if the type is changed to any other type. - type: boolean - clusterIP: - description: |- - clusterIP is the IP address of the service and is usually assigned - randomly. If an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated to the - service; otherwise creation of the service will fail. This field may not - be changed through updates unless the type field is also being changed - to ExternalName (which requires this field to be blank) or the type - field is being changed from ExternalName (in which case this field may - optionally be specified, as describe above). Valid values are "None", - empty string (""), or a valid IP address. Setting this to "None" makes a - "headless service" (no virtual IP), which is useful when direct endpoint - connections are preferred and proxying is not required. Only applies to - types ClusterIP, NodePort, and LoadBalancer. If this field is specified - when creating a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - type: string - clusterIPs: - description: |- - ClusterIPs is a list of IP addresses assigned to this service, and are - usually assigned randomly. If an address is specified manually, is - in-range (as per system configuration), and is not in use, it will be - allocated to the service; otherwise creation of the service will fail. - This field may not be changed through updates unless the type field is - also being changed to ExternalName (which requires this field to be - empty) or the type field is being changed from ExternalName (in which - case this field may optionally be specified, as describe above). Valid - values are "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual IP), which is - useful when direct endpoint connections are preferred and proxying is - not required. Only applies to types ClusterIP, NodePort, and - LoadBalancer. If this field is specified when creating a Service of type - ExternalName, creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not specified, it will - be initialized from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have the same - value. - - - This field may hold a maximum of two entries (dual-stack IPs, in either order). - These IPs must correspond to the values of the ipFamilies field. Both - clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: |- - externalIPs is a list of IP addresses for which nodes in the cluster - will also accept traffic for this service. These IPs are not managed by - Kubernetes. The user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external load-balancers - that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: |- - externalName is the external reference that discovery mechanisms will - return as an alias for this service (e.g. a DNS CNAME record). No - proxying will be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - type: string - externalTrafficPolicy: - description: |- - externalTrafficPolicy describes how nodes distribute service traffic they - receive on one of the Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - the service in a way that assumes that external load balancers will take care - of balancing the service traffic between nodes, and so each node will deliver - traffic only to the node-local endpoints of the service, without masquerading - the client source IP. (Traffic mistakenly sent to a node with no endpoints will - be dropped.) The default value, "Cluster", uses the standard behavior of - routing to all endpoints evenly (possibly modified by topology and other - features). Note that traffic sent to an External IP or LoadBalancer IP from - within the cluster will always get "Cluster" semantics, but clients sending to - a NodePort from within the cluster may need to take traffic policy into account - when picking a node. - type: string - healthCheckNodePort: - description: |- - healthCheckNodePort specifies the healthcheck nodePort for the service. - This only applies when type is set to LoadBalancer and - externalTrafficPolicy is set to Local. If a value is specified, is - in-range, and is not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. load-balancers) - can use this port to determine if a given node holds endpoints for this - service or not. If this field is specified when creating a Service - which does not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing type). - This field cannot be updated once set. - format: int32 - type: integer - internalTrafficPolicy: - description: |- - InternalTrafficPolicy describes how nodes distribute service traffic they - receive on the ClusterIP. If set to "Local", the proxy will assume that pods - only want to talk to endpoints of the service on the same node as the pod, - dropping the traffic if there are no local endpoints. The default value, - "Cluster", uses the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - type: string - ipFamilies: - description: |- - IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this - service. This field is usually assigned automatically based on cluster - configuration and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise creation of - the service will fail. This field is conditionally mutable: it allows - for adding or removing a secondary IP family, but it does not allow - changing the primary IP family of the Service. Valid values are "IPv4" - and "IPv6". This field only applies to Services of types ClusterIP, - NodePort, and LoadBalancer, and does apply to "headless" services. - This field will be wiped when updating a Service to type ExternalName. - - - This field may hold a maximum of two entries (dual-stack families, in - either order). These families must correspond to the values of the - clusterIPs field, if specified. Both clusterIPs and ipFamilies are - governed by the ipFamilyPolicy field. - items: - description: |- - IPFamily represents the IP Family (IPv4 or IPv6). This type is used - to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: |- - IPFamilyPolicy represents the dual-stack-ness requested or required by - this Service. If there is no value provided, then this field will be set - to SingleStack. Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise fail). The - ipFamilies and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type ExternalName. - type: string - loadBalancerClass: - description: |- - loadBalancerClass is the class of the load balancer implementation this Service belongs to. - If specified, the value of this field must be a label-style identifier, with an optional prefix, - e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - balancer implementation is used, today this is typically done through the cloud provider integration, - but should apply for any default implementation. If set, it is assumed that a load balancer - implementation is watching for Services with a matching class. Any default load balancer - implementation (e.g. cloud providers) should ignore Services that set this field. - This field can only be set when creating or updating a Service to type 'LoadBalancer'. - Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: |- - Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider supports specifying - the loadBalancerIP when a load balancer is created. - This field will be ignored if the cloud-provider does not support the feature. - Deprecated: This field was under-specified and its meaning varies across implementations, - and it cannot support dual-stack. - As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. - This field may be removed in a future API version. - type: string - loadBalancerSourceRanges: - description: |- - If specified and supported by the platform, this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client IPs. This field will be ignored if the - cloud-provider does not support the feature." - More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - items: - type: string - type: array - ports: - description: |- - The list of ports that are exposed by this service. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: |- - The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard service names (as per - RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such as - mycompany.com/my-custom-protocol. - type: string - name: - description: |- - The name of this port within the service. This must be a DNS_LABEL. - All ports within a ServiceSpec must have unique names. When considering - the endpoints for a Service, this must match the 'name' field in the - EndpointPort. - Optional if only one ServicePort is defined on this service. - type: string - nodePort: - description: |- - The port on each node on which this service is exposed when type is - NodePort or LoadBalancer. Usually assigned by the system. If a value is - specified, in-range, and not in use it will be used, otherwise the - operation will fail. If not specified, a port will be allocated if this - Service requires one. If this field is specified when creating a - Service which does not need it, creation will fail. This field will be - wiped when updating a Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). - More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: |- - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the pods targeted by the service. - Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named port in the - target Pod's container ports. If this is not specified, the value - of the 'port' field is used (an identity map). - This field is ignored for services with clusterIP=None, and should be - omitted or set equal to the 'port' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: |- - publishNotReadyAddresses indicates that any agent which deals with endpoints for this - Service should disregard any indications of ready/not-ready. - The primary use case for setting this field is for a StatefulSet's Headless Service to - propagate SRV DNS records for its Pods for the purpose of peer discovery. - The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - Services interpret this to mean that all endpoints are considered "ready" even if the - Pods themselves are not. Agents which consume only Kubernetes generated endpoints - through the Endpoints or EndpointSlice resources can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Route service traffic to pods with label keys and values matching this - selector. If empty or not present, the service is assumed to have an - external process managing its endpoints, which Kubernetes will not - modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/ - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: |- - Supports "ClientIP" and "None". Used to maintain session affinity. - Enable client IP based session affinity. - Must be ClientIP or None. - Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. - properties: - timeoutSeconds: - description: |- - timeoutSeconds specifies the seconds of ClientIP type session sticky time. - The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - Default value is 10800(for 3 hours). - format: int32 - type: integer - type: object - type: object - type: - description: |- - type determines how the Service is exposed. Defaults to ClusterIP. Valid - options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - "ClusterIP" allocates a cluster-internal IP address for load-balancing - to endpoints. Endpoints are determined by the selector or if that is not - specified, by manual construction of an Endpoints object or - EndpointSlice objects. If clusterIP is "None", no virtual IP is - allocated and the endpoints are published as a set of endpoints rather - than a virtual IP. - "NodePort" builds on ClusterIP and allocates a port on every node which - routes to the same endpoints as the clusterIP. - "LoadBalancer" builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the same endpoints - as the clusterIP. - "ExternalName" aliases this service to the specified externalName. - Several other fields do not apply to ExternalName services. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: string - type: object - status: - description: |- - Most recently observed status of the service. - Populated by the system. - Read-only. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - conditions: - description: Current service state - items: - description: "Condition contains details for one aspect - of the current state of this API Resource.\n---\nThis - struct is intended for direct use as an array at the - field path .status.conditions. For example,\n\n\n\ttype - FooStatus struct{\n\t // Represents the observations - of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t - \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t - \ // +listType=map\n\t // +listMapKey=type\n\t - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, - False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - loadBalancer: - description: |- - LoadBalancer contains the current status of the load-balancer, - if one is present. - properties: - ingress: - description: |- - Ingress is a list containing ingress points for the load-balancer. - Traffic intended for the service should be sent to these ingress points. - items: - description: |- - LoadBalancerIngress represents the status of a load-balancer ingress point: - traffic intended for the service should be sent to an ingress point. - properties: - hostname: - description: |- - Hostname is set for load-balancer ingress points that are DNS based - (typically AWS load-balancers) - type: string - ip: - description: |- - IP is set for load-balancer ingress points that are IP based - (typically GCE or OpenStack load-balancers) - type: string - ports: - description: |- - Ports is a list of records of service ports - If used, every port defined in the service should have an entry in it - items: - properties: - error: - description: |- - Error is to record the problem with the service port - The format of the error shall comply with the following rules: - - built-in error values shall be specified in this file and those shall use - CamelCase names - - cloud provider specific error values must have names that comply with the - format foo.example.com/CamelCase. - --- - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of - the service port of which status is recorded - here - format: int32 - type: integer - protocol: - default: TCP - description: |- - Protocol is the protocol of the service port of which status is recorded here - The supported values are: "TCP", "UDP", "SCTP" - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - type: array - startScript: - default: /druid.sh - description: StartScript Path to Druid's start script to be run on - start. - type: string - startUpProbe: - description: StartUpProbe - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number must - be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - tolerations: - description: Tolerations Kubernetes native `tolerations` specification. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - updateStrategy: - description: UpdateStrategy - properties: - rollingUpdate: - description: RollingUpdate is used to communicate parameters when - Type is RollingUpdateStatefulSetStrategyType. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage by rounding up. This can not be 0. - Defaults to 1. This field is alpha-level and is only honored by servers that enable the - MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to - Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it - will be counted towards MaxUnavailable. - x-kubernetes-int-or-string: true - partition: - description: |- - Partition indicates the ordinal at which the StatefulSet should be partitioned - for updates. During a rolling update, all pods from ordinal Replicas-1 to - Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. - This is helpful in being able to do a canary based deployment. The default value is 0. - format: int32 - type: integer - type: object - type: - description: |- - Type indicates the type of the StatefulSetUpdateStrategy. - Default is RollingUpdate. - type: string - type: object - volumeClaimTemplates: - description: VolumeClaimTemplates Kubernetes Native `VolumeClaimTemplate` - specification. - items: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may - be larger than the actual capacity when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - If a volume expansion capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress and if the actual volume capacity - is equal or lower than the requested capacity. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources of - the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contains details - about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed the - condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "ResizeStarted" that means the underlying - persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType is - a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: phase represents the current phase of PersistentVolumeClaim. - type: string - resizeStatus: - description: |- - resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty - string by resize controller or kubelet. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: string - type: object - type: object - type: array - volumeMounts: - description: VolumeMounts Kubernetes Native `VolumeMount` specification. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes Kubernetes Native `Volumes` specification. - items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: |- - awsElasticBlockStore represents an AWS Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - format: int32 - type: integer - readOnly: - description: |- - readOnly value true will force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: boolean - volumeID: - description: |- - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk in the - blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the blob - storage - type: string - fsType: - description: |- - fsType is Filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime - properties: - monitors: - description: |- - monitors is Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - items: - type: string - type: array - path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' - type: string - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: boolean - secretFile: - description: |- - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - secretRef: - description: |- - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is optional: User is the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - required: - - monitors - type: object - cinder: - description: |- - cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: boolean - secretRef: - description: |- - secretRef is optional: points to a secret object containing parameters used to connect - to OpenStack. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: |- - volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: |- - defaultMode is optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). - properties: - driver: - description: |- - driver is the name of the CSI driver that handles this volume. - Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: |- - fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated CSI driver - which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: |- - nodePublishSecretRef is a reference to the secret object containing - sensitive information to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no secret is required. If the - secret object contains more than one secret, all secret references are passed. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: |- - readOnly specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: |- - volumeAttributes stores driver-specific properties that are passed to the CSI - driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: |- - Optional: mode bits to use on created files by default. Must be a - Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: |- - emptyDir represents a temporary directory that shares a pod's lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - properties: - medium: - description: |- - medium represents what type of storage medium should back this directory. - The default is "" which means to use the node's default medium. - Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. - The size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would be the minimum value between - the SizeLimit specified here and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: |- - ephemeral represents a volume that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - and deleted when the pod is removed. - - - Use this if: - a) the volume is only needed while the pod runs, - b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, - c) the storage driver is specified through a storage class, and - d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - - Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. - - - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - be used that way - see the documentation of the driver for - more information. - - - A pod can use both types of ephemeral volumes and - persistent volumes at the same time. - properties: - volumeClaimTemplate: - description: |- - Will be used to create a stand-alone PVC to provision the volume. - The pod in which this EphemeralVolumeSource is embedded will be the - owner of the PVC, i.e. the PVC will be deleted together with the - pod. The name of the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` array - entry. Pod validation will reject the pod if the concatenated name - is not valid for a PVC (for example, too long). - - - An existing PVC with that name that is not owned by the pod - will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to updated with an - owner reference to the pod once the pod exists. Normally - this should not be necessary, but it may be useful when - manually reconstructing a broken cluster. - - - This field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. - - - Required, must not be nil. - properties: - metadata: - description: |- - May contain labels and annotations that will be copied into the PVC - when creating it. No other fields are allowed and will be rejected during - validation. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - The specification for the PersistentVolumeClaim. The entire content is - copied unchanged into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: |- - wwids Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - items: - type: string - type: array - type: object - flexVolume: - description: |- - flexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use for - this volume. - type: string - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds extra - command options if any.' - type: object - readOnly: - description: |- - readOnly is Optional: defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef is Optional: secretRef is reference to the secret object containing - sensitive information to pass to the plugin scripts. This may be - empty if no secret object is specified. If the secret object - contains more than one secret, all secrets are passed to the plugin - scripts. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: |- - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: |- - gcePersistentDisk represents a GCE Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - properties: - fsType: - description: |- - fsType is filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - format: int32 - type: integer - pdName: - description: |- - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: boolean - required: - - pdName - type: object - gitRepo: - description: |- - gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - into the Pod's container. - properties: - directory: - description: |- - directory is the target directory name. - Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - git repository. Otherwise, if specified, the volume will contain the git repository in - the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: |- - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md - properties: - endpoints: - description: |- - endpoints is the endpoint name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - path: - description: |- - path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - readOnly: - description: |- - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: |- - hostPath represents a pre-existing file or directory on the host - machine that is directly exposed to the container. This is generally - used for system agents or other privileged things that are allowed - to see the host machine. Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. - properties: - path: - description: |- - path of the directory on the host. - If the path is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - type: - description: |- - type for HostPath Volume - Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - required: - - path - type: object - iscsi: - description: |- - iscsi represents an ISCSI Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - initiatorName: - description: |- - initiatorName is the custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: |- - iscsiInterface is the interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: |- - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: |- - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: |- - name of the volume. - Must be a DNS_LABEL and unique within the pod. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - nfs: - description: |- - nfs represents an NFS mount on the host that shares a pod's lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - properties: - path: - description: |- - path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - readOnly: - description: |- - readOnly here will force the NFS export to be mounted with read-only permissions. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: boolean - server: - description: |- - server is the hostname or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: |- - persistentVolumeClaimVolumeSource represents a reference to a - PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: |- - fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: |- - defaultMode are the mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along with - other supported volume types - properties: - configMap: - description: configMap information about the configMap - data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI - data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret data - to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional field specify whether the - Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project - properties: - audience: - description: |- - audience is the intended audience of the token. A recipient of a token - must identify itself with an identifier specified in the audience of the - token, and otherwise should reject the token. The audience defaults to the - identifier of the apiserver. - type: string - expirationSeconds: - description: |- - expirationSeconds is the requested duration of validity of the service - account token. As the token approaches expiration, the kubelet volume - plugin will proactively rotate the service account token. The kubelet will - start trying to rotate the token if the token is older than 80 percent of - its time to live or if the token is older than 24 hours.Defaults to 1 hour - and must be at least 10 minutes. - format: int64 - type: integer - path: - description: |- - path is the path relative to the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: |- - group to map volume access to - Default is no group - type: string - readOnly: - description: |- - readOnly here will force the Quobyte volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: |- - registry represents a single or multiple Quobyte Registry services - specified as a string as host:port pair (multiple entries are separated with commas) - which acts as the central registry for volumes - type: string - tenant: - description: |- - tenant owning the given Quobyte volume in the Backend - Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: |- - user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: |- - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - image: - description: |- - image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - keyring: - description: |- - keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - monitors: - description: |- - monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - items: - type: string - type: array - pool: - description: |- - pool is the rados pool name. - Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: boolean - secretRef: - description: |- - secretRef is name of the authentication secret for RBDUser. If provided - overrides keyring. - Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is the rados user name. - Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef references to the secret for ScaleIO user and other - sensitive information. If this is not provided, Login operation will fail. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: |- - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. - type: string - system: - description: system is the name of the storage system as - configured in ScaleIO. - type: string - volumeName: - description: |- - volumeName is the name of a volume already created in the ScaleIO system - that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: |- - secret represents a secret that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - properties: - defaultMode: - description: |- - defaultMode is Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items If unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether the Secret or - its keys must be defined - type: boolean - secretName: - description: |- - secretName is the name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef specifies the secret to use for obtaining the StorageOS API - credentials. If not specified, default values will be attempted. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: |- - volumeName is the human-readable name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: |- - volumeNamespace specifies the scope of the volume within StorageOS. If no - namespace is specified then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default behaviour. - Set to "default" if you are not using namespaces within StorageOS. - Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - workloadAnnotations: - additionalProperties: - type: string - description: |- - WorkloadAnnotations annotations to be populated in StatefulSet or Deployment spec. - if the same key is specified at both the DruidNodeSpec level and DruidSpec level, the DruidNodeSpec WorkloadAnnotations will take precedence. - type: object - zookeeper: - description: 'Zookeeper IGNORED (Future API): In order to make Druid - dependency setup extensible from within Druid operator.' - properties: - spec: - description: |- - RawMessage is a raw encoded JSON value. - It implements [Marshaler] and [Unmarshaler] and can - be used to delay JSON decoding or precompute a JSON encoding. - format: byte - type: string - type: - type: string - required: - - spec - - type - type: object - required: - - common.runtime.properties - - nodes - type: object - status: - description: DruidClusterStatus Defines the observed state of Druid. - properties: - configMaps: - items: - type: string - type: array - deployments: - items: - type: string - type: array - druidNodeStatus: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - properties: - druidNode: - type: string - druidNodeConditionStatus: - type: string - druidNodeConditionType: - type: string - reason: - type: string - type: object - hpAutoscalers: - items: - type: string - type: array - ingress: - items: - type: string - type: array - persistentVolumeClaims: - items: - type: string - type: array - podDisruptionBudgets: - items: - type: string - type: array - pods: - items: - type: string - type: array - services: - items: - type: string - type: array - statefulSets: - items: - type: string - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/druid-operator/chart/templates/NOTES.txt b/druid-operator/chart/templates/NOTES.txt deleted file mode 100644 index 9de3813f9617..000000000000 --- a/druid-operator/chart/templates/NOTES.txt +++ /dev/null @@ -1,17 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- - -Refer to https://github.com/datainfrahq/druid-operator/blob/master/docs/README.md to get started. diff --git a/druid-operator/chart/templates/_helpers.tpl b/druid-operator/chart/templates/_helpers.tpl deleted file mode 100644 index 41852abe3103..000000000000 --- a/druid-operator/chart/templates/_helpers.tpl +++ /dev/null @@ -1,69 +0,0 @@ -{{/* -Licensed to the Apache Software Foundation (ASF) under one or more -contributor license agreements. See the NOTICE file distributed with -this work for additional information regarding copyright ownership. -The ASF licenses this file to You under the Apache License, Version 2.0 -(the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -------------------------------------------------------------------------- -*/}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "druid-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "druid-operator.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "druid-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "druid-operator.labels" -}} -helm.sh/chart: {{ include "druid-operator.chart" . }} -{{ include "druid-operator.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "druid-operator.selectorLabels" -}} -app.kubernetes.io/name: {{ include "druid-operator.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/druid-operator/chart/templates/deployment.yaml b/druid-operator/chart/templates/deployment.yaml deleted file mode 100644 index 5eb8c387b4cf..000000000000 --- a/druid-operator/chart/templates/deployment.yaml +++ /dev/null @@ -1,121 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - {{- include "druid-operator.labels" . | nindent 4 }} - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - control-plane: controller-manager - name: {{ include "druid-operator.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - {{- include "druid-operator.selectorLabels" . | nindent 6 }} - control-plane: controller-manager - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "druid-operator.selectorLabels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - control-plane: controller-manager - spec: - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=0 - image: "{{ .Values.kube_rbac_proxy.image.repository }}:{{ .Values.kube_rbac_proxy.image.tag }}" - imagePullPolicy: {{ .Values.kube_rbac_proxy.image.pullPolicy }} - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - env: - {{- range $key, $value := .Values.env }} - - name: {{ $key }} - value: {{ tpl $value $ | quote }} - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - command: - - /manager - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- with .Values.livenessProbe }} - livenessProbe: - {{ toYaml . | nindent 12 }} - {{- end }} - name: manager - {{- with .Values.readinessProbe }} - readinessProbe: - {{ toYaml . | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - serviceAccountName: {{ include "druid-operator.fullname" . }} - terminationGracePeriodSeconds: 10 diff --git a/druid-operator/chart/templates/rbac_leader_election.yaml b/druid-operator/chart/templates/rbac_leader_election.yaml deleted file mode 100644 index 89c6bd61c509..000000000000 --- a/druid-operator/chart/templates/rbac_leader_election.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - {{- include "druid-operator.labels" . | nindent 4 }} - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - name: {{ include "druid-operator.fullname" . }}-leader-election-role - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "druid-operator.labels" . | nindent 4 }} - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - name: {{ include "druid-operator.fullname" . }}-leader-election-rolebinding - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "druid-operator.fullname" . }}-leader-election-role -subjects: - - kind: ServiceAccount - name: {{ include "druid-operator.fullname" . }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/druid-operator/chart/templates/rbac_manager.yaml b/druid-operator/chart/templates/rbac_manager.yaml deleted file mode 100644 index 1abe719ad5b5..000000000000 --- a/druid-operator/chart/templates/rbac_manager.yaml +++ /dev/null @@ -1,427 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -{{- $env := .Values.env }} -{{- if and ($env.WATCH_NAMESPACE) (ne $env.WATCH_NAMESPACE "default") }} -# Split WATCH_NAMESPACE by commas and loop on them -{{- $watchedNamespaces := (split "," $env.WATCH_NAMESPACE) -}} -{{- range $watchedNamespaces }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: {{ . }} - name: {{ template "druid-operator.fullname" $ }} - labels: - {{- include "druid-operator.labels" $ | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - druid.apache.org - resources: - - druids - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - druid.apache.org - resources: - - druids/status - verbs: - - get - - patch - - update -- apiGroups: - - druid.apache.org - resources: - - druidingestions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - druid.apache.org - resources: - - druidingestions/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list -{{- end }} -{{- end }} - ---- -{{- if .Values.global.createClusterRole }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: {{ include "druid-operator.fullname" . }}-manager-role -rules: -{{- if and ($env.WATCH_NAMESPACE) (ne $env.WATCH_NAMESPACE "default") }} -{{- else }} -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - druid.apache.org - resources: - - druids - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - druid.apache.org - resources: - - druids/status - verbs: - - get - - patch - - update -- apiGroups: - - druid.apache.org - resources: - - druidingestions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - druid.apache.org - resources: - - druidingestions/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -{{- end }} -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch -{{- end }} - -{{- $operatorName := (include "druid-operator.fullname" .) -}} -{{- if and ($env.WATCH_NAMESPACE) (ne $env.WATCH_NAMESPACE "default") }} -# Split WATCH_NAMESPACE by commas and loop on them -{{- $watchedNamespaces := (split "," $env.WATCH_NAMESPACE) -}} -{{- range $watchedNamespaces }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - namespace: {{ . }} - name: {{ $operatorName }} - labels: - {{- include "druid-operator.labels" $ | nindent 4 }} -subjects: - - kind: ServiceAccount - name: {{ include "druid-operator.fullname" $ }} - namespace: {{ $.Release.Namespace }} -roleRef: - kind: Role - name: {{ $operatorName }} - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} ---- -{{- if .Values.global.createClusterRole }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "druid-operator.labels" . | nindent 4 }} - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - name: {{ include "druid-operator.fullname" . }}-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "druid-operator.fullname" . }}-manager-role -subjects: - - kind: ServiceAccount - name: {{ include "druid-operator.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/druid-operator/chart/templates/rbac_metrics.yaml b/druid-operator/chart/templates/rbac_metrics.yaml deleted file mode 100644 index 59d12f4f4a99..000000000000 --- a/druid-operator/chart/templates/rbac_metrics.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -{{- if .Values.global.createClusterRole }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "druid-operator.labels" . | nindent 4 }} - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - name: {{ include "druid-operator.fullname" . }}-metrics-reader -rules: - - nonResourceURLs: - - /metrics - verbs: - - get -{{- end }} diff --git a/druid-operator/chart/templates/rbac_proxy.yaml b/druid-operator/chart/templates/rbac_proxy.yaml deleted file mode 100644 index d2b1f4a9eb12..000000000000 --- a/druid-operator/chart/templates/rbac_proxy.yaml +++ /dev/null @@ -1,58 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -{{- if .Values.global.createClusterRole }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "druid-operator.labels" . | nindent 4 }} - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - name: {{ include "druid-operator.fullname" . }}-proxy-role -rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "druid-operator.labels" . | nindent 4 }} - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - name: {{ include "druid-operator.fullname" . }}-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "druid-operator.fullname" . }}-proxy-role -subjects: - - kind: ServiceAccount - name: {{ include "druid-operator.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/druid-operator/chart/templates/service.yaml b/druid-operator/chart/templates/service.yaml deleted file mode 100644 index 9798fb8a883f..000000000000 --- a/druid-operator/chart/templates/service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -apiVersion: v1 -kind: Service -metadata: - labels: - {{- include "druid-operator.labels" . | nindent 4 }} - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - control-plane: controller-manager - name: {{ include "druid-operator.fullname" . }}-metrics-service - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager diff --git a/druid-operator/chart/templates/service_account.yaml b/druid-operator/chart/templates/service_account.yaml deleted file mode 100644 index 88a77f2f31e9..000000000000 --- a/druid-operator/chart/templates/service_account.yaml +++ /dev/null @@ -1,30 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "druid-operator.labels" . | nindent 4 }} - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - name: {{ include "druid-operator.fullname" . }} - namespace: {{ .Release.Namespace }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} diff --git a/druid-operator/chart/values.yaml b/druid-operator/chart/values.yaml deleted file mode 100644 index 751e4172e224..000000000000 --- a/druid-operator/chart/values.yaml +++ /dev/null @@ -1,116 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# Default values for druid-operator. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -global: - createClusterRole: true - -env: - DENY_LIST: "default,kube-system" # Comma-separated list of namespaces to ignore - RECONCILE_WAIT: "10s" # Reconciliation delay - WATCH_NAMESPACE: "" # Namespace to watch or empty string to watch all namespaces, To watch multiple namespaces add , into string. Ex: WATCH_NAMESPACE: "ns1,ns2,ns3" - #MAX_CONCURRENT_RECONCILES:: "" # MaxConcurrentReconciles is the maximum number of concurrent Reconciles which can be run. - -replicaCount: 1 - -image: - repository: datainfrahq/druid-operator - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -kube_rbac_proxy: - image: - repository: gcr.io/kubebuilder/kube-rbac-proxy - pullPolicy: IfNotPresent - tag: "v0.13.1" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - -readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - -serviceAccount: - # Annotations to add to the service account - annotations: - kubectl.kubernetes.io/default-container: manager - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "druid-operator-controller-manager" - -podAnnotations: {} - -podLabels: {} - -podSecurityContext: - runAsNonRoot: true - fsGroup: 65532 - runAsUser: 65532 - runAsGroup: 65532 - -securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - -resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - -nodeSelector: {} - -tolerations: [] - -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - ppc64le - - s390x - - key: kubernetes.io/os - operator: In - values: - - linux - -crd: - enabled: true - keep: true diff --git a/druid-operator/config/crd/bases/druid.apache.org_druidingestions.yaml b/druid-operator/config/crd/bases/druid.apache.org_druidingestions.yaml deleted file mode 100644 index 6bf076d93874..000000000000 --- a/druid-operator/config/crd/bases/druid.apache.org_druidingestions.yaml +++ /dev/null @@ -1,165 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: druidingestions.druid.apache.org -spec: - group: druid.apache.org - names: - kind: DruidIngestion - listKind: DruidIngestionList - plural: druidingestions - singular: druidingestion - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .spec.ingestionSpec.type - name: Type - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Ingestion is the Schema for the Ingestion API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - auth: - properties: - passwordKey: - description: PasswordKey specifies the key within the Kubernetes - secret that contains the password for authentication. - type: string - secretRef: - description: |- - SecretReference represents a Secret Reference. It has enough information to retrieve secret - in any namespace - properties: - name: - description: name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: namespace defines the space within which the - secret name must be unique. - type: string - type: object - x-kubernetes-map-type: atomic - type: - type: string - usernameKey: - description: UsernameKey specifies the key within the Kubernetes - secret that contains the username for authentication. - type: string - required: - - secretRef - - type - type: object - druidCluster: - type: string - ingestion: - properties: - compaction: - type: object - x-kubernetes-preserve-unknown-fields: true - nativeSpec: - description: |- - nativeSpec allows the ingestion specification to be defined in a native Kubernetes format. - This is particularly useful for environment-specific configurations and will eventually - replace the JSON-based Spec field. - Note: Spec will be ignored if nativeSpec is provided. - type: object - x-kubernetes-preserve-unknown-fields: true - rules: - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - spec: - description: |- - Spec should be passed in as a JSON string. - Note: This field is planned for deprecation in favor of nativeSpec. - type: string - type: - type: string - required: - - type - type: object - suspend: - type: boolean - required: - - druidCluster - - ingestion - type: object - status: - properties: - currentIngestionSpec.json: - description: |- - CurrentIngestionSpec is a string instead of RawExtension to maintain compatibility with existing - IngestionSpecs that are stored as JSON strings. - type: string - lastUpdateTime: - format: date-time - type: string - message: - type: string - reason: - type: string - rules: - items: - type: object - x-kubernetes-preserve-unknown-fields: true - type: array - status: - type: string - taskId: - type: string - type: - type: string - required: - - currentIngestionSpec.json - - taskId - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/druid-operator/config/crd/bases/druid.apache.org_druids.yaml b/druid-operator/config/crd/bases/druid.apache.org_druids.yaml deleted file mode 100644 index fdde9d6c604c..000000000000 --- a/druid-operator/config/crd/bases/druid.apache.org_druids.yaml +++ /dev/null @@ -1,12064 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.14.0 - name: druids.druid.apache.org -spec: - group: druid.apache.org - names: - kind: Druid - listKind: DruidList - plural: druids - singular: druid - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Druid is the Schema for the druids API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: DruidSpec defines the desired state of the Druid cluster. - properties: - additionalContainer: - description: AdditionalContainer defines additional sidecar containers - to be deployed with the `Druid` pods. - items: - description: |- - AdditionalContainer defines additional sidecar containers to be deployed with the `Druid` pods. - (will be part of Kubernetes native in the future: - https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/753-sidecar-containers/README.md#summary). - properties: - args: - description: Args Arguments to call the command. - items: - type: string - type: array - command: - description: Command command for the additional container. - items: - type: string - type: array - containerName: - description: ContainerName name of the additional container. - type: string - env: - description: Env Environment variables for the additional container. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: EnvFrom Extra environment variables from remote - source (ConfigMaps, Secrets...). - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: Image Image of the additional container. - type: string - imagePullPolicy: - description: ImagePullPolicy If not present, will be taken from - top level spec. - type: string - resources: - description: Resources Kubernetes Native `resources` specification. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - runAsInit: - description: RunAsInit indicate whether this should be an init - container. - type: boolean - securityContext: - description: ContainerSecurityContext If not present, will be - taken from top level pod. - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - volumeMounts: - description: VolumeMounts Kubernetes Native `VolumeMount` specification. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - required: - - command - - containerName - - image - type: object - type: array - affinity: - description: Affinity Kubernetes native `affinity` specification. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - auth: - properties: - passwordKey: - description: PasswordKey specifies the key within the Kubernetes - secret that contains the password for authentication. - type: string - secretRef: - description: |- - SecretReference represents a Secret Reference. It has enough information to retrieve secret - in any namespace - properties: - name: - description: name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: namespace defines the space within which the - secret name must be unique. - type: string - type: object - x-kubernetes-map-type: atomic - type: - type: string - usernameKey: - description: UsernameKey specifies the key within the Kubernetes - secret that contains the username for authentication. - type: string - required: - - secretRef - - type - type: object - common.runtime.properties: - description: CommonRuntimeProperties Content fo the `common.runtime.properties` - configuration file. - type: string - commonConfigMountPath: - default: /opt/druid/conf/druid/cluster/_common - description: CommonConfigMountPath In-container directory to mount - the Druid common configuration - type: string - containerSecurityContext: - description: ContainerSecurityContext - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - core-site.xml: - description: CoreSite Contents of `core-site.xml`. - type: string - deepStorage: - description: 'DeepStorage IGNORED (Future API): In order to make Druid - dependency setup extensible from within Druid operator.' - properties: - spec: - description: |- - RawMessage is a raw encoded JSON value. - It implements [Marshaler] and [Unmarshaler] and can - be used to delay JSON decoding or precompute a JSON encoding. - format: byte - type: string - type: - type: string - required: - - spec - - type - type: object - defaultProbes: - default: true - description: |- - DefaultProbes If set to true this will add default probes (liveness / readiness / startup) for all druid components - but it won't override existing probes - type: boolean - deleteOrphanPvc: - default: true - description: DeleteOrphanPvc Orphaned (unmounted PVCs) shall be cleaned - up by the operator. - type: boolean - disablePVCDeletionFinalizer: - default: false - description: DisablePVCDeletionFinalizer Whether PVCs shall be deleted - on the deletion of the Druid cluster. - type: boolean - dnsConfig: - description: See v1.PodDNSConfig for more details. - properties: - nameservers: - description: |- - A list of DNS name server IP addresses. - This will be appended to the base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. - items: - type: string - type: array - options: - description: |- - A list of DNS resolver options. - This will be merged with the base options generated from DNSPolicy. - Duplicated entries will be removed. Resolution options given in Options - will override those that appear in the base DNSPolicy. - items: - description: PodDNSConfigOption defines DNS resolver options - of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: |- - A list of DNS search domains for host-name lookup. - This will be appended to the base search paths generated from DNSPolicy. - Duplicated search paths will be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: See v1.DNSPolicy for more details. - type: string - dynamicConfig: - description: Dynamic Configurations for Druid. Applied through the - dynamic configuration API. - type: object - x-kubernetes-preserve-unknown-fields: true - env: - description: Env Environment variables for druid containers. - items: - description: EnvVar represents an environment variable present in - a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: EnvFrom Extra environment variables from remote source - (ConfigMaps, Secrets...). - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - extraCommonConfig: - description: |- - ExtraCommonConfig References to ConfigMaps holding more configuration files to mount to the - common configuration path. - items: - description: |- - ObjectReference contains enough information to let you inspect or modify the referred object. - --- - New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. - 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. - 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular - restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". - Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. - 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity - during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple - and the version of the actual struct is irrelevant. - 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. - - - Instead of using this type, create a locally provided and used type that is well-focused on your reference. - For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: |- - If referring to a piece of an object instead of an entire object, this string - should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within a pod, this would take on a value like: - "spec.containers{name}" (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" (container with - index 2 in this pod). This syntax is chosen only to have some well-defined way of - referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. - type: string - kind: - description: |- - Kind of the referent. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - namespace: - description: |- - Namespace of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ - type: string - resourceVersion: - description: |- - Specific resourceVersion to which this reference is made, if any. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency - type: string - uid: - description: |- - UID of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids - type: string - type: object - x-kubernetes-map-type: atomic - type: array - forceDeleteStsPodOnError: - default: true - description: |- - ForceDeleteStsPodOnError Delete the StatefulSet's pods if the StatefulSet is set to ordered ready. - issue: https://github.com/kubernetes/kubernetes/issues/67250 - doc: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#forced-rollback - type: boolean - hdfs-site.xml: - description: HdfsSite Contents of `hdfs-site.xml`. - type: string - ignored: - default: false - description: |- - Ignored is now deprecated API. In order to avoid reconciliation of objects use the - `druid.apache.org/ignored: "true"` annotation. - type: boolean - image: - description: Image Required here or at the NodeSpec level. - type: string - imagePullPolicy: - default: IfNotPresent - description: ImagePullPolicy - type: string - imagePullSecrets: - description: ImagePullSecrets - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - type: array - jvm.options: - description: JvmOptions Contents of the shared `jvm.options` configuration - file for druid JVM processes. - type: string - livenessProbe: - description: |- - LivenessProbe - Port is set to `druid.port` if not specified with httpGet handler. - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number must - be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - log4j.config: - description: Log4jConfig contents `log4j.config` configuration file. - type: string - metadataStore: - description: 'MetadataStore IGNORED (Future API): In order to make - Druid dependency setup extensible from within Druid operator.' - properties: - spec: - description: |- - RawMessage is a raw encoded JSON value. - It implements [Marshaler] and [Unmarshaler] and can - be used to delay JSON decoding or precompute a JSON encoding. - format: byte - type: string - type: - type: string - required: - - spec - - type - type: object - metricDimensions.json: - description: |- - DimensionsMapPath Custom Dimension Map Path for statsd emitter. - stastd documentation is described in the following documentation: - https://druid.apache.org/docs/latest/development/extensions-contrib/statsd.html - type: string - nodeSelector: - additionalProperties: - type: string - description: NodeSelector Kubernetes native `nodeSelector` specification. - type: object - nodes: - additionalProperties: - description: |- - DruidNodeSpec Specification of `Druid` Node type and its configurations. - The key in following map can be arbitrary string that helps you identify resources for a specific nodeSpec. - It is used in the Kubernetes resources' names, so it must be compliant with restrictions - placed on Kubernetes resource names: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/ - properties: - additionalContainer: - description: Operator deploys the sidecar container based on - these properties. - items: - description: |- - AdditionalContainer defines additional sidecar containers to be deployed with the `Druid` pods. - (will be part of Kubernetes native in the future: - https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/753-sidecar-containers/README.md#summary). - properties: - args: - description: Args Arguments to call the command. - items: - type: string - type: array - command: - description: Command command for the additional container. - items: - type: string - type: array - containerName: - description: ContainerName name of the additional container. - type: string - env: - description: Env Environment variables for the additional - container. - items: - description: EnvVar represents an environment variable - present in a Container. - properties: - name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's - value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the - pod's namespace - properties: - key: - description: The key of the secret to select - from. Must be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret - or its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: EnvFrom Extra environment variables from - remote source (ConfigMaps, Secrets...). - items: - description: EnvFromSource represents the source of - a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to - each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret must - be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: Image Image of the additional container. - type: string - imagePullPolicy: - description: ImagePullPolicy If not present, will be taken - from top level spec. - type: string - resources: - description: Resources Kubernetes Native `resources` specification. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - runAsInit: - description: RunAsInit indicate whether this should be - an init container. - type: boolean - securityContext: - description: ContainerSecurityContext If not present, - will be taken from top level pod. - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that - applies to the container. - type: string - role: - description: Role is a SELinux role label that - applies to the container. - type: string - type: - description: Type is a SELinux type label that - applies to the container. - type: string - user: - description: User is a SELinux user label that - applies to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name - of the GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - volumeMounts: - description: VolumeMounts Kubernetes Native `VolumeMount` - specification. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - required: - - command - - containerName - - image - type: object - type: array - affinity: - description: Affinity Kubernetes native `affinity` specification. - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: |- - An empty preferred scheduling term matches all objects with implicit weight 0 - (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range - 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an update), the system - may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: |- - A null or empty node selector term matches no objects. The requirements of - them are ANDed. - The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: |- - A node selector requirement is a selector that contains values, a key, and an operator - that relates the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: |- - Represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: |- - An array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator is Gt or Lt, the values - array must have a single element, which will be interpreted as an integer. - This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: |- - The scheduler will prefer to schedule pods to nodes that satisfy - the anti-affinity expressions specified by this field, but it may choose - a node that violates one or more of the expressions. The node that is - most preferred is the one with the greatest sum of weights, i.e. - for each node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field and adding - "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: |- - weight associated with matching the corresponding podAffinityTerm, - in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: |- - If the anti-affinity requirements specified by this field are not met at - scheduling time, the pod will not be scheduled onto the node. - If the anti-affinity requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a pod label update), the - system may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding to each - podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: |- - Defines a set of pods (namely those matching the labelSelector - relative to the given namespace(s)) that this pod should be - co-located (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node whose value of - the label with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: |- - A label query over the set of namespaces that the term applies to. - The term is applied to the union of the namespaces selected by this field - and the ones listed in the namespaces field. - null selector and null or empty namespaces list means "this pod's namespace". - An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: |- - namespaces specifies a static list of namespace names that the term applies to. - The term is applied to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: |- - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where co-located is defined as running on a node - whose value of the label with key topologyKey matches that of any node on which any of the - selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - containerSecurityContext: - description: ContainerSecurityContext - properties: - allowPrivilegeEscalation: - description: |- - AllowPrivilegeEscalation controls whether a process can gain more - privileges than its parent process. This bool directly controls if - the no_new_privs flag will be set on the container process. - AllowPrivilegeEscalation is true always when the container is: - 1) run as Privileged - 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows. - type: boolean - capabilities: - description: |- - The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container runtime. - Note that this field cannot be set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: |- - Run container in privileged mode. - Processes in privileged containers are essentially equivalent to root on the host. - Defaults to false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: |- - procMount denotes the type of proc mount to use for the containers. - The default is DefaultProcMount which uses the container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: |- - Whether this container has a read-only root filesystem. - Default is false. - Note that this field cannot be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by this container. If seccomp options are - provided at both the pod & container level, the container options - override the pod options. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - dnsConfig: - description: See v1.PodDNSConfig for more details. - properties: - nameservers: - description: |- - A list of DNS name server IP addresses. - This will be appended to the base nameservers generated from DNSPolicy. - Duplicated nameservers will be removed. - items: - type: string - type: array - options: - description: |- - A list of DNS resolver options. - This will be merged with the base options generated from DNSPolicy. - Duplicated entries will be removed. Resolution options given in Options - will override those that appear in the base DNSPolicy. - items: - description: PodDNSConfigOption defines DNS resolver options - of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: |- - A list of DNS search domains for host-name lookup. - This will be appended to the base search paths generated from DNSPolicy. - Duplicated search paths will be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: See v1.DNSPolicy for more details. - type: string - druid.port: - description: DruidPort Used by the `Druid` process. - format: int32 - type: integer - dynamicConfig: - description: Dynamic Configurations for Druid. Applied through - the dynamic configuration API. - type: object - x-kubernetes-preserve-unknown-fields: true - env: - description: Env Environment variables for druid containers. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: |- - Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in the container and - any service environment variables. If a variable cannot be resolved, - the reference in the input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless of whether the variable - exists or not. - Defaults to "". - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: |- - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: EnvFrom Extra environment variables from remote - source (ConfigMaps, Secrets...). - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - extra.jvm.options: - description: ExtraJvmOptions Appends extra jvm options to the - `JvmOptions` field. - type: string - hpAutoscaler: - description: HPAutoScaler Kubernetes Native `HorizontalPodAutoscaler` - specification. - properties: - behavior: - description: |- - behavior configures the scaling behavior of the target - in both Up and Down directions (scaleUp and scaleDown fields respectively). - If not set, the default HPAScalingRules for scale up and scale down are used. - properties: - scaleDown: - description: |- - scaleDown is scaling policy for scaling Down. - If not set, the default value is to allow to scale down to minReplicas pods, with a - 300 second stabilization window (i.e., the highest recommendation for - the last 300sec is used). - properties: - policies: - description: |- - policies is a list of potential scaling polices which can be used during scaling. - At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid - items: - description: HPAScalingPolicy is a single policy - which must hold true for a specified past interval. - properties: - periodSeconds: - description: |- - periodSeconds specifies the window of time for which the policy should hold true. - PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). - format: int32 - type: integer - type: - description: type is used to specify the scaling - policy. - type: string - value: - description: |- - value contains the amount of change which is permitted by the policy. - It must be greater than zero - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - x-kubernetes-list-type: atomic - selectPolicy: - description: |- - selectPolicy is used to specify which policy should be used. - If not set, the default value Max is used. - type: string - stabilizationWindowSeconds: - description: |- - stabilizationWindowSeconds is the number of seconds for which past recommendations should be - considered while scaling up or scaling down. - StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). - If not set, use the default values: - - For scale up: 0 (i.e. no stabilization is done). - - For scale down: 300 (i.e. the stabilization window is 300 seconds long). - format: int32 - type: integer - type: object - scaleUp: - description: |- - scaleUp is scaling policy for scaling Up. - If not set, the default value is the higher of: - * increase no more than 4 pods per 60 seconds - * double the number of pods per 60 seconds - No stabilization is used. - properties: - policies: - description: |- - policies is a list of potential scaling polices which can be used during scaling. - At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid - items: - description: HPAScalingPolicy is a single policy - which must hold true for a specified past interval. - properties: - periodSeconds: - description: |- - periodSeconds specifies the window of time for which the policy should hold true. - PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min). - format: int32 - type: integer - type: - description: type is used to specify the scaling - policy. - type: string - value: - description: |- - value contains the amount of change which is permitted by the policy. - It must be greater than zero - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - x-kubernetes-list-type: atomic - selectPolicy: - description: |- - selectPolicy is used to specify which policy should be used. - If not set, the default value Max is used. - type: string - stabilizationWindowSeconds: - description: |- - stabilizationWindowSeconds is the number of seconds for which past recommendations should be - considered while scaling up or scaling down. - StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour). - If not set, use the default values: - - For scale up: 0 (i.e. no stabilization is done). - - For scale down: 300 (i.e. the stabilization window is 300 seconds long). - format: int32 - type: integer - type: object - type: object - maxReplicas: - description: |- - maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up. - It cannot be less that minReplicas. - format: int32 - type: integer - metrics: - description: |- - metrics contains the specifications for which to use to calculate the - desired replica count (the maximum replica count across all metrics will - be used). The desired replica count is calculated multiplying the - ratio between the target value and the current value by the current - number of pods. Ergo, metrics used must decrease as the pod count is - increased, and vice-versa. See the individual metric source types for - more information about how each type of metric must respond. - If not set, the default metric will be set to 80% average CPU utilization. - items: - description: |- - MetricSpec specifies how to scale based on a single metric - (only `type` and one other matching field should be set at once). - properties: - containerResource: - description: |- - containerResource refers to a resource metric (such as those specified in - requests and limits) known to Kubernetes describing a single container in - each pod of the current scale target (e.g. CPU or memory). Such metrics are - built in to Kubernetes, and have special scaling options on top of those - available to normal per-pod metrics using the "pods" source. - This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag. - properties: - container: - description: container is the name of the container - in the pods of the scaling target - type: string - name: - description: name is the name of the resource - in question. - type: string - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: |- - averageUtilization is the target value of the average of the - resource metric across all relevant pods, represented as a percentage of - the requested value of the resource for the pods. - Currently only valid for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: |- - averageValue is the target value of the average of the - metric across all relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - container - - name - - target - type: object - external: - description: |- - external refers to a global metric that is not associated - with any Kubernetes object. It allows autoscaling based on information - coming from components running outside of cluster - (for example length of queue in cloud messaging service, or - QPS from loadbalancer running outside of cluster). - properties: - metric: - description: metric identifies the target metric - by name and selector - properties: - name: - description: name is the name of the given - metric - type: string - selector: - description: |- - selector is the string-encoded form of a standard kubernetes label selector for the given metric - When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - When unset, just the metricName will be used to gather metrics. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - name - type: object - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: |- - averageUtilization is the target value of the average of the - resource metric across all relevant pods, represented as a percentage of - the requested value of the resource for the pods. - Currently only valid for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: |- - averageValue is the target value of the average of the - metric across all relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - metric - - target - type: object - object: - description: |- - object refers to a metric describing a single kubernetes object - (for example, hits-per-second on an Ingress object). - properties: - describedObject: - description: describedObject specifies the descriptions - of a object,such as kind,name apiVersion - properties: - apiVersion: - description: apiVersion is the API version - of the referent - type: string - kind: - description: 'kind is the kind of the referent; - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'name is the name of the referent; - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - kind - - name - type: object - metric: - description: metric identifies the target metric - by name and selector - properties: - name: - description: name is the name of the given - metric - type: string - selector: - description: |- - selector is the string-encoded form of a standard kubernetes label selector for the given metric - When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - When unset, just the metricName will be used to gather metrics. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - name - type: object - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: |- - averageUtilization is the target value of the average of the - resource metric across all relevant pods, represented as a percentage of - the requested value of the resource for the pods. - Currently only valid for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: |- - averageValue is the target value of the average of the - metric across all relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - describedObject - - metric - - target - type: object - pods: - description: |- - pods refers to a metric describing each pod in the current scale target - (for example, transactions-processed-per-second). The values will be - averaged together before being compared to the target value. - properties: - metric: - description: metric identifies the target metric - by name and selector - properties: - name: - description: name is the name of the given - metric - type: string - selector: - description: |- - selector is the string-encoded form of a standard kubernetes label selector for the given metric - When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping. - When unset, just the metricName will be used to gather metrics. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - name - type: object - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: |- - averageUtilization is the target value of the average of the - resource metric across all relevant pods, represented as a percentage of - the requested value of the resource for the pods. - Currently only valid for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: |- - averageValue is the target value of the average of the - metric across all relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - metric - - target - type: object - resource: - description: |- - resource refers to a resource metric (such as those specified in - requests and limits) known to Kubernetes describing each pod in the - current scale target (e.g. CPU or memory). Such metrics are built in to - Kubernetes, and have special scaling options on top of those available - to normal per-pod metrics using the "pods" source. - properties: - name: - description: name is the name of the resource - in question. - type: string - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: |- - averageUtilization is the target value of the average of the - resource metric across all relevant pods, represented as a percentage of - the requested value of the resource for the pods. - Currently only valid for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: |- - averageValue is the target value of the average of the - metric across all relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - name - - target - type: object - type: - description: |- - type is the type of metric source. It should be one of "ContainerResource", "External", - "Object", "Pods" or "Resource", each mapping to a matching field in the object. - Note: "ContainerResource" type is available on when the feature-gate - HPAContainerMetrics is enabled - type: string - required: - - type - type: object - type: array - x-kubernetes-list-type: atomic - minReplicas: - description: |- - minReplicas is the lower limit for the number of replicas to which the autoscaler - can scale down. It defaults to 1 pod. minReplicas is allowed to be 0 if the - alpha feature gate HPAScaleToZero is enabled and at least one Object or External - metric is configured. Scaling is active as long as at least one metric value is - available. - format: int32 - type: integer - scaleTargetRef: - description: |- - scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics - should be collected, as well as to actually change the replica count. - properties: - apiVersion: - description: apiVersion is the API version of the referent - type: string - kind: - description: 'kind is the kind of the referent; More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'name is the name of the referent; More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - required: - - kind - - name - type: object - required: - - maxReplicas - - scaleTargetRef - type: object - image: - description: Image Overrides image from top level, Required - if no image specified at top level. - type: string - imagePullPolicy: - description: ImagePullPolicy Overrides `imagePullPolicy` from - top level. - type: string - imagePullSecrets: - description: ImagePullSecrets Overrides `imagePullSecrets` from - top level. - items: - description: |- - LocalObjectReference contains enough information to let you locate the - referenced object inside the same namespace. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - type: array - ingress: - description: Ingress Kubernetes Native `Ingress` specification. - properties: - defaultBackend: - description: |- - defaultBackend is the backend that should handle requests that don't - match any rule. If Rules are not specified, DefaultBackend must be specified. - If DefaultBackend is not set, the handling of requests that do not match any - of the rules will be up to the Ingress controller. - properties: - resource: - description: |- - resource is an ObjectRef to another Kubernetes resource in the namespace - of the Ingress object. If resource is specified, a service.Name and - service.Port must not be specified. - This is a mutually exclusive setting with "Service". - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - service: - description: |- - service references a service as a backend. - This is a mutually exclusive setting with "Resource". - properties: - name: - description: |- - name is the referenced service. The service must exist in - the same namespace as the Ingress object. - type: string - port: - description: |- - port of the referenced service. A port name or port number - is required for a IngressServiceBackend. - properties: - name: - description: |- - name is the name of the port on the Service. - This is a mutually exclusive setting with "Number". - type: string - number: - description: |- - number is the numerical port number (e.g. 80) on the Service. - This is a mutually exclusive setting with "Name". - format: int32 - type: integer - type: object - required: - - name - type: object - type: object - ingressClassName: - description: |- - ingressClassName is the name of an IngressClass cluster resource. Ingress - controller implementations use this field to know whether they should be - serving this Ingress resource, by a transitive connection - (controller -> IngressClass -> Ingress resource). Although the - `kubernetes.io/ingress.class` annotation (simple constant name) was never - formally defined, it was widely supported by Ingress controllers to create - a direct binding between Ingress controller and Ingress resources. Newly - created Ingress resources should prefer using the field. However, even - though the annotation is officially deprecated, for backwards compatibility - reasons, ingress controllers should still honor that annotation if present. - type: string - rules: - description: |- - rules is a list of host rules used to configure the Ingress. If unspecified, - or no rule matches, all traffic is sent to the default backend. - items: - description: |- - IngressRule represents the rules mapping the paths under a specified host to - the related backend services. Incoming requests are first evaluated for a host - match, then routed to the backend associated with the matching IngressRuleValue. - properties: - host: - description: "host is the fully qualified domain name - of a network host, as defined by RFC 3986.\nNote - the following deviations from the \"host\" part - of the\nURI as defined in RFC 3986:\n1. IPs are - not allowed. Currently an IngressRuleValue can only - apply to\n the IP in the Spec of the parent Ingress.\n2. - The `:` delimiter is not respected because ports - are not allowed.\n\t Currently the port of an Ingress - is implicitly :80 for http and\n\t :443 for https.\nBoth - these may change in the future.\nIncoming requests - are matched against the host before the\nIngressRuleValue. - If the host is unspecified, the Ingress routes all\ntraffic - based on the specified IngressRuleValue.\n\n\nhost - can be \"precise\" which is a domain name without - the terminating dot of\na network host (e.g. \"foo.bar.com\") - or \"wildcard\", which is a domain name\nprefixed - with a single wildcard label (e.g. \"*.foo.com\").\nThe - wildcard character '*' must appear by itself as - the first DNS label and\nmatches only a single label. - You cannot have a wildcard label by itself (e.g. - Host == \"*\").\nRequests will be matched against - the Host field in the following way:\n1. If host - is precise, the request matches this rule if the - http host header is equal to Host.\n2. If host is - a wildcard, then the request matches this rule if - the http host header\nis to equal to the suffix - (removing the first label) of the wildcard rule." - type: string - http: - description: |- - HTTPIngressRuleValue is a list of http selectors pointing to backends. - In the example: http:///? -> backend where - where parts of the url correspond to RFC 3986, this resource will be used - to match against everything after the last '/' and before the first '?' - or '#'. - properties: - paths: - description: paths is a collection of paths that - map requests to backends. - items: - description: |- - HTTPIngressPath associates a path with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: |- - backend defines the referenced service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: |- - resource is an ObjectRef to another Kubernetes resource in the namespace - of the Ingress object. If resource is specified, a service.Name and - service.Port must not be specified. - This is a mutually exclusive setting with "Service". - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - service: - description: |- - service references a service as a backend. - This is a mutually exclusive setting with "Resource". - properties: - name: - description: |- - name is the referenced service. The service must exist in - the same namespace as the Ingress object. - type: string - port: - description: |- - port of the referenced service. A port name or port number - is required for a IngressServiceBackend. - properties: - name: - description: |- - name is the name of the port on the Service. - This is a mutually exclusive setting with "Number". - type: string - number: - description: |- - number is the numerical port number (e.g. 80) on the Service. - This is a mutually exclusive setting with "Name". - format: int32 - type: integer - type: object - required: - - name - type: object - type: object - path: - description: |- - path is matched against the path of an incoming request. Currently it can - contain characters disallowed from the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin with a '/' and must be present - when using PathType with value "Exact" or "Prefix". - type: string - pathType: - description: |- - pathType determines the interpretation of the path matching. PathType can - be one of the following values: - * Exact: Matches the URL path exactly. - * Prefix: Matches based on a URL path prefix split by '/'. Matching is - done on a path element by element basis. A path element refers is the - list of labels in the path split by the '/' separator. A request is a - match for path p if every p is an element-wise prefix of p of the - request path. Note that if the last element of the path is a substring - of the last element in request path, it is not a match (e.g. /foo/bar - matches /foo/bar/baz, but does not match /foo/barbaz). - * ImplementationSpecific: Interpretation of the Path matching is up to - the IngressClass. Implementations can treat this as a separate PathType - or treat it identically to Prefix or Exact path types. - Implementations are required to support all path types. - type: string - required: - - backend - - pathType - type: object - type: array - x-kubernetes-list-type: atomic - required: - - paths - type: object - type: object - type: array - x-kubernetes-list-type: atomic - tls: - description: |- - tls represents the TLS configuration. Currently the Ingress only supports a - single TLS port, 443. If multiple members of this list specify different hosts, - they will be multiplexed on the same port according to the hostname specified - through the SNI TLS extension, if the ingress controller fulfilling the - ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an ingress. - properties: - hosts: - description: |- - hosts is a list of hosts included in the TLS certificate. The values in - this list must match the name/s used in the tlsSecret. Defaults to the - wildcard host setting for the loadbalancer controller fulfilling this - Ingress, if left unspecified. - items: - type: string - type: array - x-kubernetes-list-type: atomic - secretName: - description: |- - secretName is the name of the secret used to terminate TLS traffic on - port 443. Field is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts with the "Host" - header field used by an IngressRule, the SNI host is used for termination - and value of the "Host" header is used for routing. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - ingressAnnotations: - additionalProperties: - type: string - description: IngressAnnotations `Ingress` annotations to be - populated in ingress spec. - type: object - jvm.options: - description: JvmOptions overrides `JvmOptions` at top level. - type: string - kind: - default: StatefulSet - description: |- - Kind Can be StatefulSet or Deployment. - Note: volumeClaimTemplates are ignored when kind=Deployment - type: string - lifecycle: - description: Lifecycle - properties: - postStart: - description: |- - PostStart is called immediately after a container is created. If the handler fails, - the container is terminated and restarted according to its restart policy. - Other management of the container blocks until the hook completes. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: |- - PreStop is called immediately before a container is terminated due to an - API request or management event such as liveness/startup probe failure, - preemption, resource contention, etc. The handler is not called if the - container crashes or exits. The Pod's termination grace period countdown begins before the - PreStop hook is executed. Regardless of the outcome of the handler, the - container will eventually terminate within the Pod's termination grace - period (unless delayed by finalizers). Other management of the container blocks until the hook completes - or until the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: |- - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept - for the backward compatibility. There are no validation of this field and - lifecycle hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: |- - LivenessProbe - Port is set to `druid.port` if not specified with httpGet handler. - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - log4j.config: - description: Log4jConfig Overrides `Log4jConfig` at top level. - type: string - maxSurge: - description: |- - MaxSurge For Deployment object only. - Set to 25% by default. - format: int32 - type: integer - maxUnavailable: - description: |- - MaxUnavailable For deployment object only. - Set to 25% by default - format: int32 - type: integer - nodeConfigMountPath: - description: NodeConfigMountPath in-container directory to mount - with runtime.properties, jvm.config, log4j2.xml files. - type: string - nodeSelector: - additionalProperties: - type: string - description: NodeSelector Kubernetes native `nodeSelector` specification. - type: object - nodeType: - description: NodeDruid `Druid` node type. - enum: - - historical - - overlord - - middleManager - - indexer - - broker - - coordinator - - router - type: string - persistentVolumeClaim: - description: VolumeClaimTemplates Kubernetes Native `VolumeClaimTemplate` - specification. - items: - description: PersistentVolumeClaim is a user's request for - and claim to a persistent volume - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may - be larger than the actual capacity when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - If a volume expansion capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress and if the actual volume capacity - is equal or lower than the requested capacity. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "ResizeStarted" that means the underlying - persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - resizeStatus: - description: |- - resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty - string by resize controller or kubelet. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: string - type: object - type: object - type: array - podAnnotations: - additionalProperties: - type: string - description: PodAnnotations Custom annotation to be populated - in the workload's pods. - type: object - podDisruptionBudgetSpec: - description: PodDisruptionBudgetSpec Kubernetes native `podDisruptionBudget` - specification. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - An eviction is allowed if at most "maxUnavailable" pods selected by - "selector" are unavailable after the eviction, i.e. even in absence of - the evicted pod. For example, one can prevent all voluntary evictions - by specifying 0. This is a mutually exclusive setting with "minAvailable". - x-kubernetes-int-or-string: true - minAvailable: - anyOf: - - type: integer - - type: string - description: |- - An eviction is allowed if at least "minAvailable" pods selected by - "selector" will still be available after the eviction, i.e. even in the - absence of the evicted pod. So for example you can prevent all voluntary - evictions by specifying "100%". - x-kubernetes-int-or-string: true - selector: - description: |- - Label query over pods whose evictions are managed by the disruption - budget. - A null selector will match no pods, while an empty ({}) selector will select - all pods within the namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyPodEvictionPolicy: - description: |- - UnhealthyPodEvictionPolicy defines the criteria for when unhealthy pods - should be considered for eviction. Current implementation considers healthy pods, - as pods that have status.conditions item with type="Ready",status="True". - - - Valid policies are IfHealthyBudget and AlwaysAllow. - If no policy is specified, the default behavior will be used, - which corresponds to the IfHealthyBudget policy. - - - IfHealthyBudget policy means that running pods (status.phase="Running"), - but not yet healthy can be evicted only if the guarded application is not - disrupted (status.currentHealthy is at least equal to status.desiredHealthy). - Healthy pods will be subject to the PDB for eviction. - - - AlwaysAllow policy means that all running pods (status.phase="Running"), - but not yet healthy are considered disrupted and can be evicted regardless - of whether the criteria in a PDB is met. This means perspective running - pods of a disrupted application might not get a chance to become healthy. - Healthy pods will be subject to the PDB for eviction. - - - Additional policies may be added in the future. - Clients making eviction decisions should disallow eviction of unhealthy pods - if they encounter an unrecognized policy in this field. - - - This field is beta-level. The eviction API uses this field when - the feature gate PDBUnhealthyPodEvictionPolicy is enabled (enabled by default). - type: string - type: object - podLabels: - additionalProperties: - type: string - description: PodLabels Custom labels to be populated in the - workload's pods. - type: object - podManagementPolicy: - default: Parallel - description: PodManagementPolicy - type: string - ports: - description: Ports Extra ports to be added to pod spec. - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: |- - Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: |- - Number of port to expose on the host. - If specified, this must be a valid port number, 0 < x < 65536. - If HostNetwork is specified, this must match ContainerPort. - Most containers do not need this. - format: int32 - type: integer - name: - description: |- - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each - named port in a pod must have a unique name. Name for the port that can be - referred to by services. - type: string - protocol: - default: TCP - description: |- - Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - priorityClassName: - description: PriorityClassName Kubernetes native `priorityClassName` - specification. - type: string - readinessProbe: - description: |- - ReadinessProbe - Port is set to `druid.port` if not specified with httpGet handler. - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - replicas: - description: Replicas replica of the workload - format: int32 - minimum: 0 - type: integer - resources: - description: Resources Kubernetes Native `resources` specification. - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - runtime.properties: - description: RuntimeProperties Additional runtime configuration - for the specific workload. - type: string - securityContext: - description: PodSecurityContext Overrides `securityContext` - at top level. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - fsGroupChangePolicy: - description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. - type: string - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. - Note that this field cannot be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccountName: - description: ServiceAccountName Kubernetes native `serviceAccountName` - specification. - type: string - services: - description: Services Overrides services at top level. - items: - description: |- - Service is a named abstraction of software service (for example, mysql) consisting of local port - (for example 3306) that the proxy listens on, and the selector that determines which pods - will answer requests sent through the proxy. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - Spec defines the behavior of a service. - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - allocateLoadBalancerNodePorts: - description: |- - allocateLoadBalancerNodePorts defines if NodePorts will be automatically - allocated for services with type LoadBalancer. Default is "true". It - may be set to "false" if the cluster load-balancer does not rely on - NodePorts. If the caller requests specific NodePorts (by specifying a - value), those requests will be respected, regardless of this field. - This field may only be set for services with type LoadBalancer and will - be cleared if the type is changed to any other type. - type: boolean - clusterIP: - description: |- - clusterIP is the IP address of the service and is usually assigned - randomly. If an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated to the - service; otherwise creation of the service will fail. This field may not - be changed through updates unless the type field is also being changed - to ExternalName (which requires this field to be blank) or the type - field is being changed from ExternalName (in which case this field may - optionally be specified, as describe above). Valid values are "None", - empty string (""), or a valid IP address. Setting this to "None" makes a - "headless service" (no virtual IP), which is useful when direct endpoint - connections are preferred and proxying is not required. Only applies to - types ClusterIP, NodePort, and LoadBalancer. If this field is specified - when creating a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - type: string - clusterIPs: - description: |- - ClusterIPs is a list of IP addresses assigned to this service, and are - usually assigned randomly. If an address is specified manually, is - in-range (as per system configuration), and is not in use, it will be - allocated to the service; otherwise creation of the service will fail. - This field may not be changed through updates unless the type field is - also being changed to ExternalName (which requires this field to be - empty) or the type field is being changed from ExternalName (in which - case this field may optionally be specified, as describe above). Valid - values are "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual IP), which is - useful when direct endpoint connections are preferred and proxying is - not required. Only applies to types ClusterIP, NodePort, and - LoadBalancer. If this field is specified when creating a Service of type - ExternalName, creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not specified, it will - be initialized from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have the same - value. - - - This field may hold a maximum of two entries (dual-stack IPs, in either order). - These IPs must correspond to the values of the ipFamilies field. Both - clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: |- - externalIPs is a list of IP addresses for which nodes in the cluster - will also accept traffic for this service. These IPs are not managed by - Kubernetes. The user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external load-balancers - that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: |- - externalName is the external reference that discovery mechanisms will - return as an alias for this service (e.g. a DNS CNAME record). No - proxying will be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - type: string - externalTrafficPolicy: - description: |- - externalTrafficPolicy describes how nodes distribute service traffic they - receive on one of the Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - the service in a way that assumes that external load balancers will take care - of balancing the service traffic between nodes, and so each node will deliver - traffic only to the node-local endpoints of the service, without masquerading - the client source IP. (Traffic mistakenly sent to a node with no endpoints will - be dropped.) The default value, "Cluster", uses the standard behavior of - routing to all endpoints evenly (possibly modified by topology and other - features). Note that traffic sent to an External IP or LoadBalancer IP from - within the cluster will always get "Cluster" semantics, but clients sending to - a NodePort from within the cluster may need to take traffic policy into account - when picking a node. - type: string - healthCheckNodePort: - description: |- - healthCheckNodePort specifies the healthcheck nodePort for the service. - This only applies when type is set to LoadBalancer and - externalTrafficPolicy is set to Local. If a value is specified, is - in-range, and is not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. load-balancers) - can use this port to determine if a given node holds endpoints for this - service or not. If this field is specified when creating a Service - which does not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing type). - This field cannot be updated once set. - format: int32 - type: integer - internalTrafficPolicy: - description: |- - InternalTrafficPolicy describes how nodes distribute service traffic they - receive on the ClusterIP. If set to "Local", the proxy will assume that pods - only want to talk to endpoints of the service on the same node as the pod, - dropping the traffic if there are no local endpoints. The default value, - "Cluster", uses the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - type: string - ipFamilies: - description: |- - IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this - service. This field is usually assigned automatically based on cluster - configuration and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise creation of - the service will fail. This field is conditionally mutable: it allows - for adding or removing a secondary IP family, but it does not allow - changing the primary IP family of the Service. Valid values are "IPv4" - and "IPv6". This field only applies to Services of types ClusterIP, - NodePort, and LoadBalancer, and does apply to "headless" services. - This field will be wiped when updating a Service to type ExternalName. - - - This field may hold a maximum of two entries (dual-stack families, in - either order). These families must correspond to the values of the - clusterIPs field, if specified. Both clusterIPs and ipFamilies are - governed by the ipFamilyPolicy field. - items: - description: |- - IPFamily represents the IP Family (IPv4 or IPv6). This type is used - to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: |- - IPFamilyPolicy represents the dual-stack-ness requested or required by - this Service. If there is no value provided, then this field will be set - to SingleStack. Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise fail). The - ipFamilies and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type ExternalName. - type: string - loadBalancerClass: - description: |- - loadBalancerClass is the class of the load balancer implementation this Service belongs to. - If specified, the value of this field must be a label-style identifier, with an optional prefix, - e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - balancer implementation is used, today this is typically done through the cloud provider integration, - but should apply for any default implementation. If set, it is assumed that a load balancer - implementation is watching for Services with a matching class. Any default load balancer - implementation (e.g. cloud providers) should ignore Services that set this field. - This field can only be set when creating or updating a Service to type 'LoadBalancer'. - Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: |- - Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider supports specifying - the loadBalancerIP when a load balancer is created. - This field will be ignored if the cloud-provider does not support the feature. - Deprecated: This field was under-specified and its meaning varies across implementations, - and it cannot support dual-stack. - As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. - This field may be removed in a future API version. - type: string - loadBalancerSourceRanges: - description: |- - If specified and supported by the platform, this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client IPs. This field will be ignored if the - cloud-provider does not support the feature." - More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - items: - type: string - type: array - ports: - description: |- - The list of ports that are exposed by this service. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - items: - description: ServicePort contains information on - service's port. - properties: - appProtocol: - description: |- - The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard service names (as per - RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such as - mycompany.com/my-custom-protocol. - type: string - name: - description: |- - The name of this port within the service. This must be a DNS_LABEL. - All ports within a ServiceSpec must have unique names. When considering - the endpoints for a Service, this must match the 'name' field in the - EndpointPort. - Optional if only one ServicePort is defined on this service. - type: string - nodePort: - description: |- - The port on each node on which this service is exposed when type is - NodePort or LoadBalancer. Usually assigned by the system. If a value is - specified, in-range, and not in use it will be used, otherwise the - operation will fail. If not specified, a port will be allocated if this - Service requires one. If this field is specified when creating a - Service which does not need it, creation will fail. This field will be - wiped when updating a Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). - More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - default: TCP - description: |- - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the pods targeted by the service. - Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named port in the - target Pod's container ports. If this is not specified, the value - of the 'port' field is used (an identity map). - This field is ignored for services with clusterIP=None, and should be - omitted or set equal to the 'port' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: |- - publishNotReadyAddresses indicates that any agent which deals with endpoints for this - Service should disregard any indications of ready/not-ready. - The primary use case for setting this field is for a StatefulSet's Headless Service to - propagate SRV DNS records for its Pods for the purpose of peer discovery. - The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - Services interpret this to mean that all endpoints are considered "ready" even if the - Pods themselves are not. Agents which consume only Kubernetes generated endpoints - through the Endpoints or EndpointSlice resources can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Route service traffic to pods with label keys and values matching this - selector. If empty or not present, the service is assumed to have an - external process managing its endpoints, which Kubernetes will not - modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/ - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: |- - Supports "ClientIP" and "None". Used to maintain session affinity. - Enable client IP based session affinity. - Must be ClientIP or None. - Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: |- - timeoutSeconds specifies the seconds of ClientIP type session sticky time. - The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - Default value is 10800(for 3 hours). - format: int32 - type: integer - type: object - type: object - type: - description: |- - type determines how the Service is exposed. Defaults to ClusterIP. Valid - options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - "ClusterIP" allocates a cluster-internal IP address for load-balancing - to endpoints. Endpoints are determined by the selector or if that is not - specified, by manual construction of an Endpoints object or - EndpointSlice objects. If clusterIP is "None", no virtual IP is - allocated and the endpoints are published as a set of endpoints rather - than a virtual IP. - "NodePort" builds on ClusterIP and allocates a port on every node which - routes to the same endpoints as the clusterIP. - "LoadBalancer" builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the same endpoints - as the clusterIP. - "ExternalName" aliases this service to the specified externalName. - Several other fields do not apply to ExternalName services. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: string - type: object - status: - description: |- - Most recently observed status of the service. - Populated by the system. - Read-only. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - conditions: - description: Current service state - items: - description: "Condition contains details for one - aspect of the current state of this API Resource.\n---\nThis - struct is intended for direct use as an array - at the field path .status.conditions. For example,\n\n\n\ttype - FooStatus struct{\n\t // Represents the observations - of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t - \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t - \ // +listType=map\n\t // +listMapKey=type\n\t - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of - True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - loadBalancer: - description: |- - LoadBalancer contains the current status of the load-balancer, - if one is present. - properties: - ingress: - description: |- - Ingress is a list containing ingress points for the load-balancer. - Traffic intended for the service should be sent to these ingress points. - items: - description: |- - LoadBalancerIngress represents the status of a load-balancer ingress point: - traffic intended for the service should be sent to an ingress point. - properties: - hostname: - description: |- - Hostname is set for load-balancer ingress points that are DNS based - (typically AWS load-balancers) - type: string - ip: - description: |- - IP is set for load-balancer ingress points that are IP based - (typically GCE or OpenStack load-balancers) - type: string - ports: - description: |- - Ports is a list of records of service ports - If used, every port defined in the service should have an entry in it - items: - properties: - error: - description: |- - Error is to record the problem with the service port - The format of the error shall comply with the following rules: - - built-in error values shall be specified in this file and those shall use - CamelCase names - - cloud provider specific error values must have names that comply with the - format foo.example.com/CamelCase. - --- - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number - of the service port of which status - is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: |- - Protocol is the protocol of the service port of which status is recorded here - The supported values are: "TCP", "UDP", "SCTP" - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - type: array - startUpProbe: - description: StartUpProbe - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - terminationGracePeriodSeconds: - description: TerminationGracePeriodSeconds - format: int64 - type: integer - tolerations: - description: Tolerations Kubernetes native `tolerations` specification. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints Kubernetes Native `topologySpreadConstraints` - specification. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: |- - LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine the number of pods - in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: |- - MatchLabelKeys is a set of pod label keys to select the pods over which - spreading will be calculated. The keys are used to lookup values from the - incoming pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading will be calculated - for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - MatchLabelKeys cannot be set when LabelSelector isn't set. - Keys that don't exist in the incoming pod labels will - be ignored. A null or empty list means only match against labelSelector. - - - This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: |- - MaxSkew describes the degree to which pods may be unevenly distributed. - When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference - between the number of matching pods in the target topology and the global minimum. - The global minimum is the minimum number of matching pods in an eligible domain - or zero if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 2/2/1: - In this case, the global minimum is 1. - | zone1 | zone2 | zone3 | - | P P | P P | P | - - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; - scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) - violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto any zone. - When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence - to topologies that satisfy it. - It's a required field. Default value is 1 and 0 is not allowed. - format: int32 - type: integer - minDomains: - description: |- - MinDomains indicates a minimum number of eligible domains. - When the number of eligible domains with matching topology keys is less than minDomains, - Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. - And when the number of eligible domains with matching topology keys equals or greater than minDomains, - this value has no effect on scheduling. - As a result, when the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains is equal to 1. - Valid values are integers greater than 0. - When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - - - For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same - labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | - | P P | P P | P P | - The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. - In this situation, new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, - it will violate MaxSkew. - - - This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - format: int32 - type: integer - nodeAffinityPolicy: - description: |- - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector - when calculating pod topology spread skew. Options are: - - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - - - If this value is nil, the behavior is equivalent to the Honor policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - nodeTaintsPolicy: - description: |- - NodeTaintsPolicy indicates how we will treat node taints when calculating - pod topology spread skew. Options are: - - Honor: nodes without taints, along with tainted nodes for which the incoming pod - has a toleration, are included. - - Ignore: node taints are ignored. All nodes are included. - - - If this value is nil, the behavior is equivalent to the Ignore policy. - This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - type: string - topologyKey: - description: |- - TopologyKey is the key of node labels. Nodes that have a label with this key - and identical values are considered to be in the same topology. - We consider each as a "bucket", and try to put balanced number - of pods into each bucket. - We define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose nodes meet the requirements of - nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. - And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. - It's a required field. - type: string - whenUnsatisfiable: - description: |- - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy - the spread constraint. - - DoNotSchedule (default) tells the scheduler not to schedule it. - - ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. - A constraint is considered "Unsatisfiable" for an incoming pod - if and only if every possible node assignment for that pod would violate - "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same - labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | - | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled - to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler - won't make it *more* imbalanced. - It's a required field. - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - updateStrategy: - description: UpdateStrategy - properties: - rollingUpdate: - description: RollingUpdate is used to communicate parameters - when Type is RollingUpdateStatefulSetStrategyType. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage by rounding up. This can not be 0. - Defaults to 1. This field is alpha-level and is only honored by servers that enable the - MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to - Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it - will be counted towards MaxUnavailable. - x-kubernetes-int-or-string: true - partition: - description: |- - Partition indicates the ordinal at which the StatefulSet should be partitioned - for updates. During a rolling update, all pods from ordinal Replicas-1 to - Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. - This is helpful in being able to do a canary based deployment. The default value is 0. - format: int32 - type: integer - type: object - type: - description: |- - Type indicates the type of the StatefulSetUpdateStrategy. - Default is RollingUpdate. - type: string - type: object - volumeClaimTemplates: - description: VolumeClaimTemplates Kubernetes Native `volumeClaimTemplates` - specification. - items: - description: PersistentVolumeClaim is a user's request for - and claim to a persistent volume - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may - be larger than the actual capacity when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - If a volume expansion capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress and if the actual volume capacity - is equal or lower than the requested capacity. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contains - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "ResizeStarted" that means the underlying - persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - resizeStatus: - description: |- - resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty - string by resize controller or kubelet. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: string - type: object - type: object - type: array - volumeMounts: - description: VolumeMounts Kubernetes Native `volumeMounts` specification. - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes Kubernetes Native `volumes` specification. - items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: |- - awsElasticBlockStore represents an AWS Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - format: int32 - type: integer - readOnly: - description: |- - readOnly value true will force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: boolean - volumeID: - description: |- - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk - in the blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the - blob storage - type: string - fsType: - description: |- - fsType is Filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single - blob disk per storage account Managed: azure managed - data disk (only in managed availability set). defaults - to shared' - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that - contains Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime - properties: - monitors: - description: |- - monitors is Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - items: - type: string - type: array - path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default is - /' - type: string - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: boolean - secretFile: - description: |- - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - secretRef: - description: |- - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is optional: User is the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - required: - - monitors - type: object - cinder: - description: |- - cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: boolean - secretRef: - description: |- - secretRef is optional: points to a secret object containing parameters used to connect - to OpenStack. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: |- - volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: |- - defaultMode is optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: - description: |- - driver is the name of the CSI driver that handles this volume. - Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: |- - fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated CSI driver - which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: |- - nodePublishSecretRef is a reference to the secret object containing - sensitive information to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no secret is required. If the - secret object contains more than one secret, all secret references are passed. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: |- - readOnly specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: |- - volumeAttributes stores driver-specific properties that are passed to the CSI - driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about - the pod that should populate this volume - properties: - defaultMode: - description: |- - Optional: mode bits to use on created files by default. Must be a - Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: Items is a list of downward API volume - file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' path. - Must be utf-8 encoded. The first item of the - relative path must not start with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: |- - emptyDir represents a temporary directory that shares a pod's lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - properties: - medium: - description: |- - medium represents what type of storage medium should back this directory. - The default is "" which means to use the node's default medium. - Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. - The size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would be the minimum value between - the SizeLimit specified here and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: |- - ephemeral represents a volume that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - and deleted when the pod is removed. - - - Use this if: - a) the volume is only needed while the pod runs, - b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, - c) the storage driver is specified through a storage class, and - d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - - Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. - - - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - be used that way - see the documentation of the driver for - more information. - - - A pod can use both types of ephemeral volumes and - persistent volumes at the same time. - properties: - volumeClaimTemplate: - description: |- - Will be used to create a stand-alone PVC to provision the volume. - The pod in which this EphemeralVolumeSource is embedded will be the - owner of the PVC, i.e. the PVC will be deleted together with the - pod. The name of the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` array - entry. Pod validation will reject the pod if the concatenated name - is not valid for a PVC (for example, too long). - - - An existing PVC with that name that is not owned by the pod - will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to updated with an - owner reference to the pod once the pod exists. Normally - this should not be necessary, but it may be useful when - manually reconstructing a broken cluster. - - - This field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. - - - Required, must not be nil. - properties: - metadata: - description: |- - May contain labels and annotations that will be copied into the PVC - when creating it. No other fields are allowed and will be rejected during - validation. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - The specification for the PersistentVolumeClaim. The entire content is - copied unchanged into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: |- - wwids Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - items: - type: string - type: array - type: object - flexVolume: - description: |- - flexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use - for this volume. - type: string - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds - extra command options if any.' - type: object - readOnly: - description: |- - readOnly is Optional: defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef is Optional: secretRef is reference to the secret object containing - sensitive information to pass to the plugin scripts. This may be - empty if no secret object is specified. If the secret object - contains more than one secret, all secrets are passed to the plugin - scripts. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: |- - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: |- - gcePersistentDisk represents a GCE Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - properties: - fsType: - description: |- - fsType is filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - format: int32 - type: integer - pdName: - description: |- - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: boolean - required: - - pdName - type: object - gitRepo: - description: |- - gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - into the Pod's container. - properties: - directory: - description: |- - directory is the target directory name. - Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - git repository. Otherwise, if specified, the volume will contain the git repository in - the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: |- - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md - properties: - endpoints: - description: |- - endpoints is the endpoint name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - path: - description: |- - path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - readOnly: - description: |- - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: |- - hostPath represents a pre-existing file or directory on the host - machine that is directly exposed to the container. This is generally - used for system agents or other privileged things that are allowed - to see the host machine. Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. - properties: - path: - description: |- - path of the directory on the host. - If the path is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - type: - description: |- - type for HostPath Volume - Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - required: - - path - type: object - iscsi: - description: |- - iscsi represents an ISCSI Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support - iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication - type: boolean - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - initiatorName: - description: |- - initiatorName is the custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: |- - iscsiInterface is the interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: |- - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI - target and initiator authentication - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: |- - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: |- - name of the volume. - Must be a DNS_LABEL and unique within the pod. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - nfs: - description: |- - nfs represents an NFS mount on the host that shares a pod's lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - properties: - path: - description: |- - path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - readOnly: - description: |- - readOnly here will force the NFS export to be mounted with read-only permissions. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: boolean - server: - description: |- - server is the hostname or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: |- - persistentVolumeClaimVolumeSource represents a reference to a - PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon - Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources - secrets, configmaps, and downward API - properties: - defaultMode: - description: |- - defaultMode are the mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along - with other supported volume types - properties: - configMap: - description: configMap information about the - configMap data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional specify whether the - ConfigMap or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the - downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a - field of the pod: only annotations, - labels, name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret - data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional field specify whether - the Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to project - properties: - audience: - description: |- - audience is the intended audience of the token. A recipient of a token - must identify itself with an identifier specified in the audience of the - token, and otherwise should reject the token. The audience defaults to the - identifier of the apiserver. - type: string - expirationSeconds: - description: |- - expirationSeconds is the requested duration of validity of the service - account token. As the token approaches expiration, the kubelet volume - plugin will proactively rotate the service account token. The kubelet will - start trying to rotate the token if the token is older than 80 percent of - its time to live or if the token is older than 24 hours.Defaults to 1 hour - and must be at least 10 minutes. - format: int64 - type: integer - path: - description: |- - path is the path relative to the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime - properties: - group: - description: |- - group to map volume access to - Default is no group - type: string - readOnly: - description: |- - readOnly here will force the Quobyte volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: |- - registry represents a single or multiple Quobyte Registry services - specified as a string as host:port pair (multiple entries are separated with commas) - which acts as the central registry for volumes - type: string - tenant: - description: |- - tenant owning the given Quobyte volume in the Backend - Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: |- - user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references an - already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: |- - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - image: - description: |- - image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - keyring: - description: |- - keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - monitors: - description: |- - monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - items: - type: string - type: array - pool: - description: |- - pool is the rados pool name. - Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: boolean - secretRef: - description: |- - secretRef is name of the authentication secret for RBDUser. If provided - overrides keyring. - Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is the rados user name. - Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef references to the secret for ScaleIO user and other - sensitive information. If this is not provided, Login operation will fail. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: |- - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool - associated with the protection domain. - type: string - system: - description: system is the name of the storage system - as configured in ScaleIO. - type: string - volumeName: - description: |- - volumeName is the name of a volume already created in the ScaleIO system - that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: |- - secret represents a secret that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - properties: - defaultMode: - description: |- - defaultMode is Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items If unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether the Secret - or its keys must be defined - type: boolean - secretName: - description: |- - secretName is the name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef specifies the secret to use for obtaining the StorageOS API - credentials. If not specified, default values will be attempted. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: |- - volumeName is the human-readable name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: |- - volumeNamespace specifies the scope of the volume within StorageOS. If no - namespace is specified then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default behaviour. - Set to "default" if you are not using namespaces within StorageOS. - Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy - Based Management (SPBM) profile ID associated with - the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy - Based Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - workloadAnnotations: - additionalProperties: - type: string - description: WorkloadAnnotations annotations to be populated - in StatefulSet or Deployment spec. - type: object - required: - - druid.port - - nodeConfigMountPath - - nodeType - - runtime.properties - type: object - description: |- - Nodes a list of `Druid` Node types and their configurations. - `DruidSpec` is used to create Kubernetes workload specs. Many of the fields above can be overridden at the specific - `NodeSpec` level. - type: object - podAnnotations: - additionalProperties: - type: string - description: PodAnnotations Custom annotations to be populated in - `Druid` pods. - type: object - podLabels: - additionalProperties: - type: string - description: PodLabels Custom labels to be populated in `Druid` pods. - type: object - podManagementPolicy: - default: Parallel - description: PodManagementPolicy - type: string - priorityClassName: - description: PriorityClassName Kubernetes native `priorityClassName` - specification. - type: string - readinessProbe: - description: |- - ReadinessProbe - Port is set to `druid.port` if not specified with httpGet handler. - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number must - be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - rollingDeploy: - default: true - description: |- - RollingDeploy Whether to deploy the components in a rolling update as described in the documentation: - https://druid.apache.org/docs/latest/operations/rolling-updates.html - If set to true then operator checks the rollout status of previous version workloads before updating the next. - This will be done only for update actions. - type: boolean - scalePvcSts: - default: false - description: ScalePvcSts When enabled, operator will allow volume - expansion of StatefulSet's PVCs. - type: boolean - securityContext: - description: PodSecurityContext - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. - Some volume types allow the Kubelet to change the ownership of that volume - to be owned by the pod: - - - 1. The owning GID will be the FSGroup - 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- - - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - fsGroupChangePolicy: - description: |- - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume - before being exposed inside Pod. This field will only apply to - volume types which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such as: secret, configmaps - and emptydir. - Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. - Note that this field cannot be set when spec.os.name is windows. - type: string - runAsGroup: - description: |- - The GID to run the entrypoint of the container process. - Uses runtime default if unset. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: |- - Indicates that the container must run as a non-root user. - If true, the Kubelet will validate the image at runtime to ensure that it - does not run as UID 0 (root) and fail to start the container if it does. - If unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: |- - The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: |- - The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random SELinux context for each - container. May also be set in SecurityContext. If set in - both SecurityContext and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: |- - The seccomp options to use by the containers in this pod. - Note that this field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: |- - localhostProfile indicates a profile defined in a file on the node should be used. - The profile must be preconfigured on the node to work. - Must be a descending path, relative to the kubelet's configured seccomp profile location. - Must only be set if type is "Localhost". - type: string - type: - description: |- - type indicates which kind of seccomp profile will be applied. - Valid options are: - - - Localhost - a profile defined in a file on the node should be used. - RuntimeDefault - the container runtime default profile should be used. - Unconfined - no profile should be applied. - type: string - required: - - type - type: object - supplementalGroups: - description: |- - A list of groups applied to the first process run in each container, in addition - to the container's primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container process. If unspecified, - no additional groups are added to any container. Note that group memberships - defined in the container image for the uid of the container process are still effective, - even if they are not included in this list. - Note that this field cannot be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: |- - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported - sysctls (by the container runtime) might fail to launch. - Note that this field cannot be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: |- - The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext will be used. - If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: |- - GMSACredentialSpec is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the - GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: |- - HostProcess determines if a container should be run as a 'Host Process' container. - This field is alpha-level and will only be honored by components that enable the - WindowsHostProcessContainers feature flag. Setting this field without the feature - flag will result in errors when validating the Pod. All of a Pod's containers must - have the same effective HostProcess value (it is not allowed to have a mix of HostProcess - containers and non-HostProcess containers). In addition, if HostProcess is true - then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: |- - The UserName in Windows to run the entrypoint of the container process. - Defaults to the user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccount: - description: ServiceAccount - type: string - services: - description: Services Kubernetes services to be created for each workload. - items: - description: |- - Service is a named abstraction of software service (for example, mysql) consisting of local port - (for example 3306) that the proxy listens on, and the selector that determines which pods - will answer requests sent through the proxy. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - Spec defines the behavior of a service. - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - allocateLoadBalancerNodePorts: - description: |- - allocateLoadBalancerNodePorts defines if NodePorts will be automatically - allocated for services with type LoadBalancer. Default is "true". It - may be set to "false" if the cluster load-balancer does not rely on - NodePorts. If the caller requests specific NodePorts (by specifying a - value), those requests will be respected, regardless of this field. - This field may only be set for services with type LoadBalancer and will - be cleared if the type is changed to any other type. - type: boolean - clusterIP: - description: |- - clusterIP is the IP address of the service and is usually assigned - randomly. If an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated to the - service; otherwise creation of the service will fail. This field may not - be changed through updates unless the type field is also being changed - to ExternalName (which requires this field to be blank) or the type - field is being changed from ExternalName (in which case this field may - optionally be specified, as describe above). Valid values are "None", - empty string (""), or a valid IP address. Setting this to "None" makes a - "headless service" (no virtual IP), which is useful when direct endpoint - connections are preferred and proxying is not required. Only applies to - types ClusterIP, NodePort, and LoadBalancer. If this field is specified - when creating a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - type: string - clusterIPs: - description: |- - ClusterIPs is a list of IP addresses assigned to this service, and are - usually assigned randomly. If an address is specified manually, is - in-range (as per system configuration), and is not in use, it will be - allocated to the service; otherwise creation of the service will fail. - This field may not be changed through updates unless the type field is - also being changed to ExternalName (which requires this field to be - empty) or the type field is being changed from ExternalName (in which - case this field may optionally be specified, as describe above). Valid - values are "None", empty string (""), or a valid IP address. Setting - this to "None" makes a "headless service" (no virtual IP), which is - useful when direct endpoint connections are preferred and proxying is - not required. Only applies to types ClusterIP, NodePort, and - LoadBalancer. If this field is specified when creating a Service of type - ExternalName, creation will fail. This field will be wiped when updating - a Service to type ExternalName. If this field is not specified, it will - be initialized from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have the same - value. - - - This field may hold a maximum of two entries (dual-stack IPs, in either order). - These IPs must correspond to the values of the ipFamilies field. Both - clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: |- - externalIPs is a list of IP addresses for which nodes in the cluster - will also accept traffic for this service. These IPs are not managed by - Kubernetes. The user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external load-balancers - that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: |- - externalName is the external reference that discovery mechanisms will - return as an alias for this service (e.g. a DNS CNAME record). No - proxying will be involved. Must be a lowercase RFC-1123 hostname - (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName". - type: string - externalTrafficPolicy: - description: |- - externalTrafficPolicy describes how nodes distribute service traffic they - receive on one of the Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure - the service in a way that assumes that external load balancers will take care - of balancing the service traffic between nodes, and so each node will deliver - traffic only to the node-local endpoints of the service, without masquerading - the client source IP. (Traffic mistakenly sent to a node with no endpoints will - be dropped.) The default value, "Cluster", uses the standard behavior of - routing to all endpoints evenly (possibly modified by topology and other - features). Note that traffic sent to an External IP or LoadBalancer IP from - within the cluster will always get "Cluster" semantics, but clients sending to - a NodePort from within the cluster may need to take traffic policy into account - when picking a node. - type: string - healthCheckNodePort: - description: |- - healthCheckNodePort specifies the healthcheck nodePort for the service. - This only applies when type is set to LoadBalancer and - externalTrafficPolicy is set to Local. If a value is specified, is - in-range, and is not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. load-balancers) - can use this port to determine if a given node holds endpoints for this - service or not. If this field is specified when creating a Service - which does not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing type). - This field cannot be updated once set. - format: int32 - type: integer - internalTrafficPolicy: - description: |- - InternalTrafficPolicy describes how nodes distribute service traffic they - receive on the ClusterIP. If set to "Local", the proxy will assume that pods - only want to talk to endpoints of the service on the same node as the pod, - dropping the traffic if there are no local endpoints. The default value, - "Cluster", uses the standard behavior of routing to all endpoints evenly - (possibly modified by topology and other features). - type: string - ipFamilies: - description: |- - IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this - service. This field is usually assigned automatically based on cluster - configuration and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise creation of - the service will fail. This field is conditionally mutable: it allows - for adding or removing a secondary IP family, but it does not allow - changing the primary IP family of the Service. Valid values are "IPv4" - and "IPv6". This field only applies to Services of types ClusterIP, - NodePort, and LoadBalancer, and does apply to "headless" services. - This field will be wiped when updating a Service to type ExternalName. - - - This field may hold a maximum of two entries (dual-stack families, in - either order). These families must correspond to the values of the - clusterIPs field, if specified. Both clusterIPs and ipFamilies are - governed by the ipFamilyPolicy field. - items: - description: |- - IPFamily represents the IP Family (IPv4 or IPv6). This type is used - to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: |- - IPFamilyPolicy represents the dual-stack-ness requested or required by - this Service. If there is no value provided, then this field will be set - to SingleStack. Services can be "SingleStack" (a single IP family), - "PreferDualStack" (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise fail). The - ipFamilies and clusterIPs fields depend on the value of this field. This - field will be wiped when updating a service to type ExternalName. - type: string - loadBalancerClass: - description: |- - loadBalancerClass is the class of the load balancer implementation this Service belongs to. - If specified, the value of this field must be a label-style identifier, with an optional prefix, - e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. - This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load - balancer implementation is used, today this is typically done through the cloud provider integration, - but should apply for any default implementation. If set, it is assumed that a load balancer - implementation is watching for Services with a matching class. Any default load balancer - implementation (e.g. cloud providers) should ignore Services that set this field. - This field can only be set when creating or updating a Service to type 'LoadBalancer'. - Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: |- - Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider supports specifying - the loadBalancerIP when a load balancer is created. - This field will be ignored if the cloud-provider does not support the feature. - Deprecated: This field was under-specified and its meaning varies across implementations, - and it cannot support dual-stack. - As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. - This field may be removed in a future API version. - type: string - loadBalancerSourceRanges: - description: |- - If specified and supported by the platform, this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client IPs. This field will be ignored if the - cloud-provider does not support the feature." - More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/ - items: - type: string - type: array - ports: - description: |- - The list of ports that are exposed by this service. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: |- - The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard service names (as per - RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names such as - mycompany.com/my-custom-protocol. - type: string - name: - description: |- - The name of this port within the service. This must be a DNS_LABEL. - All ports within a ServiceSpec must have unique names. When considering - the endpoints for a Service, this must match the 'name' field in the - EndpointPort. - Optional if only one ServicePort is defined on this service. - type: string - nodePort: - description: |- - The port on each node on which this service is exposed when type is - NodePort or LoadBalancer. Usually assigned by the system. If a value is - specified, in-range, and not in use it will be used, otherwise the - operation will fail. If not specified, a port will be allocated if this - Service requires one. If this field is specified when creating a - Service which does not need it, creation will fail. This field will be - wiped when updating a Service to no longer need it (e.g. changing type - from NodePort to ClusterIP). - More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: |- - The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". - Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the pods targeted by the service. - Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named port in the - target Pod's container ports. If this is not specified, the value - of the 'port' field is used (an identity map). - This field is ignored for services with clusterIP=None, and should be - omitted or set equal to the 'port' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: |- - publishNotReadyAddresses indicates that any agent which deals with endpoints for this - Service should disregard any indications of ready/not-ready. - The primary use case for setting this field is for a StatefulSet's Headless Service to - propagate SRV DNS records for its Pods for the purpose of peer discovery. - The Kubernetes controllers that generate Endpoints and EndpointSlice resources for - Services interpret this to mean that all endpoints are considered "ready" even if the - Pods themselves are not. Agents which consume only Kubernetes generated endpoints - through the Endpoints or EndpointSlice resources can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: |- - Route service traffic to pods with label keys and values matching this - selector. If empty or not present, the service is assumed to have an - external process managing its endpoints, which Kubernetes will not - modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/ - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: |- - Supports "ClientIP" and "None". Used to maintain session affinity. - Enable client IP based session affinity. - Must be ClientIP or None. - Defaults to None. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. - properties: - timeoutSeconds: - description: |- - timeoutSeconds specifies the seconds of ClientIP type session sticky time. - The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". - Default value is 10800(for 3 hours). - format: int32 - type: integer - type: object - type: object - type: - description: |- - type determines how the Service is exposed. Defaults to ClusterIP. Valid - options are ExternalName, ClusterIP, NodePort, and LoadBalancer. - "ClusterIP" allocates a cluster-internal IP address for load-balancing - to endpoints. Endpoints are determined by the selector or if that is not - specified, by manual construction of an Endpoints object or - EndpointSlice objects. If clusterIP is "None", no virtual IP is - allocated and the endpoints are published as a set of endpoints rather - than a virtual IP. - "NodePort" builds on ClusterIP and allocates a port on every node which - routes to the same endpoints as the clusterIP. - "LoadBalancer" builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the same endpoints - as the clusterIP. - "ExternalName" aliases this service to the specified externalName. - Several other fields do not apply to ExternalName services. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types - type: string - type: object - status: - description: |- - Most recently observed status of the service. - Populated by the system. - Read-only. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - conditions: - description: Current service state - items: - description: "Condition contains details for one aspect - of the current state of this API Resource.\n---\nThis - struct is intended for direct use as an array at the - field path .status.conditions. For example,\n\n\n\ttype - FooStatus struct{\n\t // Represents the observations - of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t - \ // +patchMergeKey=type\n\t // +patchStrategy=merge\n\t - \ // +listType=map\n\t // +listMapKey=type\n\t - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, - False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - loadBalancer: - description: |- - LoadBalancer contains the current status of the load-balancer, - if one is present. - properties: - ingress: - description: |- - Ingress is a list containing ingress points for the load-balancer. - Traffic intended for the service should be sent to these ingress points. - items: - description: |- - LoadBalancerIngress represents the status of a load-balancer ingress point: - traffic intended for the service should be sent to an ingress point. - properties: - hostname: - description: |- - Hostname is set for load-balancer ingress points that are DNS based - (typically AWS load-balancers) - type: string - ip: - description: |- - IP is set for load-balancer ingress points that are IP based - (typically GCE or OpenStack load-balancers) - type: string - ports: - description: |- - Ports is a list of records of service ports - If used, every port defined in the service should have an entry in it - items: - properties: - error: - description: |- - Error is to record the problem with the service port - The format of the error shall comply with the following rules: - - built-in error values shall be specified in this file and those shall use - CamelCase names - - cloud provider specific error values must have names that comply with the - format foo.example.com/CamelCase. - --- - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of - the service port of which status is recorded - here - format: int32 - type: integer - protocol: - default: TCP - description: |- - Protocol is the protocol of the service port of which status is recorded here - The supported values are: "TCP", "UDP", "SCTP" - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - type: array - startScript: - default: /druid.sh - description: StartScript Path to Druid's start script to be run on - start. - type: string - startUpProbe: - description: StartUpProbe - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: |- - Command is the command line to execute inside the container, the working directory for the - command is root ('/') in the container's filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use - a shell, you need to explicitly call out to that shell. - Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: |- - Minimum consecutive failures for the probe to be considered failed after having succeeded. - Defaults to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - properties: - port: - description: Port number of the gRPC service. Number must - be in the range 1 to 65535. - format: int32 - type: integer - service: - description: |- - Service is the name of the service to place in the gRPC HealthCheckRequest - (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - - If this is not specified, the default behavior is defined by gRPC. - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: |- - Host name to connect to, defaults to the pod IP. You probably want to set - "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: |- - The header field name. - This will be canonicalized upon output, so case-variant names will be understood as the same header. - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Name or number of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: |- - Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: |- - Number of seconds after the container has started before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - periodSeconds: - description: |- - How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: |- - Minimum consecutive successes for the probe to be considered successful after having failed. - Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: |- - Number or name of the port to access on the container. - Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: |- - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. - The grace period is the duration in seconds after the processes running in the pod are sent - a termination signal and the time when the processes are forcibly halted with a kill signal. - Set this value longer than the expected cleanup time for your process. - If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates stop immediately via - the kill signal (no opportunity to shut down). - This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. - Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: |- - Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - format: int32 - type: integer - type: object - tolerations: - description: Tolerations Kubernetes native `tolerations` specification. - items: - description: |- - The pod this Toleration is attached to tolerates any taint that matches - the triple using the matching operator . - properties: - effect: - description: |- - Effect indicates the taint effect to match. Empty means match all taint effects. - When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: |- - Key is the taint key that the toleration applies to. Empty means match all taint keys. - If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: |- - Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod can - tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: |- - TolerationSeconds represents the period of time the toleration (which must be - of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do not evict). Zero and - negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: |- - Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - updateStrategy: - description: UpdateStrategy - properties: - rollingUpdate: - description: RollingUpdate is used to communicate parameters when - Type is RollingUpdateStatefulSetStrategyType. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - The maximum number of pods that can be unavailable during the update. - Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage by rounding up. This can not be 0. - Defaults to 1. This field is alpha-level and is only honored by servers that enable the - MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to - Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it - will be counted towards MaxUnavailable. - x-kubernetes-int-or-string: true - partition: - description: |- - Partition indicates the ordinal at which the StatefulSet should be partitioned - for updates. During a rolling update, all pods from ordinal Replicas-1 to - Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched. - This is helpful in being able to do a canary based deployment. The default value is 0. - format: int32 - type: integer - type: object - type: - description: |- - Type indicates the type of the StatefulSetUpdateStrategy. - Default is RollingUpdate. - type: string - type: object - volumeClaimTemplates: - description: VolumeClaimTemplates Kubernetes Native `VolumeClaimTemplate` - specification. - items: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - description: |- - Standard object's metadata. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - spec defines the desired characteristics of a volume requested by a pod author. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - type: object - status: - description: |- - status represents the current information/status of a persistent volume claim. - Read-only. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - accessModes: - description: |- - accessModes contains the actual access modes the volume backing the PVC has. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may - be larger than the actual capacity when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. - If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. - If a volume expansion capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress and if the actual volume capacity - is equal or lower than the requested capacity. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources of - the underlying volume. - type: object - conditions: - description: |- - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contains details - about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed the - condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: |- - reason is a unique, this should be a short, machine understandable string that gives the reason - for condition's last transition. If it reports "ResizeStarted" that means the underlying - persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType is - a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: phase represents the current phase of PersistentVolumeClaim. - type: string - resizeStatus: - description: |- - resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty - string by resize controller or kubelet. - This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - type: string - type: object - type: object - type: array - volumeMounts: - description: VolumeMounts Kubernetes Native `VolumeMount` specification. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: |- - Path within the container at which the volume should be mounted. Must - not contain ':'. - type: string - mountPropagation: - description: |- - mountPropagation determines how mounts are propagated from the host - to container and the other way around. - When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: |- - Mounted read-only if true, read-write otherwise (false or unspecified). - Defaults to false. - type: boolean - subPath: - description: |- - Path within the volume from which the container's volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: |- - Expanded path within the volume from which the container's volume should be mounted. - Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. - Defaults to "" (volume's root). - SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: Volumes Kubernetes Native `Volumes` specification. - items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: |- - awsElasticBlockStore represents an AWS Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - format: int32 - type: integer - readOnly: - description: |- - readOnly value true will force the readOnly setting in VolumeMounts. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: boolean - volumeID: - description: |- - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk in the - blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the blob - storage - type: string - fsType: - description: |- - fsType is Filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime - properties: - monitors: - description: |- - monitors is Required: Monitors is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - items: - type: string - type: array - path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' - type: string - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: boolean - secretFile: - description: |- - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - secretRef: - description: |- - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is optional: User is the rados user name, default is admin - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - type: string - required: - - monitors - type: object - cinder: - description: |- - cinder represents a cinder volume attached and mounted on kubelets host machine. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: boolean - secretRef: - description: |- - secretRef is optional: points to a secret object containing parameters used to connect - to OpenStack. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: |- - volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: |- - defaultMode is optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). - properties: - driver: - description: |- - driver is the name of the CSI driver that handles this volume. - Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: |- - fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated CSI driver - which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: |- - nodePublishSecretRef is a reference to the secret object containing - sensitive information to pass to the CSI driver to complete the CSI - NodePublishVolume and NodeUnpublishVolume calls. - This field is optional, and may be empty if no secret is required. If the - secret object contains more than one secret, all secret references are passed. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: |- - readOnly specifies a read-only configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: |- - volumeAttributes stores driver-specific properties that are passed to the CSI - driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: |- - Optional: mode bits to use on created files by default. Must be a - Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: |- - emptyDir represents a temporary directory that shares a pod's lifetime. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - properties: - medium: - description: |- - medium represents what type of storage medium should back this directory. - The default is "" which means to use the node's default medium. - Must be an empty string (default) or Memory. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: |- - sizeLimit is the total amount of local storage required for this EmptyDir volume. - The size limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir would be the minimum value between - the SizeLimit specified here and the sum of memory limits of all containers in a pod. - The default is nil which means that the limit is undefined. - More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: |- - ephemeral represents a volume that is handled by a cluster storage driver. - The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, - and deleted when the pod is removed. - - - Use this if: - a) the volume is only needed while the pod runs, - b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, - c) the storage driver is specified through a storage class, and - d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - - Use PersistentVolumeClaim or one of the vendor-specific - APIs for volumes that persist for longer than the lifecycle - of an individual pod. - - - Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to - be used that way - see the documentation of the driver for - more information. - - - A pod can use both types of ephemeral volumes and - persistent volumes at the same time. - properties: - volumeClaimTemplate: - description: |- - Will be used to create a stand-alone PVC to provision the volume. - The pod in which this EphemeralVolumeSource is embedded will be the - owner of the PVC, i.e. the PVC will be deleted together with the - pod. The name of the PVC will be `-` where - `` is the name from the `PodSpec.Volumes` array - entry. Pod validation will reject the pod if the concatenated name - is not valid for a PVC (for example, too long). - - - An existing PVC with that name that is not owned by the pod - will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC is - meant to be used by the pod, the PVC has to updated with an - owner reference to the pod once the pod exists. Normally - this should not be necessary, but it may be useful when - manually reconstructing a broken cluster. - - - This field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. - - - Required, must not be nil. - properties: - metadata: - description: |- - May contain labels and annotations that will be copied into the PVC - when creating it. No other fields are allowed and will be rejected during - validation. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: |- - The specification for the PersistentVolumeClaim. The entire content is - copied unchanged into the PVC that gets created from this - template. The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: |- - accessModes contains the desired access modes the volume should have. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 - items: - type: string - type: array - dataSource: - description: |- - dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller can support the specified data source, - it will create a new volume based on the contents of the specified data source. - When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, - and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will not be copied to dataSource. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: |- - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a non-empty API group (non - core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only succeed if the type of - the specified object matches some installed volume populator or dynamic - provisioner. - This field will replace the functionality of the dataSource field and as such - if both fields are non-empty, they must have the same value. For backwards - compatibility, when namespace isn't specified in dataSourceRef, - both fields (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other is non-empty. - When namespace is specified in dataSourceRef, - dataSource isn't set to the same value and must be empty. - There are three important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. - * While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. - (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - properties: - apiGroup: - description: |- - APIGroup is the group for the resource being referenced. - If APIGroup is not specified, the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: |- - Namespace is the namespace of resource being referenced - Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. - (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: |- - resources represents the minimum resources the volume should have. - If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements - that are lower than previous value but must still be higher than capacity recorded in the - status field of the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Limits describes the maximum amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: |- - Requests describes the minimum amount of compute resources required. - If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests cannot exceed Limits. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: |- - storageClassName is the name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - type: string - volumeMode: - description: |- - volumeMode defines what type of volume is required by the claim. - Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: |- - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: |- - wwids Optional: FC volume world wide identifiers (wwids) - Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - items: - type: string - type: array - type: object - flexVolume: - description: |- - flexVolume represents a generic volume resource that is - provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use for - this volume. - type: string - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds extra - command options if any.' - type: object - readOnly: - description: |- - readOnly is Optional: defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef is Optional: secretRef is reference to the secret object containing - sensitive information to pass to the plugin scripts. This may be - empty if no secret object is specified. If the secret object - contains more than one secret, all secrets are passed to the plugin - scripts. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: |- - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker - should be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: |- - gcePersistentDisk represents a GCE Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - properties: - fsType: - description: |- - fsType is filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - partition: - description: |- - partition is the partition in the volume that you want to mount. - If omitted, the default is to mount by volume name. - Examples: For volume /dev/sda1, you specify the partition as "1". - Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - format: int32 - type: integer - pdName: - description: |- - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - type: boolean - required: - - pdName - type: object - gitRepo: - description: |- - gitRepo represents a git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an - EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir - into the Pod's container. - properties: - directory: - description: |- - directory is the target directory name. - Must not contain or start with '..'. If '.' is supplied, the volume directory will be the - git repository. Otherwise, if specified, the volume will contain the git repository in - the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: |- - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/glusterfs/README.md - properties: - endpoints: - description: |- - endpoints is the endpoint name that details Glusterfs topology. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - path: - description: |- - path is the Glusterfs volume path. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: string - readOnly: - description: |- - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. - Defaults to false. - More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: |- - hostPath represents a pre-existing file or directory on the host - machine that is directly exposed to the container. This is generally - used for system agents or other privileged things that are allowed - to see the host machine. Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- - TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not - mount host directories as read/write. - properties: - path: - description: |- - path of the directory on the host. - If the path is a symlink, it will follow the link to the real path. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - type: - description: |- - type for HostPath Volume - Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - type: string - required: - - path - type: object - iscsi: - description: |- - iscsi represents an ISCSI Disk resource that is attached to a - kubelet's host machine and then exposed to the pod. - More info: https://examples.k8s.io/volumes/iscsi/README.md - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - initiatorName: - description: |- - initiatorName is the custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface - : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: |- - iscsiInterface is the interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: |- - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: |- - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port - is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: |- - name of the volume. - Must be a DNS_LABEL and unique within the pod. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - nfs: - description: |- - nfs represents an NFS mount on the host that shares a pod's lifetime - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - properties: - path: - description: |- - path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - readOnly: - description: |- - readOnly here will force the NFS export to be mounted with read-only permissions. - Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: boolean - server: - description: |- - server is the hostname or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: |- - persistentVolumeClaimVolumeSource represents a reference to a - PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - properties: - claimName: - description: |- - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - type: string - readOnly: - description: |- - readOnly Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: |- - fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: |- - defaultMode are the mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along with - other supported volume types - properties: - configMap: - description: configMap information about the configMap - data to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - ConfigMap will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI - data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: |- - Optional: mode bits used to set permissions on this file, must be an octal value - between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: |- - Selects a resource of the container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret data - to project - properties: - items: - description: |- - items if unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - optional: - description: optional field specify whether the - Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project - properties: - audience: - description: |- - audience is the intended audience of the token. A recipient of a token - must identify itself with an identifier specified in the audience of the - token, and otherwise should reject the token. The audience defaults to the - identifier of the apiserver. - type: string - expirationSeconds: - description: |- - expirationSeconds is the requested duration of validity of the service - account token. As the token approaches expiration, the kubelet volume - plugin will proactively rotate the service account token. The kubelet will - start trying to rotate the token if the token is older than 80 percent of - its time to live or if the token is older than 24 hours.Defaults to 1 hour - and must be at least 10 minutes. - format: int64 - type: integer - path: - description: |- - path is the path relative to the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: |- - group to map volume access to - Default is no group - type: string - readOnly: - description: |- - readOnly here will force the Quobyte volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: |- - registry represents a single or multiple Quobyte Registry services - specified as a string as host:port pair (multiple entries are separated with commas) - which acts as the central registry for volumes - type: string - tenant: - description: |- - tenant owning the given Quobyte volume in the Backend - Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: |- - user to map volume access to - Defaults to serivceaccount user - type: string - volume: - description: volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: |- - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. - More info: https://examples.k8s.io/volumes/rbd/README.md - properties: - fsType: - description: |- - fsType is the filesystem type of the volume that you want to mount. - Tip: Ensure that the filesystem type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from compromising the machine - type: string - image: - description: |- - image is the rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - keyring: - description: |- - keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - monitors: - description: |- - monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - items: - type: string - type: array - pool: - description: |- - pool is the rados pool name. - Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - readOnly: - description: |- - readOnly here will force the ReadOnly setting in VolumeMounts. - Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: boolean - secretRef: - description: |- - secretRef is name of the authentication secret for RBDUser. If provided - overrides keyring. - Default is nil. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: |- - user is the rados user name. - Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: |- - readOnly Defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef references to the secret for ScaleIO user and other - sensitive information. If this is not provided, Login operation will fail. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: |- - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. - type: string - system: - description: system is the name of the storage system as - configured in ScaleIO. - type: string - volumeName: - description: |- - volumeName is the name of a volume already created in the ScaleIO system - that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: |- - secret represents a secret that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - properties: - defaultMode: - description: |- - defaultMode is Optional: mode bits used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values - for mode bits. Defaults to 0644. - Directories within the path are not affected by this setting. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - items: - description: |- - items If unspecified, each key-value pair in the Data field of the referenced - Secret will be projected into the volume as a file whose name is the - key and content is the value. If specified, the listed keys will be - projected into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in the Secret, - the volume setup will error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: |- - mode is Optional: mode bits used to set permissions on this file. - Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. - If not specified, the volume defaultMode will be used. - This might be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - path: - description: |- - path is the relative path of the file to map the key to. - May not be an absolute path. - May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether the Secret or - its keys must be defined - type: boolean - secretName: - description: |- - secretName is the name of the secret in the pod's namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: |- - fsType is the filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: |- - readOnly defaults to false (read/write). ReadOnly here will force - the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: |- - secretRef specifies the secret to use for obtaining the StorageOS API - credentials. If not specified, default values will be attempted. - properties: - name: - description: |- - Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: |- - volumeName is the human-readable name of the StorageOS volume. Volume - names are only unique within a namespace. - type: string - volumeNamespace: - description: |- - volumeNamespace specifies the scope of the volume within StorageOS. If no - namespace is specified then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS for tighter integration. - Set VolumeName to any name to override the default behaviour. - Set to "default" if you are not using namespaces within StorageOS. - Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: |- - fsType is filesystem type to mount. - Must be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - workloadAnnotations: - additionalProperties: - type: string - description: |- - WorkloadAnnotations annotations to be populated in StatefulSet or Deployment spec. - if the same key is specified at both the DruidNodeSpec level and DruidSpec level, the DruidNodeSpec WorkloadAnnotations will take precedence. - type: object - zookeeper: - description: 'Zookeeper IGNORED (Future API): In order to make Druid - dependency setup extensible from within Druid operator.' - properties: - spec: - description: |- - RawMessage is a raw encoded JSON value. - It implements [Marshaler] and [Unmarshaler] and can - be used to delay JSON decoding or precompute a JSON encoding. - format: byte - type: string - type: - type: string - required: - - spec - - type - type: object - required: - - common.runtime.properties - - nodes - type: object - status: - description: DruidClusterStatus Defines the observed state of Druid. - properties: - configMaps: - items: - type: string - type: array - deployments: - items: - type: string - type: array - druidNodeStatus: - description: |- - INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - Important: Run "make" to regenerate code after modifying this file - properties: - druidNode: - type: string - druidNodeConditionStatus: - type: string - druidNodeConditionType: - type: string - reason: - type: string - type: object - hpAutoscalers: - items: - type: string - type: array - ingress: - items: - type: string - type: array - persistentVolumeClaims: - items: - type: string - type: array - podDisruptionBudgets: - items: - type: string - type: array - pods: - items: - type: string - type: array - services: - items: - type: string - type: array - statefulSets: - items: - type: string - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/druid-operator/config/crd/kustomization.yaml b/druid-operator/config/crd/kustomization.yaml deleted file mode 100644 index fc9a8d202160..000000000000 --- a/druid-operator/config/crd/kustomization.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# This kustomization.yaml is not intended to be run by itself, -# since it depends on service name and namespace that are out of this kustomize package. -# It should be run by config/default -resources: -- bases/druid.apache.org_druids.yaml -- bases/druid.apache.org_druidingestions.yaml -#+kubebuilder:scaffold:crdkustomizeresource - -patchesStrategicMerge: -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. -# patches here are for enabling the conversion webhook for each CRD -#- patches/webhook_in_druids.yaml -#- patches/webhook_in_druidingestions.yaml -#+kubebuilder:scaffold:crdkustomizewebhookpatch - -# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. -# patches here are for enabling the CA injection for each CRD -#- patches/cainjection_in_druids.yaml -#- patches/cainjection_in_druidingestions.yaml -#+kubebuilder:scaffold:crdkustomizecainjectionpatch - -# the following config is for teaching kustomize how to do kustomization for CRDs. -configurations: -- kustomizeconfig.yaml diff --git a/druid-operator/config/crd/kustomizeconfig.yaml b/druid-operator/config/crd/kustomizeconfig.yaml deleted file mode 100644 index 35c67e1dff60..000000000000 --- a/druid-operator/config/crd/kustomizeconfig.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# This file is for teaching kustomize how to substitute name and namespace reference in CRD -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name - -namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false - -varReference: -- path: metadata/annotations diff --git a/druid-operator/config/crd/patches/cainjection_in_druid_druidingestions.yaml b/druid-operator/config/crd/patches/cainjection_in_druid_druidingestions.yaml deleted file mode 100644 index 2a3a683a6b20..000000000000 --- a/druid-operator/config/crd/patches/cainjection_in_druid_druidingestions.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: druidingestions.druid.apache.org diff --git a/druid-operator/config/crd/patches/cainjection_in_druids.yaml b/druid-operator/config/crd/patches/cainjection_in_druids.yaml deleted file mode 100644 index 1b99796a41b9..000000000000 --- a/druid-operator/config/crd/patches/cainjection_in_druids.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) - name: druids.druid.apache.org diff --git a/druid-operator/config/crd/patches/webhook_in_druid_druidingestions.yaml b/druid-operator/config/crd/patches/webhook_in_druid_druidingestions.yaml deleted file mode 100644 index 6d091bdadf00..000000000000 --- a/druid-operator/config/crd/patches/webhook_in_druid_druidingestions.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: druidingestions.druid.apache.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/druid-operator/config/crd/patches/webhook_in_druids.yaml b/druid-operator/config/crd/patches/webhook_in_druids.yaml deleted file mode 100644 index 554459ba5bbc..000000000000 --- a/druid-operator/config/crd/patches/webhook_in_druids.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: druids.druid.apache.org -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/druid-operator/config/default/kustomization.yaml b/druid-operator/config/default/kustomization.yaml deleted file mode 100644 index 1fffe69be5b4..000000000000 --- a/druid-operator/config/default/kustomization.yaml +++ /dev/null @@ -1,87 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# Adds namespace to all resources. -namespace: druid-operator-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: druid-operator- - -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: -- ../crd -- ../rbac -- ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml - - - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# the following config is for teaching kustomize how to do var substitution -vars: -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service diff --git a/druid-operator/config/default/manager_auth_proxy_patch.yaml b/druid-operator/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index f8b31bad8096..000000000000 --- a/druid-operator/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - ppc64le - - s390x - - key: kubernetes.io/os - operator: In - values: - - linux - containers: - - name: kube-rbac-proxy - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=0" - ports: - - containerPort: 8443 - protocol: TCP - name: https - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" diff --git a/druid-operator/config/default/manager_config_patch.yaml b/druid-operator/config/default/manager_config_patch.yaml deleted file mode 100644 index 336970320d32..000000000000 --- a/druid-operator/config/default/manager_config_patch.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager diff --git a/druid-operator/config/druid.apache.org_druids.yaml b/druid-operator/config/druid.apache.org_druids.yaml deleted file mode 100644 index d604dd5391a6..000000000000 --- a/druid-operator/config/druid.apache.org_druids.yaml +++ /dev/null @@ -1,11575 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.2 - creationTimestamp: null - name: druids.druid.apache.org -spec: - group: druid.apache.org - names: - kind: Druid - listKind: DruidList - plural: druids - singular: druid - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Druid is the Schema for the druids API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DruidSpec defines the desired state of Druid - properties: - additionalContainer: - description: Operator deploys the sidecar container based on these - properties. Sidecar will be deployed for all the Druid pods. - items: - description: AdditionalContainer defines the additional sidecar - container - properties: - args: - description: Argument to call the command - items: - type: string - type: array - command: - description: This is the command for the additional container - to run. - items: - type: string - type: array - containerName: - description: This is the name of the additional container. - type: string - env: - description: Environment variables for the Additional Container - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: Extra environment variables - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - image: - description: This is the image for the additional container - to run. - type: string - imagePullPolicy: - description: If not present, will be taken from top level spec - type: string - resources: - description: CPU/Memory Resources - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - runAsInit: - type: boolean - securityContext: - description: ContainerSecurityContext. If not present, will - be taken from top level pod - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - volumeMounts: - description: Volumes etc for the Druid pods - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - required: - - command - - containerName - - image - type: object - type: array - affinity: - description: Affinity to be used to for enabling node, pod affinity - and anti-affinity - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the - pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the - highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a no-op). - A null preferred scheduling term matches no objects (i.e. - is also a no-op). - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists, DoesNotExist. Gt, and - Lt. - type: string - values: - description: An array of string values. If - the operator is In or NotIn, the values - array must be non-empty. If the operator - is Exists or DoesNotExist, the values array - must be empty. If the operator is Gt or - Lt, the values array must have a single - element, which will be interpreted as an - integer. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the affinity expressions specified by - this field, but it may choose a node that violates one or - more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may - not try to eventually evict the pod from its node. When - there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms - must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to - nodes that satisfy the anti-affinity expressions specified - by this field, but it may choose a node that violates one - or more of the expressions. The node that is most preferred - is the one with the greatest sum of weights, i.e. for each - node that meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements of - this field and adding "weight" to the sum if the node has - pods which matches the corresponding podAffinityTerm; the - node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces field. - null selector and null or empty namespaces list - means "this pod's namespace". An empty selector - ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. The - term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces list - and null namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey - matches that of any node on which any of the selected - pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will - not be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its - node. When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, i.e. - all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of - pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied to the - union of the namespaces selected by this field and - the ones listed in the namespaces field. null selector - and null or empty namespaces list means "this pod's - namespace". An empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list of namespace - names that the term applies to. The term is applied - to the union of the namespaces listed in this field - and the ones selected by namespaceSelector. null or - empty namespaces list and null namespaceSelector means - "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of - any node on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - common.runtime.properties: - description: common.runtime.properties contents - type: string - commonConfigMountPath: - description: In-container directory to mount with common.runtime.properties - type: string - containerSecurityContext: - description: druid pods container-security-context - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process - can gain more privileges than its parent process. This bool - directly controls if the no_new_privs flag will be set on the - container process. AllowPrivilegeEscalation is true always when - the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN - Note that this field cannot be set when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by the container - runtime. Note that this field cannot be set when spec.os.name - is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged - containers are essentially equivalent to root on the host. Defaults - to false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for - the containers. The default is DefaultProcMount which uses the - container runtime defaults for readonly paths and masked paths. - This requires the ProcMountType feature flag to be enabled. - Note that this field cannot be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. Note that this field cannot be set when spec.os.name - is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when spec.os.name - is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence. Note that this - field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. If - seccomp options are provided at both the pod & container level, - the container options override the pod options. Note that this - field cannot be set when spec.os.name is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options from the PodSecurityContext will - be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: string - type: object - type: object - core-site.xml: - type: string - deepStorage: - properties: - spec: - description: RawMessage is a raw encoded JSON value. It implements - Marshaler and Unmarshaler and can be used to delay JSON decoding - or precompute a JSON encoding. - format: byte - type: string - type: - type: string - required: - - spec - - type - type: object - deleteOrphanPvc: - description: Default is set to true, orphaned ( unmounted pvc's ) - shall be cleaned up by the operator. - type: boolean - disablePVCDeletionFinalizer: - description: Default is set to false, pvc shall be deleted on deletion - of CR - type: boolean - env: - description: Environment variables for druid containers - items: - description: EnvVar represents an environment variable present in - a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using - the previously defined environment variables in the container - and any service environment variables. If a variable cannot - be resolved, the reference in the input string will be unchanged. - Double $$ are reduced to a single $, which allows for escaping - the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the - string literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot - be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the exposed - resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: Extra environment variables - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - forceDeleteStsPodOnError: - type: boolean - hdfs-site.xml: - description: HDFS common config - type: string - ignored: - default: false - description: 'Ignored is now deprecated API. In order to avoid reconciliation - of objects use the druid.apache.org/ignored: "true" annotation' - type: boolean - image: - description: Required here or at nodeSpec level - type: string - imagePullPolicy: - description: PullPolicy describes a policy for if/when to pull a container - image - type: string - imagePullSecrets: - description: imagePullSecrets for private registries - items: - description: LocalObjectReference contains enough information to - let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - jvm.options: - description: jvm options for druid jvm processes - type: string - livenessProbe: - description: Port is set to druid.port if not specified with httpGet - handler - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command is - simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. This - is a beta field and requires enabling GRPCContainerProbe feature - gate. - properties: - port: - description: Port number of the gRPC service. Number must - be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to place - in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to terminate - gracefully upon probe failure. The grace period is the duration - in seconds after the processes running in the pod are sent a - termination signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates stop immediately - via the kill signal (no opportunity to shut down). This is a - beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - log4j.config: - description: log4j config contents - type: string - metadataStore: - properties: - spec: - description: RawMessage is a raw encoded JSON value. It implements - Marshaler and Unmarshaler and can be used to delay JSON decoding - or precompute a JSON encoding. - format: byte - type: string - type: - type: string - required: - - spec - - type - type: object - metricDimensions.json: - description: Custom Dimension Map Path for statsd emitter - type: string - nodeSelector: - additionalProperties: - type: string - description: Node selector to be used by Druid statefulsets - type: object - nodes: - additionalProperties: - properties: - affinity: - description: Affinity to be used to for enabling node, pod affinity - and anti-affinity - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for - the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches - all objects with implicit weight 0 (i.e. it's a - no-op). A null preferred scheduling term matches - no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. If - the operator is Gt or Lt, the values - array must have a single element, - which will be interpreted as an integer. - This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. If - the operator is Gt or Lt, the values - array must have a single element, - which will be interpreted as an integer. - This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching the - corresponding nodeSelectorTerm, in the range - 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to an - update), the system may or may not try to eventually - evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. - The terms are ORed. - items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. If - the operator is Gt or Lt, the values - array must have a single element, - which will be interpreted as an integer. - This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, the - values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. If - the operator is Gt or Lt, the values - array must have a single element, - which will be interpreted as an integer. - This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the affinity expressions specified - by this field, but it may choose a node that violates - one or more of the expressions. The node that is most - preferred is the one with the greatest sum of weights, - i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating - through the elements of this field and adding "weight" - to the sum if the node has pods which matches the - corresponding podAffinityTerm; the node(s) with the - highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of - namespaces that the term applies to. The - term is applied to the union of the namespaces - selected by this field and the ones listed - in the namespaces field. null selector and - null or empty namespaces list means "this - pod's namespace". An empty selector ({}) - matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static - list of namespace names that the term applies - to. The term is applied to the union of - the namespaces listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose value - of the label with key topologyKey matches - that of any node on which any of the selected - pods is running. Empty topologyKey is not - allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range - 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a - pod label update), the system may or may not try to - eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all - terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or - not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any - node on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, etc. - as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods - to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the greatest - sum of weights, i.e. for each node that meets all - of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the - node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of - namespaces that the term applies to. The - term is applied to the union of the namespaces - selected by this field and the ones listed - in the namespaces field. null selector and - null or empty namespaces list means "this - pod's namespace". An empty selector ({}) - matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static - list of namespace names that the term applies - to. The term is applied to the union of - the namespaces listed in this field and - the ones selected by namespaceSelector. - null or empty namespaces list and null namespaceSelector - means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose value - of the label with key topologyKey matches - that of any node on which any of the selected - pods is running. Empty topologyKey is not - allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the - corresponding podAffinityTerm, in the range - 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the anti-affinity - requirements specified by this field cease to be met - at some point during pod execution (e.g. due to a - pod label update), the system may or may not try to - eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all - terms must be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or - not co-located (anti-affinity) with, where co-located - is defined as running on a node whose value of the - label with key matches that of any - node on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by this - field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list of - label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, a - key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected by - namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified - namespaces, where co-located is defined as running - on a node whose value of the label with key - topologyKey matches that of any node on which - any of the selected pods is running. Empty topologyKey - is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - containerSecurityContext: - description: Druid pods container-security-context - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether - a process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN Note that this field cannot be set - when spec.os.name is windows.' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. - Defaults to the default set of capabilities granted by - the container runtime. Note that this field cannot be - set when spec.os.name is windows. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities - type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes - in privileged containers are essentially equivalent to - root on the host. Defaults to false. Note that this field - cannot be set when spec.os.name is windows. - type: boolean - procMount: - description: procMount denotes the type of proc mount to - use for the containers. The default is DefaultProcMount - which uses the container runtime defaults for readonly - paths and masked paths. This requires the ProcMountType - feature flag to be enabled. Note that this field cannot - be set when spec.os.name is windows. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root - filesystem. Default is false. Note that this field cannot - be set when spec.os.name is windows. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in PodSecurityContext. If set in both - SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by this container. - If seccomp options are provided at both the pod & container - level, the container options override the pod options. - Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options from the PodSecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. - Note that this field cannot be set when spec.os.name is - linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - druid.port: - description: Port used by Druid Process - format: int32 - type: integer - env: - description: Extra environment variables - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be - a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in the - input string will be unchanged. Double $$ are reduced - to a single $, which allows for escaping the $(VAR_NAME) - syntax: i.e. "$$(VAR_NAME)" will produce the string - literal "$(VAR_NAME)". Escaped references will never - be expanded, regardless of whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports - metadata.name, metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, requests.cpu, - requests.memory and requests.ephemeral-storage) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - envFrom: - description: Extra environment variables - items: - description: EnvFromSource represents the source of a set - of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap must be - defined - type: boolean - type: object - x-kubernetes-map-type: atomic - prefix: - description: An optional identifier to prepend to each - key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - type: object - type: array - extra.jvm.options: - description: This appends extra jvm options to JvmOptions field - type: string - hpAutoscaler: - description: HorizontalPodAutoscalerSpec describes the desired - functionality of the HorizontalPodAutoscaler. - properties: - behavior: - description: behavior configures the scaling behavior of - the target in both Up and Down directions (scaleUp and - scaleDown fields respectively). If not set, the default - HPAScalingRules for scale up and scale down are used. - properties: - scaleDown: - description: scaleDown is scaling policy for scaling - Down. If not set, the default value is to allow to - scale down to minReplicas pods, with a 300 second - stabilization window (i.e., the highest recommendation - for the last 300sec is used). - properties: - policies: - description: policies is a list of potential scaling - polices which can be used during scaling. At least - one policy must be specified, otherwise the HPAScalingRules - will be discarded as invalid - items: - description: HPAScalingPolicy is a single policy - which must hold true for a specified past interval. - properties: - periodSeconds: - description: PeriodSeconds specifies the window - of time for which the policy should hold - true. PeriodSeconds must be greater than - zero and less than or equal to 1800 (30 - min). - format: int32 - type: integer - type: - description: Type is used to specify the scaling - policy. - type: string - value: - description: Value contains the amount of - change which is permitted by the policy. - It must be greater than zero - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - x-kubernetes-list-type: atomic - selectPolicy: - description: selectPolicy is used to specify which - policy should be used. If not set, the default - value Max is used. - type: string - stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the - number of seconds for which past recommendations - should be considered while scaling up or scaling - down. StabilizationWindowSeconds must be greater - than or equal to zero and less than or equal to - 3600 (one hour). If not set, use the default values: - - For scale up: 0 (i.e. no stabilization is done). - - For scale down: 300 (i.e. the stabilization - window is 300 seconds long).' - format: int32 - type: integer - type: object - scaleUp: - description: 'scaleUp is scaling policy for scaling - Up. If not set, the default value is the higher of: - * increase no more than 4 pods per 60 seconds * double - the number of pods per 60 seconds No stabilization - is used.' - properties: - policies: - description: policies is a list of potential scaling - polices which can be used during scaling. At least - one policy must be specified, otherwise the HPAScalingRules - will be discarded as invalid - items: - description: HPAScalingPolicy is a single policy - which must hold true for a specified past interval. - properties: - periodSeconds: - description: PeriodSeconds specifies the window - of time for which the policy should hold - true. PeriodSeconds must be greater than - zero and less than or equal to 1800 (30 - min). - format: int32 - type: integer - type: - description: Type is used to specify the scaling - policy. - type: string - value: - description: Value contains the amount of - change which is permitted by the policy. - It must be greater than zero - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - x-kubernetes-list-type: atomic - selectPolicy: - description: selectPolicy is used to specify which - policy should be used. If not set, the default - value Max is used. - type: string - stabilizationWindowSeconds: - description: 'StabilizationWindowSeconds is the - number of seconds for which past recommendations - should be considered while scaling up or scaling - down. StabilizationWindowSeconds must be greater - than or equal to zero and less than or equal to - 3600 (one hour). If not set, use the default values: - - For scale up: 0 (i.e. no stabilization is done). - - For scale down: 300 (i.e. the stabilization - window is 300 seconds long).' - format: int32 - type: integer - type: object - type: object - maxReplicas: - description: maxReplicas is the upper limit for the number - of replicas to which the autoscaler can scale up. It cannot - be less that minReplicas. - format: int32 - type: integer - metrics: - description: metrics contains the specifications for which - to use to calculate the desired replica count (the maximum - replica count across all metrics will be used). The desired - replica count is calculated multiplying the ratio between - the target value and the current value by the current - number of pods. Ergo, metrics used must decrease as the - pod count is increased, and vice-versa. See the individual - metric source types for more information about how each - type of metric must respond. If not set, the default metric - will be set to 80% average CPU utilization. - items: - description: MetricSpec specifies how to scale based on - a single metric (only `type` and one other matching - field should be set at once). - properties: - containerResource: - description: containerResource refers to a resource - metric (such as those specified in requests and - limits) known to Kubernetes describing a single - container in each pod of the current scale target - (e.g. CPU or memory). Such metrics are built in - to Kubernetes, and have special scaling options - on top of those available to normal per-pod metrics - using the "pods" source. This is an alpha feature - and can be enabled by the HPAContainerMetrics feature - flag. - properties: - container: - description: container is the name of the container - in the pods of the scaling target - type: string - name: - description: name is the name of the resource - in question. - type: string - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: averageUtilization is the target - value of the average of the resource metric - across all relevant pods, represented as - a percentage of the requested value of the - resource for the pods. Currently only valid - for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: averageValue is the target value - of the average of the metric across all - relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - container - - name - - target - type: object - external: - description: external refers to a global metric that - is not associated with any Kubernetes object. It - allows autoscaling based on information coming from - components running outside of cluster (for example - length of queue in cloud messaging service, or QPS - from loadbalancer running outside of cluster). - properties: - metric: - description: metric identifies the target metric - by name and selector - properties: - name: - description: name is the name of the given - metric - type: string - selector: - description: selector is the string-encoded - form of a standard kubernetes label selector - for the given metric When set, it is passed - as an additional parameter to the metrics - server for more specific metrics scoping. - When unset, just the metricName will be - used to gather metrics. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - name - type: object - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: averageUtilization is the target - value of the average of the resource metric - across all relevant pods, represented as - a percentage of the requested value of the - resource for the pods. Currently only valid - for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: averageValue is the target value - of the average of the metric across all - relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - metric - - target - type: object - object: - description: object refers to a metric describing - a single kubernetes object (for example, hits-per-second - on an Ingress object). - properties: - describedObject: - description: describedObject specifies the descriptions - of a object,such as kind,name apiVersion - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: 'Kind of the referent; More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent; More info: - http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - required: - - kind - - name - type: object - metric: - description: metric identifies the target metric - by name and selector - properties: - name: - description: name is the name of the given - metric - type: string - selector: - description: selector is the string-encoded - form of a standard kubernetes label selector - for the given metric When set, it is passed - as an additional parameter to the metrics - server for more specific metrics scoping. - When unset, just the metricName will be - used to gather metrics. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - name - type: object - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: averageUtilization is the target - value of the average of the resource metric - across all relevant pods, represented as - a percentage of the requested value of the - resource for the pods. Currently only valid - for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: averageValue is the target value - of the average of the metric across all - relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - describedObject - - metric - - target - type: object - pods: - description: pods refers to a metric describing each - pod in the current scale target (for example, transactions-processed-per-second). The - values will be averaged together before being compared - to the target value. - properties: - metric: - description: metric identifies the target metric - by name and selector - properties: - name: - description: name is the name of the given - metric - type: string - selector: - description: selector is the string-encoded - form of a standard kubernetes label selector - for the given metric When set, it is passed - as an additional parameter to the metrics - server for more specific metrics scoping. - When unset, just the metricName will be - used to gather metrics. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - name - type: object - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: averageUtilization is the target - value of the average of the resource metric - across all relevant pods, represented as - a percentage of the requested value of the - resource for the pods. Currently only valid - for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: averageValue is the target value - of the average of the metric across all - relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - metric - - target - type: object - resource: - description: resource refers to a resource metric - (such as those specified in requests and limits) - known to Kubernetes describing each pod in the current - scale target (e.g. CPU or memory). Such metrics - are built in to Kubernetes, and have special scaling - options on top of those available to normal per-pod - metrics using the "pods" source. - properties: - name: - description: name is the name of the resource - in question. - type: string - target: - description: target specifies the target value - for the given metric - properties: - averageUtilization: - description: averageUtilization is the target - value of the average of the resource metric - across all relevant pods, represented as - a percentage of the requested value of the - resource for the pods. Currently only valid - for Resource metric source type - format: int32 - type: integer - averageValue: - anyOf: - - type: integer - - type: string - description: averageValue is the target value - of the average of the metric across all - relevant pods (as a quantity) - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: - description: type represents whether the metric - type is Utilization, Value, or AverageValue - type: string - value: - anyOf: - - type: integer - - type: string - description: value is the target value of - the metric (as a quantity). - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - required: - - type - type: object - required: - - name - - target - type: object - type: - description: 'type is the type of metric source. It - should be one of "ContainerResource", "External", - "Object", "Pods" or "Resource", each mapping to - a matching field in the object. Note: "ContainerResource" - type is available on when the feature-gate HPAContainerMetrics - is enabled' - type: string - required: - - type - type: object - type: array - x-kubernetes-list-type: atomic - minReplicas: - description: minReplicas is the lower limit for the number - of replicas to which the autoscaler can scale down. It - defaults to 1 pod. minReplicas is allowed to be 0 if - the alpha feature gate HPAScaleToZero is enabled and at - least one Object or External metric is configured. Scaling - is active as long as at least one metric value is available. - format: int32 - type: integer - scaleTargetRef: - description: scaleTargetRef points to the target resource - to scale, and is used to the pods for which metrics should - be collected, as well as to actually change the replica - count. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: 'Kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - required: - - kind - - name - type: object - required: - - maxReplicas - - scaleTargetRef - type: object - image: - description: Overrides image from top level, Required if no - image specified at top level - type: string - imagePullPolicy: - description: Overrides imagePullPolicy from top level - type: string - imagePullSecrets: - description: Overrides imagePullSecrets from top level - items: - description: LocalObjectReference contains enough information - to let you locate the referenced object inside the same - namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - ingress: - description: Ingress Spec - properties: - defaultBackend: - description: DefaultBackend is the backend that should handle - requests that don't match any rule. If Rules are not specified, - DefaultBackend must be specified. If DefaultBackend is - not set, the handling of requests that do not match any - of the rules will be up to the Ingress controller. - properties: - resource: - description: Resource is an ObjectRef to another Kubernetes - resource in the namespace of the Ingress object. If - resource is specified, a service.Name and service.Port - must not be specified. This is a mutually exclusive - setting with "Service". - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - service: - description: Service references a Service as a Backend. - This is a mutually exclusive setting with "Resource". - properties: - name: - description: Name is the referenced service. The - service must exist in the same namespace as the - Ingress object. - type: string - port: - description: Port of the referenced service. A port - name or port number is required for a IngressServiceBackend. - properties: - name: - description: Name is the name of the port on - the Service. This is a mutually exclusive - setting with "Number". - type: string - number: - description: Number is the numerical port number - (e.g. 80) on the Service. This is a mutually - exclusive setting with "Name". - format: int32 - type: integer - type: object - required: - - name - type: object - type: object - ingressClassName: - description: IngressClassName is the name of an IngressClass - cluster resource. Ingress controller implementations use - this field to know whether they should be serving this - Ingress resource, by a transitive connection (controller - -> IngressClass -> Ingress resource). Although the `kubernetes.io/ingress.class` - annotation (simple constant name) was never formally defined, - it was widely supported by Ingress controllers to create - a direct binding between Ingress controller and Ingress - resources. Newly created Ingress resources should prefer - using the field. However, even though the annotation is - officially deprecated, for backwards compatibility reasons, - ingress controllers should still honor that annotation - if present. - type: string - rules: - description: A list of host rules used to configure the - Ingress. If unspecified, or no rule matches, all traffic - is sent to the default backend. - items: - description: IngressRule represents the rules mapping - the paths under a specified host to the related backend - services. Incoming requests are first evaluated for - a host match, then routed to the backend associated - with the matching IngressRuleValue. - properties: - host: - description: "Host is the fully qualified domain name - of a network host, as defined by RFC 3986. Note - the following deviations from the \"host\" part - of the URI as defined in RFC 3986: 1. IPs are not - allowed. Currently an IngressRuleValue can only - apply to the IP in the Spec of the parent Ingress. - 2. The `:` delimiter is not respected because ports - are not allowed. Currently the port of an Ingress - is implicitly :80 for http and :443 for https. Both - these may change in the future. Incoming requests - are matched against the host before the IngressRuleValue. - If the host is unspecified, the Ingress routes all - traffic based on the specified IngressRuleValue. - \n Host can be \"precise\" which is a domain name - without the terminating dot of a network host (e.g. - \"foo.bar.com\") or \"wildcard\", which is a domain - name prefixed with a single wildcard label (e.g. - \"*.foo.com\"). The wildcard character '*' must - appear by itself as the first DNS label and matches - only a single label. You cannot have a wildcard - label by itself (e.g. Host == \"*\"). Requests will - be matched against the Host field in the following - way: 1. If Host is precise, the request matches - this rule if the http host header is equal to Host. - 2. If Host is a wildcard, then the request matches - this rule if the http host header is to equal to - the suffix (removing the first label) of the wildcard - rule." - type: string - http: - description: 'HTTPIngressRuleValue is a list of http - selectors pointing to backends. In the example: - http:///? -> backend where - where parts of the url correspond to RFC 3986, this - resource will be used to match against everything - after the last ''/'' and before the first ''?'' - or ''#''.' - properties: - paths: - description: A collection of paths that map requests - to backends. - items: - description: HTTPIngressPath associates a path - with a backend. Incoming urls matching the - path are forwarded to the backend. - properties: - backend: - description: Backend defines the referenced - service endpoint to which the traffic - will be forwarded to. - properties: - resource: - description: Resource is an ObjectRef - to another Kubernetes resource in - the namespace of the Ingress object. - If resource is specified, a service.Name - and service.Port must not be specified. - This is a mutually exclusive setting - with "Service". - properties: - apiGroup: - description: APIGroup is the group - for the resource being referenced. - If APIGroup is not specified, - the specified Kind must be in - the core API group. For any other - third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of - resource being referenced - type: string - name: - description: Name is the name of - resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - service: - description: Service references a Service - as a Backend. This is a mutually exclusive - setting with "Resource". - properties: - name: - description: Name is the referenced - service. The service must exist - in the same namespace as the Ingress - object. - type: string - port: - description: Port of the referenced - service. A port name or port number - is required for a IngressServiceBackend. - properties: - name: - description: Name is the name - of the port on the Service. - This is a mutually exclusive - setting with "Number". - type: string - number: - description: Number is the numerical - port number (e.g. 80) on the - Service. This is a mutually - exclusive setting with "Name". - format: int32 - type: integer - type: object - required: - - name - type: object - type: object - path: - description: Path is matched against the - path of an incoming request. Currently - it can contain characters disallowed from - the conventional "path" part of a URL - as defined by RFC 3986. Paths must begin - with a '/' and must be present when using - PathType with value "Exact" or "Prefix". - type: string - pathType: - description: 'PathType determines the interpretation - of the Path matching. PathType can be - one of the following values: * Exact: - Matches the URL path exactly. * Prefix: - Matches based on a URL path prefix split - by ''/''. Matching is done on a path element - by element basis. A path element refers - is the list of labels in the path split - by the ''/'' separator. A request is a - match for path p if every p is an element-wise - prefix of p of the request path. Note - that if the last element of the path is - a substring of the last element in request - path, it is not a match (e.g. /foo/bar - matches /foo/bar/baz, but does not match - /foo/barbaz). * ImplementationSpecific: - Interpretation of the Path matching is - up to the IngressClass. Implementations - can treat this as a separate PathType - or treat it identically to Prefix or Exact - path types. Implementations are required - to support all path types.' - type: string - required: - - backend - - pathType - type: object - type: array - x-kubernetes-list-type: atomic - required: - - paths - type: object - type: object - type: array - x-kubernetes-list-type: atomic - tls: - description: TLS configuration. Currently the Ingress only - supports a single TLS port, 443. If multiple members of - this list specify different hosts, they will be multiplexed - on the same port according to the hostname specified through - the SNI TLS extension, if the ingress controller fulfilling - the ingress supports SNI. - items: - description: IngressTLS describes the transport layer - security associated with an Ingress. - properties: - hosts: - description: Hosts are a list of hosts included in - the TLS certificate. The values in this list must - match the name/s used in the tlsSecret. Defaults - to the wildcard host setting for the loadbalancer - controller fulfilling this Ingress, if left unspecified. - items: - type: string - type: array - x-kubernetes-list-type: atomic - secretName: - description: SecretName is the name of the secret - used to terminate TLS traffic on port 443. Field - is left optional to allow TLS routing based on SNI - hostname alone. If the SNI host in a listener conflicts - with the "Host" header field used by an IngressRule, - the SNI host is used for termination and value of - the Host header is used for routing. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - ingressAnnotations: - additionalProperties: - type: string - description: Ingress Annoatations to be populated in ingress - spec - type: object - jvm.options: - description: This overrides JvmOptions at top level - type: string - kind: - description: 'Defaults to statefulsets. Note: volumeClaimTemplates - are ignored when kind=Deployment' - type: string - lifecycle: - description: Lifecycle describes actions that the management - system should take in response to container lifecycle events. - For the PostStart and PreStop lifecycle handlers, management - of the container blocks until the action is complete, unless - the container process fails, in which case the handler is - aborted. - properties: - postStart: - description: 'PostStart is called immediately after a container - is created. If the handler fails, the container is terminated - and restarted according to its restart policy. Other management - of the container blocks until the hook completes. More - info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container - is terminated due to an API request or management event - such as liveness/startup probe failure, preemption, resource - contention, etc. The handler is not called if the container - crashes or exits. The Pod''s termination grace period - countdown begins before the PreStop hook is executed. - Regardless of the outcome of the handler, the container - will eventually terminate within the Pod''s termination - grace period (unless delayed by finalizers). Other management - of the container blocks until the hook completes or until - the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's - filesystem. The command is simply exec'd, it is - not run inside a shell, so traditional shell instructions - ('|', etc) won't work. To use a shell, you need - to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is - unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the - host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: Deprecated. TCPSocket is NOT supported - as a LifecycleHandler and kept for the backward compatibility. - There are no validation of this field and lifecycle - hooks will fail in runtime when tcp handler is specified. - properties: - host: - description: 'Optional: Host name to connect to, - defaults to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access - on the container. Number must be in the range - 1 to 65535. Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - description: Probe describes a health check to be performed - against a container to determine whether it is alive or ready - to receive traffic. - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - log4j.config: - description: This overrides Log4jConfig at top level - type: string - maxSurge: - description: maxSurge for deployment object, only applicable - if kind=Deployment, by default set to 25% - format: int32 - type: integer - maxUnavailable: - description: maxUnavailable for deployment object, only applicable - if kind=Deployment, by default set to 25% - format: int32 - type: integer - nodeConfigMountPath: - description: in-container directory to mount with runtime.properties, - jvm.config, log4j2.xml files - type: string - nodeSelector: - additionalProperties: - type: string - description: Node selector to be used by Druid statefulsets - type: object - nodeType: - description: Druid node type - enum: - - historical - - overlord - - middleManager - - indexer - - broker - - coordinator - - router - type: string - persistentVolumeClaim: - items: - description: PersistentVolumeClaim is a user's request for - and claim to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal value, - and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the - REST resource this object represents. Servers may infer - this from the endpoint the client submits requests to. - Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: 'spec defines the desired characteristics - of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be copied to - dataSourceRef, and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a - non-empty API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource and dataSourceRef) - will be set to the same value automatically if one - of them is empty and the other is non-empty. When - namespace is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. * While dataSource only allows local - objects, dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept the - reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: 'status represents the current information/status - of a persistent volume claim. Read-only. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the actual access - modes the volume backing the PVC has. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for - quota calculation. If a volume expansion capacity - request is lowered, allocatedResources is only lowered - if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: conditions is the current Condition of - persistent volume claim. If underlying persistent - volume is being resized then the Condition will - be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: reason is a unique, this should - be a short, machine understandable string - that gives the reason for condition's last - transition. If it reports "ResizeStarted" - that means the underlying persistent volume - is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - resizeStatus: - description: resizeStatus stores status of resize - operation. ResizeStatus is not set by default but - when expansion is complete resizeStatus is set to - empty string by resize controller or kubelet. This - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. - type: string - type: object - type: object - type: array - podAnnotations: - additionalProperties: - type: string - description: Custom annotations to be populated in Druid pods - type: object - podDisruptionBudgetSpec: - description: PodDisruptionBudgetSpec is a description of a PodDisruptionBudget. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at most "maxUnavailable" - pods selected by "selector" are unavailable after the - eviction, i.e. even in absence of the evicted pod. For - example, one can prevent all voluntary evictions by specifying - 0. This is a mutually exclusive setting with "minAvailable". - x-kubernetes-int-or-string: true - minAvailable: - anyOf: - - type: integer - - type: string - description: An eviction is allowed if at least "minAvailable" - pods selected by "selector" will still be available after - the eviction, i.e. even in the absence of the evicted - pod. So for example you can prevent all voluntary evictions - by specifying "100%". - x-kubernetes-int-or-string: true - selector: - description: Label query over pods whose evictions are managed - by the disruption budget. A null selector will match no - pods, while an empty ({}) selector will select all pods - within the namespace. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyPodEvictionPolicy: - description: "UnhealthyPodEvictionPolicy defines the criteria - for when unhealthy pods should be considered for eviction. - Current implementation considers healthy pods, as pods - that have status.conditions item with type=\"Ready\",status=\"True\". - \n Valid policies are IfHealthyBudget and AlwaysAllow. - If no policy is specified, the default behavior will be - used, which corresponds to the IfHealthyBudget policy. - \n IfHealthyBudget policy means that running pods (status.phase=\"Running\"), - but not yet healthy can be evicted only if the guarded - application is not disrupted (status.currentHealthy is - at least equal to status.desiredHealthy). Healthy pods - will be subject to the PDB for eviction. \n AlwaysAllow - policy means that all running pods (status.phase=\"Running\"), - but not yet healthy are considered disrupted and can be - evicted regardless of whether the criteria in a PDB is - met. This means perspective running pods of a disrupted - application might not get a chance to become healthy. - Healthy pods will be subject to the PDB for eviction. - \n Additional policies may be added in the future. Clients - making eviction decisions should disallow eviction of - unhealthy pods if they encounter an unrecognized policy - in this field. \n This field is alpha-level. The eviction - API uses this field when the feature gate PDBUnhealthyPodEvictionPolicy - is enabled (disabled by default)." - type: string - type: object - podLabels: - additionalProperties: - type: string - type: object - podManagementPolicy: - description: By default, it is set to "parallel" - type: string - ports: - description: Extra ports to be added to pod spec - items: - description: ContainerPort represents a network port in a - single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP - address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If - specified, this must be a valid port number, 0 < x < - 65536. If HostNetwork is specified, this must match - ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod - must have a unique name. Name for the port that can - be referred to by services. - type: string - protocol: - default: TCP - description: Protocol for port. Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - description: Probe describes a health check to be performed - against a container to determine whether it is alive or ready - to receive traffic. - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - replicas: - format: int32 - minimum: 0 - type: integer - resources: - description: CPU/Memory Resources - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only - be set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where this - field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - runtime.properties: - type: string - securityContext: - description: Overrides securityContext at top level - properties: - fsGroup: - description: "A special supplemental group that applies - to all containers in a pod. Some volume types allow the - Kubelet to change the ownership of that volume to be owned - by the pod: \n 1. The owning GID will be the FSGroup 2. - The setgid bit is set (new files created in the volume - will be owned by FSGroup) 3. The permission bits are OR'd - with rw-rw---- \n If unset, the Kubelet will not modify - the ownership and permissions of any volume. Note that - this field cannot be set when spec.os.name is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types - which support fsGroup based ownership(and permissions). - It will have no effect on ephemeral volume types such - as: secret, configmaps and emptydir. Valid values are - "OnRootMismatch" and "Always". If not specified, "Always" - is used. Note that this field cannot be set when spec.os.name - is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in SecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a - non-root user. If true, the Kubelet will validate the - image at runtime to ensure that it does not run as UID - 0 (root) and fail to start the container if it does. If - unset or false, no such validation will be performed. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata - if unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence for - that container. Note that this field cannot be set when - spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a - random SELinux context for each container. May also be - set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field - cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers - in this pod. Note that this field cannot be set when spec.os.name - is windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile - must be preconfigured on the node to work. Must be - a descending path, relative to the kubelet's configured - seccomp profile location. Must only be set if type - is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - - a profile defined in a file on the node should be - used. RuntimeDefault - the container runtime default - profile should be used. Unconfined - no profile should - be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process - run in each container, in addition to the container's - primary GID, the fsGroup (if specified), and group memberships - defined in the container image for the uid of the container - process. If unspecified, no additional groups are added - to any container. Note that group memberships defined - in the container image for the uid of the container process - are still effective, even if they are not included in - this list. Note that this field cannot be set when spec.os.name - is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used - for the pod. Pods with unsupported sysctls (by the container - runtime) might fail to launch. Note that this field cannot - be set when spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all - containers. If unspecified, the options within a container's - SecurityContext will be used. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. Note that this field cannot be set when - spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named - by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the - GMSA credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is - alpha-level and will only be honored by components - that enable the WindowsHostProcessContainers feature - flag. Setting this field without the feature flag - will result in errors when validating the Pod. All - of a Pod's containers must have the same effective - HostProcess value (it is not allowed to have a mix - of HostProcess containers and non-HostProcess containers). In - addition, if HostProcess is true then HostNetwork - must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set - in PodSecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence. - type: string - type: object - type: object - services: - description: Overrides services at top level - items: - description: Service is a named abstraction of software service - (for example, mysql) consisting of local port (for example - 3306) that the proxy listens on, and the selector that determines - which pods will answer requests sent through the proxy. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal value, - and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the - REST resource this object represents. Servers may infer - this from the endpoint the client submits requests to. - Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines - if NodePorts will be automatically allocated for - services with type LoadBalancer. Default is "true". - It may be set to "false" if the cluster load-balancer - does not rely on NodePorts. If the caller requests - specific NodePorts (by specifying a value), those - requests will be respected, regardless of this field. - This field may only be set for services with type - LoadBalancer and will be cleared if the type is - changed to any other type. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address - is specified manually, is in-range (as per system - configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service - will fail. This field may not be changed through - updates unless the type field is also being changed - to ExternalName (which requires this field to be - blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty - string (""), or a valid IP address. Setting this - to "None" makes a "headless service" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - If this field is specified when creating a Service - of type ExternalName, creation will fail. This field - will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses - assigned to this service, and are usually assigned - randomly. If an address is specified manually, - is in-range (as per system configuration), and is - not in use, it will be allocated to the service; - otherwise creation of the service will fail. This - field may not be changed through updates unless - the type field is also being changed to ExternalName - (which requires this field to be empty) or the type - field is being changed from ExternalName (in which - case this field may optionally be specified, as - describe above). Valid values are \"None\", empty - string (\"\"), or a valid IP address. Setting this - to \"None\" makes a \"headless service\" (no virtual - IP), which is useful when direct endpoint connections - are preferred and proxying is not required. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - If this field is specified when creating a Service - of type ExternalName, creation will fail. This field - will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP - have the same value. \n This field may hold a maximum - of two entries (dual-stack IPs, in either order). - These IPs must correspond to the values of the ipFamilies - field. Both clusterIPs and ipFamilies are governed - by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses - for which nodes in the cluster will also accept - traffic for this service. These IPs are not managed - by Kubernetes. The user is responsible for ensuring - that traffic arrives at a node with this IP. A - common example is external load-balancers that are - not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference - that discovery mechanisms will return as an alias - for this service (e.g. a DNS CNAME record). No proxying - will be involved. Must be a lowercase RFC-1123 - hostname (https://tools.ietf.org/html/rfc1123) and - requires `type` to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes - distribute service traffic they receive on one of - the Service's "externally-facing" addresses (NodePorts, - ExternalIPs, and LoadBalancer IPs). If set to "Local", - the proxy will configure the service in a way that - assumes that external load balancers will take care - of balancing the service traffic between nodes, - and so each node will deliver traffic only to the - node-local endpoints of the service, without masquerading - the client source IP. (Traffic mistakenly sent to - a node with no endpoints will be dropped.) The default - value, "Cluster", uses the standard behavior of - routing to all endpoints evenly (possibly modified - by topology and other features). Note that traffic - sent to an External IP or LoadBalancer IP from within - the cluster will always get "Cluster" semantics, - but clients sending to a NodePort from within the - cluster may need to take traffic policy into account - when picking a node. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when - type is set to LoadBalancer and externalTrafficPolicy - is set to Local. If a value is specified, is in-range, - and is not in use, it will be used. If not specified, - a value will be automatically allocated. External - systems (e.g. load-balancers) can use this port - to determine if a given node holds endpoints for - this service or not. If this field is specified - when creating a Service which does not need it, - creation will fail. This field will be wiped when - updating a Service to no longer need it (e.g. changing - type). This field cannot be updated once set. - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes - distribute service traffic they receive on the ClusterIP. - If set to "Local", the proxy will assume that pods - only want to talk to endpoints of the service on - the same node as the pod, dropping the traffic if - there are no local endpoints. The default value, - "Cluster", uses the standard behavior of routing - to all endpoints evenly (possibly modified by topology - and other features). - type: string - ipFamilies: - description: "IPFamilies is a list of IP families - (e.g. IPv4, IPv6) assigned to this service. This - field is usually assigned automatically based on - cluster configuration and the ipFamilyPolicy field. - If this field is specified manually, the requested - family is available in the cluster, and ipFamilyPolicy - allows it, it will be used; otherwise creation of - the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" - and \"IPv6\". This field only applies to Services - of types ClusterIP, NodePort, and LoadBalancer, - and does apply to \"headless\" services. This field - will be wiped when updating a Service to type ExternalName. - \n This field may hold a maximum of two entries - (dual-stack families, in either order). These families - must correspond to the values of the clusterIPs - field, if specified. Both clusterIPs and ipFamilies - are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 - or IPv6). This type is used to express the family - of an IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there - is no value provided, then this field will be set - to SingleStack. Services can be "SingleStack" (a - single IP family), "PreferDualStack" (two IP families - on dual-stack configured clusters or a single IP - family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, - otherwise fail). The ipFamilies and clusterIPs fields - depend on the value of this field. This field will - be wiped when updating a service to type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the - load balancer implementation this Service belongs - to. If specified, the value of this field must be - a label-style identifier, with an optional prefix, - e.g. "internal-vip" or "example.com/internal-vip". - Unprefixed names are reserved for end-users. This - field can only be set when the Service type is 'LoadBalancer'. - If not set, the default load balancer implementation - is used, today this is typically done through the - cloud provider integration, but should apply for - any default implementation. If set, it is assumed - that a load balancer implementation is watching - for Services with a matching class. Any default - load balancer implementation (e.g. cloud providers) - should ignore Services that set this field. This - field can only be set when creating or updating - a Service to type 'LoadBalancer'. Once set, it can - not be changed. This field will be wiped when a - service is updated to a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load - balancer is created. This field will be ignored - if the cloud-provider does not support the feature. - Deprecated: This field was under-specified and its - meaning varies across implementations, and it cannot - support dual-stack. As of Kubernetes v1.24, users - are encouraged to use implementation-specific annotations - when available. This field may be removed in a future - API version.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified - client IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by - this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on - service's port. - properties: - appProtocol: - description: The application protocol for this - port. This field follows standard Kubernetes - label syntax. Un-prefixed names are reserved - for IANA standard service names (as per RFC-6335 - and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed - names such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the - service. This must be a DNS_LABEL. All ports - within a ServiceSpec must have unique names. - When considering the endpoints for a Service, - this must match the 'name' field in the EndpointPort. - Optional if only one ServicePort is defined - on this service. - type: string - nodePort: - description: 'The port on each node on which - this service is exposed when type is NodePort - or LoadBalancer. Usually assigned by the - system. If a value is specified, in-range, - and not in use it will be used, otherwise - the operation will fail. If not specified, - a port will be allocated if this Service requires - one. If this field is specified when creating - a Service which does not need it, creation - will fail. This field will be wiped when updating - a Service to no longer need it (e.g. changing - type from NodePort to ClusterIP). More info: - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by - this service. - format: int32 - type: integer - protocol: - default: TCP - description: The IP protocol for this port. - Supports "TCP", "UDP", and "SCTP". Default - is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to - access on the pods targeted by the service. - Number must be in the range 1 to 65535. Name - must be an IANA_SVC_NAME. If this is a string, - it will be looked up as a named port in the - target Pod''s container ports. If this is - not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should - be omitted or set equal to the ''port'' field. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that - any agent which deals with endpoints for this Service - should disregard any indications of ready/not-ready. - The primary use case for setting this field is for - a StatefulSet's Headless Service to propagate SRV - DNS records for its Pods for the purpose of peer - discovery. The Kubernetes controllers that generate - Endpoints and EndpointSlice resources for Services - interpret this to mean that all endpoints are considered - "ready" even if the Pods themselves are not. Agents - which consume only Kubernetes generated endpoints - through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label - keys and values matching this selector. If empty - or not present, the service is assumed to have an - external process managing its endpoints, which Kubernetes - will not modify. Only applies to types ClusterIP, - NodePort, and LoadBalancer. Ignored if type is ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used - to maintain session affinity. Enable client IP based - session affinity. Must be ClientIP or None. Defaults - to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations - of Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the - seconds of ClientIP type session sticky - time. The value must be >0 && <=86400(for - 1 day) if ServiceAffinity == "ClientIP". - Default value is 10800(for 3 hours). - format: int32 - type: integer - type: object - type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" - allocates a cluster-internal IP address for load-balancing - to endpoints. Endpoints are determined by the selector - or if that is not specified, by manual construction - of an Endpoints object or EndpointSlice objects. - If clusterIP is "None", no virtual IP is allocated - and the endpoints are published as a set of endpoints - rather than a virtual IP. "NodePort" builds on ClusterIP - and allocates a port on every node which routes - to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes - to the same endpoints as the clusterIP. "ExternalName" - aliases this service to the specified externalName. - Several other fields do not apply to ExternalName - services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - status: - description: 'Most recently observed status of the service. - Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - conditions: - description: Current service state - items: - description: "Condition contains details for one - aspect of the current state of this API Resource. - --- This struct is intended for direct use as - an array at the field path .status.conditions. - \ For example, \n type FooStatus struct{ // Represents - the observations of a foo's current state. // - Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type - // +patchStrategy=merge // +listType=map // +listMapKey=type - Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // - other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last - time the condition transitioned from one status - to another. This should be when the underlying - condition changed. If that is not known, - then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message - indicating details about the transition. This - may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the - .metadata.generation that the condition was - set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect - to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic - identifier indicating the reason for the condition's - last transition. Producers of specific condition - types may define expected values and meanings - for this field, and whether the values are - considered a guaranteed API. The value should - be a CamelCase string. This field may not - be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of - True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase - or in foo.example.com/CamelCase. --- Many - .condition.type values are consistent across - resources like Available, but because arbitrary - conditions can be useful (see .node.status.conditions), - the ability to deconflict is important. The - regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - loadBalancer: - description: LoadBalancer contains the current status - of the load-balancer, if one is present. - properties: - ingress: - description: Ingress is a list containing ingress - points for the load-balancer. Traffic intended - for the service should be sent to these ingress - points. - items: - description: 'LoadBalancerIngress represents - the status of a load-balancer ingress point: - traffic intended for the service should be - sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer - ingress points that are DNS based (typically - AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer - ingress points that are IP based (typically - GCE or OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records - of service ports If used, every port defined - in the service should have an entry in - it - items: - properties: - error: - description: 'Error is to record the - problem with the service port The - format of the error shall comply - with the following rules: - built-in - error values shall be specified - in this file and those shall use - CamelCase names - cloud provider - specific error values must have - names that comply with the format - foo.example.com/CamelCase. --- The - regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number - of the service port of which status - is recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol - of the service port of which status - is recorded here The supported values - are: "TCP", "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - type: array - startUpProbe: - description: StartupProbe for nodeSpec - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for the - command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', etc) - won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe - to be considered failed after having succeeded. Defaults - to 3. Minimum value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. - This is a beta field and requires enabling GRPCContainerProbe - feature gate. - properties: - port: - description: Port number of the gRPC service. Number - must be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to - place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior - is defined by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has - started before liveness probes are initiated. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe - to be considered successful after having failed. Defaults - to 1. Must be 1 for liveness and startup. Minimum value - is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP - port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on - the container. Number must be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs - to terminate gracefully upon probe failure. The grace - period is the duration in seconds after the processes - running in the pod are sent a termination signal and the - time when the processes are forcibly halted with a kill - signal. Set this value longer than the expected cleanup - time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, - this value overrides the value provided by the pod spec. - Value must be non-negative integer. The value zero indicates - stop immediately via the kill signal (no opportunity to - shut down). This is a beta field and requires enabling - ProbeTerminationGracePeriod feature gate. Minimum value - is 1. spec.terminationGracePeriodSeconds is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - tolerations: - description: Toleration to be used in order to run Druid on - nodes tainted - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. - type: string - key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching pods. - Pods that match this label selector are counted to determine - the number of pods in their corresponding topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select the pods over which spreading will be calculated. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are ANDed with labelSelector - to select the group of existing pods over which spreading - will be calculated for the incoming pod. Keys that don't - exist in the incoming pod labels will be ignored. A - null or empty list means only match against labelSelector. - items: - type: string - type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree to which pods - may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the number - of matching pods in the target topology and the global - minimum. The global minimum is the minimum number of - matching pods in an eligible domain or zero if the number - of eligible domains is less than MinDomains. For example, - in a 3-zone cluster, MaxSkew is set to 1, and pods with - the same labelSelector spread as 2/2/1: In this case, - the global minimum is 1. | zone1 | zone2 | zone3 | | P - P | P P | P | - if MaxSkew is 1, incoming pod - can only be scheduled to zone3 to become 2/2/2; scheduling - it onto zone1(zone2) would make the ActualSkew(3-1) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew is - 2, incoming pod can be scheduled onto any zone. When - `whenUnsatisfiable=ScheduleAnyway`, it is used to give - higher precedence to topologies that satisfy it. It''s - a required field. Default value is 1 and 0 is not allowed.' - format: int32 - type: integer - minDomains: - description: "MinDomains indicates a minimum number of - eligible domains. When the number of eligible domains - with matching topology keys is less than minDomains, - Pod Topology Spread treats \"global minimum\" as 0, - and then the calculation of Skew is performed. And when - the number of eligible domains with matching topology - keys equals or greater than minDomains, this value has - no effect on scheduling. As a result, when the number - of eligible domains is less than minDomains, scheduler - won't schedule more than maxSkew Pods to those domains. - If value is nil, the constraint behaves as if MinDomains - is equal to 1. Valid values are integers greater than - 0. When value is not nil, WhenUnsatisfiable must be - DoNotSchedule. \n For example, in a 3-zone cluster, - MaxSkew is set to 2, MinDomains is set to 5 and pods - with the same labelSelector spread as 2/2/2: | zone1 - | zone2 | zone3 | | P P | P P | P P | The number - of domains is less than 5(MinDomains), so \"global minimum\" - is treated as 0. In this situation, new pod with the - same labelSelector cannot be scheduled, because computed - skew will be 3(3 - 0) if new Pod is scheduled to any - of the three zones, it will violate MaxSkew. \n This - is a beta field and requires the MinDomainsInPodTopologySpread - feature gate to be enabled (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will - treat Pod's nodeAffinity/nodeSelector when calculating - pod topology spread skew. Options are: - Honor: only - nodes matching nodeAffinity/nodeSelector are included - in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. - \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a beta-level feature default - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will treat - node taints when calculating pod topology spread skew. - Options are: - Honor: nodes without taints, along with - tainted nodes for which the incoming pod has a toleration, - are included. - Ignore: node taints are ignored. All - nodes are included. \n If this value is nil, the behavior - is equivalent to the Ignore policy. This is a beta-level - feature default enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - topologyKey: - description: TopologyKey is the key of node labels. Nodes - that have a label with this key and identical values - are considered to be in the same topology. We consider - each as a "bucket", and try to put balanced - number of pods into each bucket. We define a domain - as a particular instance of a topology. Also, we define - an eligible domain as a domain whose nodes meet the - requirements of nodeAffinityPolicy and nodeTaintsPolicy. - e.g. If TopologyKey is "kubernetes.io/hostname", each - Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain - of that topology. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal - with a pod if it doesn''t satisfy the spread constraint. - - DoNotSchedule (default) tells the scheduler not to - schedule it. - ScheduleAnyway tells the scheduler to - schedule the pod in any location, but giving higher - precedence to topologies that would help reduce the - skew. A constraint is considered "Unsatisfiable" for - an incoming pod if and only if every possible node assignment - for that pod would violate "MaxSkew" on some topology. - For example, in a 3-zone cluster, MaxSkew is set to - 1, and pods with the same labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | | P P P | P | P | - If WhenUnsatisfiable is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) to become - 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies - MaxSkew(1). In other words, the cluster can still be - imbalanced, but scheduler won''t make it *more* imbalanced. - It''s a required field.' - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - updateStrategy: - description: StatefulSetUpdateStrategy indicates the strategy - that the StatefulSet controller will use to perform updates. - It includes any additional parameters necessary to perform - the update for the indicated strategy. - properties: - rollingUpdate: - description: RollingUpdate is used to communicate parameters - when Type is RollingUpdateStatefulSetStrategyType. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be - unavailable during the update. Value can be an absolute - number (ex: 5) or a percentage of desired pods (ex: - 10%). Absolute number is calculated from percentage - by rounding up. This can not be 0. Defaults to 1. - This field is alpha-level and is only honored by servers - that enable the MaxUnavailableStatefulSet feature. - The field applies to all pods in the range 0 to Replicas-1. - That means if there is any unavailable pod in the - range 0 to Replicas-1, it will be counted towards - MaxUnavailable.' - x-kubernetes-int-or-string: true - partition: - description: Partition indicates the ordinal at which - the StatefulSet should be partitioned for updates. - During a rolling update, all pods from ordinal Replicas-1 - to Partition are updated. All pods from ordinal Partition-1 - to 0 remain untouched. This is helpful in being able - to do a canary based deployment. The default value - is 0. - format: int32 - type: integer - type: object - type: - description: Type indicates the type of the StatefulSetUpdateStrategy. - Default is RollingUpdate. - type: string - type: object - volumeClaimTemplates: - items: - description: PersistentVolumeClaim is a user's request for - and claim to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal value, - and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the - REST resource this object represents. Servers may infer - this from the endpoint the client submits requests to. - Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: 'spec defines the desired characteristics - of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified data - source. When the AnyVolumeDataSource feature gate - is enabled, dataSource contents will be copied to - dataSourceRef, and dataSourceRef contents will be - copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object from - which to populate the volume with data, if a non-empty - volume is desired. This may be any object from a - non-empty API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume binding - will only succeed if the type of the specified object - matches some installed volume populator or dynamic - provisioner. This field will replace the functionality - of the dataSource field and as such if both fields - are non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t specified - in dataSourceRef, both fields (dataSource and dataSourceRef) - will be set to the same value automatically if one - of them is empty and the other is non-empty. When - namespace is specified in dataSourceRef, dataSource - isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows - two specific types of objects, dataSourceRef allows - any non-core object, as well as PersistentVolumeClaim - objects. * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves all values, - and generates an error if a disallowed value is - specified. * While dataSource only allows local - objects, dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the namespace - field of dataSourceRef requires the CrossNamespaceVolumeDataSource - feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. - For any other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept the - reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It - can only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of - one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes - that resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem is - implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to - the PersistentVolume backing this claim. - type: string - type: object - status: - description: 'status represents the current information/status - of a persistent volume claim. Read-only. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the actual access - modes the volume backing the PVC has. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity - when a volume expansion operation is requested. - For storage quota, the larger value from allocatedResources - and PVC.spec.resources is used. If allocatedResources - is not set, PVC.spec.resources alone is used for - quota calculation. If a volume expansion capacity - request is lowered, allocatedResources is only lowered - if there are no expansion operations in progress - and if the actual volume capacity is equal or lower - than the requested capacity. This is an alpha field - and requires enabling RecoverVolumeExpansionFailure - feature. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources - of the underlying volume. - type: object - conditions: - description: conditions is the current Condition of - persistent volume claim. If underlying persistent - volume is being resized then the Condition will - be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails - details about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed - the condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time - the condition transitioned from one status - to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: reason is a unique, this should - be a short, machine understandable string - that gives the reason for condition's last - transition. If it reports "ResizeStarted" - that means the underlying persistent volume - is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType - is a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: phase represents the current phase of - PersistentVolumeClaim. - type: string - resizeStatus: - description: resizeStatus stores status of resize - operation. ResizeStatus is not set by default but - when expansion is complete resizeStatus is set to - empty string by resize controller or kubelet. This - is an alpha field and requires enabling RecoverVolumeExpansionFailure - feature. - type: string - type: object - type: object - type: array - volumeMounts: - items: - description: VolumeMount describes a mounting of a Volume - within a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other - way around. When not set, MountPropagationNone is used. - This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume - that you want to mount. If omitted, the default - is to mount by volume name. Examples: For volume - /dev/sda1, you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" (or you - can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the persistent - disk resource in AWS (Amazon EBS volume). More info: - https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk - in the blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the - blob storage - type: string - fsType: - description: fsType is Filesystem type to mount. Must - be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single - blob disk per storage account Managed: azure managed - data disk (only in managed availability set). defaults - to shared' - type: string - readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in - VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in - VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that - contains Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the - host that shares a pod's lifetime - properties: - monitors: - description: 'monitors is Required: Monitors is a - collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used as the mounted - root, rather than the full Ceph tree, default is - /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults to false - (read/write). ReadOnly here will force the ReadOnly - setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile is - the path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef is - reference to the authentication secret for User, - default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in - VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to - OpenStack.' - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used - to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories - within the path are not affected by this setting. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file whose - name is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. If - a key is specified which is not present in the ConfigMap, - the volume setup will error unless it is marked - optional. Paths must be relative and may not contain - the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used - to set permissions on this file. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires decimal - values for mode bits. If not specified, the - volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the - file to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents - ephemeral storage that is handled by certain external - CSI drivers (Beta feature). - properties: - driver: - description: driver is the name of the CSI driver - that handles this volume. Consult with your admin - for the correct name as registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the - associated CSI driver which will determine the default - filesystem to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference to - the secret object containing sensitive information - to pass to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the - secret object contains more than one secret, all - secret references are passed. - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific - properties that are passed to the CSI driver. Consult - your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about - the pod that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a Optional: mode bits - used to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories - within the path are not affected by this setting. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume - file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set - permissions on this file, must be an octal - value between 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal - values for mode bits. If not specified, the - volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' path. - Must be utf-8 encoded. The first item of the - relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults to - "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type of storage - medium should back this directory. The default is - "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More - info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount of local - storage required for this EmptyDir volume. The size - limit is also applicable for memory medium. The - maximum usage on memory medium EmptyDir would be - the minimum value between the SizeLimit specified - here and the sum of memory limits of all containers - in a pod. The default is nil which means that the - limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle - is tied to the pod that defines it - it will be created - before the pod starts, and deleted when the pod is removed. - \n Use this if: a) the volume is only needed while the - pod runs, b) features of normal volumes like restoring - from snapshot or capacity tracking are needed, c) the - storage driver is specified through a storage class, - and d) the storage driver supports dynamic volume provisioning - through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this - volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that - persist for longer than the lifecycle of an individual - pod. \n Use CSI for light-weight local ephemeral volumes - if the CSI driver is meant to be used that way - see - the documentation of the driver for more information. - \n A pod can use both types of ephemeral volumes and - persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone - PVC to provision the volume. The pod in which this - EphemeralVolumeSource is embedded will be the owner - of the PVC, i.e. the PVC will be deleted together - with the pod. The name of the PVC will be `-` where `` is the - name from the `PodSpec.Volumes` array entry. Pod - validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). - \n An existing PVC with that name that is not owned - by the pod will *not* be used for the pod to avoid - using an unrelated volume by mistake. Starting the - pod is then blocked until the unrelated PVC is removed. - If such a pre-created PVC is meant to be used by - the pod, the PVC has to updated with an owner reference - to the pod once the pod exists. Normally this should - not be necessary, but it may be useful when manually - reconstructing a broken cluster. \n This field is - read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, - must not be nil." - properties: - metadata: - description: May contain labels and annotations - that will be copied into the PVC when creating - it. No other fields are allowed and will be - rejected during validation. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into - the PVC that gets created from this template. - The same fields as in a PersistentVolumeClaim - are also valid here. - properties: - accessModes: - description: 'accessModes contains the desired - access modes the volume should have. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used - to specify either: * An existing VolumeSnapshot - object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) - If the provisioner or an external controller - can support the specified data source, it - will create a new volume based on the contents - of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents - will be copied to dataSourceRef, and dataSourceRef - contents will be copied to dataSource when - dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef - will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the - object from which to populate the volume - with data, if a non-empty volume is desired. - This may be any object from a non-empty - API group (non core object) or a PersistentVolumeClaim - object. When this field is specified, volume - binding will only succeed if the type of - the specified object matches some installed - volume populator or dynamic provisioner. - This field will replace the functionality - of the dataSource field and as such if both - fields are non-empty, they must have the - same value. For backwards compatibility, - when namespace isn''t specified in dataSourceRef, - both fields (dataSource and dataSourceRef) - will be set to the same value automatically - if one of them is empty and the other is - non-empty. When namespace is specified in - dataSourceRef, dataSource isn''t set to - the same value and must be empty. There - are three important differences between - dataSource and dataSourceRef: * While dataSource - only allows two specific types of objects, - dataSourceRef allows any non-core object, - as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values - (dropping them), dataSourceRef preserves - all values, and generates an error if a - disallowed value is specified. * While dataSource - only allows local objects, dataSourceRef - allows objects in any namespaces. (Beta) - Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using - the namespace field of dataSourceRef requires - the CrossNamespaceVolumeDataSource feature - gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for - the resource being referenced. If APIGroup - is not specified, the specified Kind - must be in the core API group. For any - other third-party types, APIGroup is - required. - type: string - kind: - description: Kind is the type of resource - being referenced - type: string - name: - description: Name is the name of resource - being referenced - type: string - namespace: - description: Namespace is the namespace - of resource being referenced Note that - when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant - documentation for details. (Alpha) This - field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum - resources the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to - specify resource requirements that are lower - than previous value but must still be higher - than capacity recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the names of - resources, defined in spec.resourceClaims, - that are used by this container. \n - This is an alpha field and requires - enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references - one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the - name of one entry in pod.spec.resourceClaims - of the Pod where this field is - used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum - amount of compute resources allowed. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. - If Requests is omitted for a container, - it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over - volumes to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name - of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type - of volume is required by the claim. Value - of Filesystem is implied when not included - in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - properties: - fsType: - description: 'fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. TODO: how - do we prevent errors in the filesystem from compromising - the machine' - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults to false - (read/write). ReadOnly here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume world wide - identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not both - simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use - for this volume. - type: string - fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". The - default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds - extra command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults to false - (read/write). ReadOnly here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef is - reference to the secret object containing sensitive - information to pass to the plugin scripts. This - may be empty if no secret object is specified. If - the secret object contains more than one secret, - all secrets are passed to the plugin scripts.' - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: datasetName is Name of the dataset stored - as metadata -> name on the dataset for Flocker should - be considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. - This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume - that you want to mount. If omitted, the default - is to mount by volume name. Examples: For volume - /dev/sda1, you specify the partition as "1". Similarly, - the volume partition for /dev/sda is "0" (or you - can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of the PD resource - in GCE. Used to identify the disk in GCE. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git repository at a - particular revision. DEPRECATED: GitRepo is deprecated. - To provision a container with a git repo, mount an EmptyDir - into an InitContainer that clones the repo using git, - then mount the EmptyDir into the Pod''s container.' - properties: - directory: - description: directory is the target directory name. - Must not contain or start with '..'. If '.' is - supplied, the volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force the Glusterfs - volume to be mounted with read-only permissions. - Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing file - or directory on the host machine that is directly exposed - to the container. This is generally used for system - agents or other privileged things that are allowed to - see the host machine. Most containers will NOT need - this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host - directory mounts and who can/can not mount host directories - as read/write.' - properties: - path: - description: 'path of the directory on the host. If - the path is a symlink, it will follow the link to - the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults to - "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI Disk resource - that is attached to a kubelet''s host machine and then - exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support - iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support - iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iscsiInterface is the interface Name - that uses an iSCSI transport. Defaults to 'default' - (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target Portal List. - The portal is either an IP or ip_addr:port if the - port is other than default (typically TCP ports - 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI - target and initiator authentication - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI Target Portal. - The Portal is either an IP or ip_addr:port if the - port is other than default (typically TCP ports - 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must be a DNS_LABEL - and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount on the host - that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or IP address - of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly setting - in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon - Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: - description: fSType represents the filesystem type - to mount Must be a filesystem type supported by - the host operating system. Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in - VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources - secrets, configmaps, and downward API - properties: - defaultMode: - description: defaultMode are the mode bits used to - set permissions on created files by default. Must - be an octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both octal - and decimal values, JSON requires decimal values - for mode bits. Directories within the path are not - affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along - with other supported volume types - properties: - configMap: - description: configMap information about the - configMap data to project - properties: - items: - description: items if unspecified, each - key-value pair in the Data field of the - referenced ConfigMap will be projected - into the volume as a file whose name is - the key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, - the volume setup will error unless it - is marked optional. Paths must be relative - and may not contain the '..' path or start - with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: optional specify whether the - ConfigMap or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the - downwardAPI data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a - field of the pod: only annotations, - labels, name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in - terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field - to select in the specified API - version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits - used to set permissions on this - file, must be an octal value between - 0000 and 0777 or a decimal value - between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute - or contain the ''..'' path. Must - be utf-8 encoded. The first item - of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: - required for volumes, optional - for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret - data to project - properties: - items: - description: items if unspecified, each - key-value pair in the Data field of the - referenced Secret will be projected into - the volume as a file whose name is the - key and content is the value. If specified, - the listed keys will be projected into - the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the - volume setup will error unless it is marked - optional. Paths must be relative and may - not contain the '..' path or start with - '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode - bits used to set permissions on - this file. Must be an octal value - between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts - both octal and decimal values, JSON - requires decimal values for mode - bits. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: path is the relative - path of the file to map the key - to. May not be an absolute path. - May not contain the path element - '..'. May not start with the string - '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: optional field specify whether - the Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information - about the serviceAccountToken data to project - properties: - audience: - description: audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience - defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The - kubelet will start trying to rotate the - token if the token is older than 80 percent - of its time to live or if the token is - older than 24 hours.Defaults to 1 hour - and must be at least 10 minutes. - format: int64 - type: integer - path: - description: path is the path relative to - the mount point of the file to project - the token into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the - host that shares a pod's lifetime - properties: - group: - description: group to map volume access to Default - is no group - type: string - readOnly: - description: readOnly here will force the Quobyte - volume to be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: registry represents a single or multiple - Quobyte Registry services specified as a string - as host:port pair (multiple entries are separated - with commas) which acts as the central registry - for volumes - type: string - tenant: - description: tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned - Quobyte volumes, value is set by the plugin - type: string - user: - description: user to map volume access to Defaults - to serivceaccount user - type: string - volume: - description: volume is a string that references an - already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type of the - volume that you want to mount. Tip: Ensure that - the filesystem type is supported by the host operating - system. Examples: "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. More info: - https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem - from compromising the machine' - type: string - image: - description: 'image is the rados image name. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key ring for - RBDUser. Default is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Default - is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: readOnly Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in - VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the secret for - ScaleIO user and other sensitive information. If - this is not provided, Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: storageMode indicates whether the storage - for a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool - associated with the protection domain. - type: string - system: - description: system is the name of the storage system - as configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated - with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used - to set permissions on created files by default. - Must be an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML accepts - both octal and decimal values, JSON requires decimal - values for mode bits. Defaults to 0644. Directories - within the path are not affected by this setting. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file whose - name is the key and content is the value. If specified, - the listed keys will be projected into the specified - paths, and unlisted keys will not be present. If - a key is specified which is not present in the Secret, - the volume setup will error unless it is marked - optional. Paths must be relative and may not contain - the '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used - to set permissions on this file. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires decimal - values for mode bits. If not specified, the - volume defaultMode will be used. This might - be in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the - file to map the key to. May not be an absolute - path. May not contain the path element '..'. - May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether the Secret - or its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret - in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. - Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in - VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret to use - for obtaining the StorageOS API credentials. If - not specified, default values will be attempted. - properties: - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable name - of the StorageOS volume. Volume names are only - unique within a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the scope of - the volume within StorageOS. If no namespace is - specified then the Pod's namespace will be used. This - allows the Kubernetes name scoping to be mirrored - within StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. Set - to "default" if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist within - StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume - attached and mounted on kubelets host machine - properties: - fsType: - description: fsType is filesystem type to mount. Must - be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy - Based Management (SPBM) profile ID associated with - the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy - Based Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies - vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - druid.port - - nodeConfigMountPath - - nodeType - - replicas - - runtime.properties - type: object - type: object - podAnnotations: - additionalProperties: - type: string - description: Custom annotations to be populated in Druid pods - type: object - podLabels: - additionalProperties: - type: string - description: Custom labels to be populated in Druid pods - type: object - podManagementPolicy: - description: By default, it is set to "parallel" - type: string - readinessProbe: - description: Port is set to druid.port if not specified with httpGet - handler - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command is - simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. This - is a beta field and requires enabling GRPCContainerProbe feature - gate. - properties: - port: - description: Port number of the gRPC service. Number must - be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to place - in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to terminate - gracefully upon probe failure. The grace period is the duration - in seconds after the processes running in the pod are sent a - termination signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates stop immediately - via the kill signal (no opportunity to shut down). This is a - beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - rollingDeploy: - type: boolean - scalePvcSts: - description: ScalePvcSts, defaults to false. When enabled, operator - will allow volume expansion of sts and pvc's. - type: boolean - securityContext: - description: druid pods pod-security-context - properties: - fsGroup: - description: "A special supplemental group that applies to all - containers in a pod. Some volume types allow the Kubelet to - change the ownership of that volume to be owned by the pod: - \n 1. The owning GID will be the FSGroup 2. The setgid bit is - set (new files created in the volume will be owned by FSGroup) - 3. The permission bits are OR'd with rw-rw---- \n If unset, - the Kubelet will not modify the ownership and permissions of - any volume. Note that this field cannot be set when spec.os.name - is windows." - format: int64 - type: integer - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing - ownership and permission of the volume before being exposed - inside Pod. This field will only apply to volume types which - support fsGroup based ownership(and permissions). It will have - no effect on ephemeral volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" and "Always". - If not specified, "Always" is used. Note that this field cannot - be set when spec.os.name is windows.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. - May also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. Note that this field cannot - be set when spec.os.name is windows. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. - If unspecified, the container runtime will allocate a random - SELinux context for each container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - Note that this field cannot be set when spec.os.name is windows. - properties: - level: - description: Level is SELinux level label that applies to - the container. - type: string - role: - description: Role is a SELinux role label that applies to - the container. - type: string - type: - description: Type is a SELinux type label that applies to - the container. - type: string - user: - description: User is a SELinux user label that applies to - the container. - type: string - type: object - seccompProfile: - description: The seccomp options to use by the containers in this - pod. Note that this field cannot be set when spec.os.name is - windows. - properties: - localhostProfile: - description: localhostProfile indicates a profile defined - in a file on the node should be used. The profile must be - preconfigured on the node to work. Must be a descending - path, relative to the kubelet's configured seccomp profile - location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile - will be applied. Valid options are: \n Localhost - a profile - defined in a file on the node should be used. RuntimeDefault - - the container runtime default profile should be used. - Unconfined - no profile should be applied." - type: string - required: - - type - type: object - supplementalGroups: - description: A list of groups applied to the first process run - in each container, in addition to the container's primary GID, - the fsGroup (if specified), and group memberships defined in - the container image for the uid of the container process. If - unspecified, no additional groups are added to any container. - Note that group memberships defined in the container image for - the uid of the container process are still effective, even if - they are not included in this list. Note that this field cannot - be set when spec.os.name is windows. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. Note that this field cannot be set when - spec.os.name is windows. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - description: The Windows specific settings applied to all containers. - If unspecified, the options within a container's SecurityContext - will be used. If set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext takes precedence. Note - that this field cannot be set when spec.os.name is linux. - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA credential spec named by - the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA - credential spec to use. - type: string - hostProcess: - description: HostProcess determines if a container should - be run as a 'Host Process' container. This field is alpha-level - and will only be honored by components that enable the WindowsHostProcessContainers - feature flag. Setting this field without the feature flag - will result in errors when validating the Pod. All of a - Pod's containers must have the same effective HostProcess - value (it is not allowed to have a mix of HostProcess containers - and non-HostProcess containers). In addition, if HostProcess - is true then HostNetwork must also be set to true. - type: boolean - runAsUserName: - description: The UserName in Windows to run the entrypoint - of the container process. Defaults to the user specified - in image metadata if unspecified. May also be set in PodSecurityContext. - If set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: string - type: object - type: object - serviceAccount: - description: ServiceAccount for the druid cluster - type: string - services: - description: k8s service resources to be created for each Druid statefulsets - items: - description: Service is a named abstraction of software service - (for example, mysql) consisting of local port (for example 3306) - that the proxy listens on, and the selector that determines which - pods will answer requests sent through the proxy. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status - properties: - allocateLoadBalancerNodePorts: - description: allocateLoadBalancerNodePorts defines if NodePorts - will be automatically allocated for services with type - LoadBalancer. Default is "true". It may be set to "false" - if the cluster load-balancer does not rely on NodePorts. If - the caller requests specific NodePorts (by specifying - a value), those requests will be respected, regardless - of this field. This field may only be set for services - with type LoadBalancer and will be cleared if the type - is changed to any other type. - type: boolean - clusterIP: - description: 'clusterIP is the IP address of the service - and is usually assigned randomly. If an address is specified - manually, is in-range (as per system configuration), and - is not in use, it will be allocated to the service; otherwise - creation of the service will fail. This field may not - be changed through updates unless the type field is also - being changed to ExternalName (which requires this field - to be blank) or the type field is being changed from ExternalName - (in which case this field may optionally be specified, - as describe above). Valid values are "None", empty string - (""), or a valid IP address. Setting this to "None" makes - a "headless service" (no virtual IP), which is useful - when direct endpoint connections are preferred and proxying - is not required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - clusterIPs: - description: "ClusterIPs is a list of IP addresses assigned - to this service, and are usually assigned randomly. If - an address is specified manually, is in-range (as per - system configuration), and is not in use, it will be allocated - to the service; otherwise creation of the service will - fail. This field may not be changed through updates unless - the type field is also being changed to ExternalName (which - requires this field to be empty) or the type field is - being changed from ExternalName (in which case this field - may optionally be specified, as describe above). Valid - values are \"None\", empty string (\"\"), or a valid IP - address. Setting this to \"None\" makes a \"headless - service\" (no virtual IP), which is useful when direct - endpoint connections are preferred and proxying is not - required. Only applies to types ClusterIP, NodePort, - and LoadBalancer. If this field is specified when creating - a Service of type ExternalName, creation will fail. This - field will be wiped when updating a Service to type ExternalName. - \ If this field is not specified, it will be initialized - from the clusterIP field. If this field is specified, - clients must ensure that clusterIPs[0] and clusterIP have - the same value. \n This field may hold a maximum of two - entries (dual-stack IPs, in either order). These IPs must - correspond to the values of the ipFamilies field. Both - clusterIPs and ipFamilies are governed by the ipFamilyPolicy - field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - items: - type: string - type: array - x-kubernetes-list-type: atomic - externalIPs: - description: externalIPs is a list of IP addresses for which - nodes in the cluster will also accept traffic for this - service. These IPs are not managed by Kubernetes. The - user is responsible for ensuring that traffic arrives - at a node with this IP. A common example is external - load-balancers that are not part of the Kubernetes system. - items: - type: string - type: array - externalName: - description: externalName is the external reference that - discovery mechanisms will return as an alias for this - service (e.g. a DNS CNAME record). No proxying will be - involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) - and requires `type` to be "ExternalName". - type: string - externalTrafficPolicy: - description: externalTrafficPolicy describes how nodes distribute - service traffic they receive on one of the Service's "externally-facing" - addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). - If set to "Local", the proxy will configure the service - in a way that assumes that external load balancers will - take care of balancing the service traffic between nodes, - and so each node will deliver traffic only to the node-local - endpoints of the service, without masquerading the client - source IP. (Traffic mistakenly sent to a node with no - endpoints will be dropped.) The default value, "Cluster", - uses the standard behavior of routing to all endpoints - evenly (possibly modified by topology and other features). - Note that traffic sent to an External IP or LoadBalancer - IP from within the cluster will always get "Cluster" semantics, - but clients sending to a NodePort from within the cluster - may need to take traffic policy into account when picking - a node. - type: string - healthCheckNodePort: - description: healthCheckNodePort specifies the healthcheck - nodePort for the service. This only applies when type - is set to LoadBalancer and externalTrafficPolicy is set - to Local. If a value is specified, is in-range, and is - not in use, it will be used. If not specified, a value - will be automatically allocated. External systems (e.g. - load-balancers) can use this port to determine if a given - node holds endpoints for this service or not. If this - field is specified when creating a Service which does - not need it, creation will fail. This field will be wiped - when updating a Service to no longer need it (e.g. changing - type). This field cannot be updated once set. - format: int32 - type: integer - internalTrafficPolicy: - description: InternalTrafficPolicy describes how nodes distribute - service traffic they receive on the ClusterIP. If set - to "Local", the proxy will assume that pods only want - to talk to endpoints of the service on the same node as - the pod, dropping the traffic if there are no local endpoints. - The default value, "Cluster", uses the standard behavior - of routing to all endpoints evenly (possibly modified - by topology and other features). - type: string - ipFamilies: - description: "IPFamilies is a list of IP families (e.g. - IPv4, IPv6) assigned to this service. This field is usually - assigned automatically based on cluster configuration - and the ipFamilyPolicy field. If this field is specified - manually, the requested family is available in the cluster, - and ipFamilyPolicy allows it, it will be used; otherwise - creation of the service will fail. This field is conditionally - mutable: it allows for adding or removing a secondary - IP family, but it does not allow changing the primary - IP family of the Service. Valid values are \"IPv4\" and - \"IPv6\". This field only applies to Services of types - ClusterIP, NodePort, and LoadBalancer, and does apply - to \"headless\" services. This field will be wiped when - updating a Service to type ExternalName. \n This field - may hold a maximum of two entries (dual-stack families, - in either order). These families must correspond to the - values of the clusterIPs field, if specified. Both clusterIPs - and ipFamilies are governed by the ipFamilyPolicy field." - items: - description: IPFamily represents the IP Family (IPv4 or - IPv6). This type is used to express the family of an - IP expressed by a type (e.g. service.spec.ipFamilies). - type: string - type: array - x-kubernetes-list-type: atomic - ipFamilyPolicy: - description: IPFamilyPolicy represents the dual-stack-ness - requested or required by this Service. If there is no - value provided, then this field will be set to SingleStack. - Services can be "SingleStack" (a single IP family), "PreferDualStack" - (two IP families on dual-stack configured clusters or - a single IP family on single-stack clusters), or "RequireDualStack" - (two IP families on dual-stack configured clusters, otherwise - fail). The ipFamilies and clusterIPs fields depend on - the value of this field. This field will be wiped when - updating a service to type ExternalName. - type: string - loadBalancerClass: - description: loadBalancerClass is the class of the load - balancer implementation this Service belongs to. If specified, - the value of this field must be a label-style identifier, - with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". - Unprefixed names are reserved for end-users. This field - can only be set when the Service type is 'LoadBalancer'. - If not set, the default load balancer implementation is - used, today this is typically done through the cloud provider - integration, but should apply for any default implementation. - If set, it is assumed that a load balancer implementation - is watching for Services with a matching class. Any default - load balancer implementation (e.g. cloud providers) should - ignore Services that set this field. This field can only - be set when creating or updating a Service to type 'LoadBalancer'. - Once set, it can not be changed. This field will be wiped - when a service is updated to a non 'LoadBalancer' type. - type: string - loadBalancerIP: - description: 'Only applies to Service Type: LoadBalancer. - This feature depends on whether the underlying cloud-provider - supports specifying the loadBalancerIP when a load balancer - is created. This field will be ignored if the cloud-provider - does not support the feature. Deprecated: This field was - under-specified and its meaning varies across implementations, - and it cannot support dual-stack. As of Kubernetes v1.24, - users are encouraged to use implementation-specific annotations - when available. This field may be removed in a future - API version.' - type: string - loadBalancerSourceRanges: - description: 'If specified and supported by the platform, - this will restrict traffic through the cloud-provider - load-balancer will be restricted to the specified client - IPs. This field will be ignored if the cloud-provider - does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/' - items: - type: string - type: array - ports: - description: 'The list of ports that are exposed by this - service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - items: - description: ServicePort contains information on service's - port. - properties: - appProtocol: - description: The application protocol for this port. - This field follows standard Kubernetes label syntax. - Un-prefixed names are reserved for IANA standard - service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). - Non-standard protocols should use prefixed names - such as mycompany.com/my-custom-protocol. - type: string - name: - description: The name of this port within the service. - This must be a DNS_LABEL. All ports within a ServiceSpec - must have unique names. When considering the endpoints - for a Service, this must match the 'name' field - in the EndpointPort. Optional if only one ServicePort - is defined on this service. - type: string - nodePort: - description: 'The port on each node on which this - service is exposed when type is NodePort or LoadBalancer. Usually - assigned by the system. If a value is specified, - in-range, and not in use it will be used, otherwise - the operation will fail. If not specified, a port - will be allocated if this Service requires one. If - this field is specified when creating a Service - which does not need it, creation will fail. This - field will be wiped when updating a Service to no - longer need it (e.g. changing type from NodePort - to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport' - format: int32 - type: integer - port: - description: The port that will be exposed by this - service. - format: int32 - type: integer - protocol: - default: TCP - description: The IP protocol for this port. Supports - "TCP", "UDP", and "SCTP". Default is TCP. - type: string - targetPort: - anyOf: - - type: integer - - type: string - description: 'Number or name of the port to access - on the pods targeted by the service. Number must - be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - If this is a string, it will be looked up as a named - port in the target Pod''s container ports. If this - is not specified, the value of the ''port'' field - is used (an identity map). This field is ignored - for services with clusterIP=None, and should be - omitted or set equal to the ''port'' field. More - info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service' - x-kubernetes-int-or-string: true - required: - - port - type: object - type: array - x-kubernetes-list-map-keys: - - port - - protocol - x-kubernetes-list-type: map - publishNotReadyAddresses: - description: publishNotReadyAddresses indicates that any - agent which deals with endpoints for this Service should - disregard any indications of ready/not-ready. The primary - use case for setting this field is for a StatefulSet's - Headless Service to propagate SRV DNS records for its - Pods for the purpose of peer discovery. The Kubernetes - controllers that generate Endpoints and EndpointSlice - resources for Services interpret this to mean that all - endpoints are considered "ready" even if the Pods themselves - are not. Agents which consume only Kubernetes generated - endpoints through the Endpoints or EndpointSlice resources - can safely assume this behavior. - type: boolean - selector: - additionalProperties: - type: string - description: 'Route service traffic to pods with label keys - and values matching this selector. If empty or not present, - the service is assumed to have an external process managing - its endpoints, which Kubernetes will not modify. Only - applies to types ClusterIP, NodePort, and LoadBalancer. - Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/' - type: object - x-kubernetes-map-type: atomic - sessionAffinity: - description: 'Supports "ClientIP" and "None". Used to maintain - session affinity. Enable client IP based session affinity. - Must be ClientIP or None. Defaults to None. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies' - type: string - sessionAffinityConfig: - description: sessionAffinityConfig contains the configurations - of session affinity. - properties: - clientIP: - description: clientIP contains the configurations of - Client IP based session affinity. - properties: - timeoutSeconds: - description: timeoutSeconds specifies the seconds - of ClientIP type session sticky time. The value - must be >0 && <=86400(for 1 day) if ServiceAffinity - == "ClientIP". Default value is 10800(for 3 hours). - format: int32 - type: integer - type: object - type: object - type: - description: 'type determines how the Service is exposed. - Defaults to ClusterIP. Valid options are ExternalName, - ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates - a cluster-internal IP address for load-balancing to endpoints. - Endpoints are determined by the selector or if that is - not specified, by manual construction of an Endpoints - object or EndpointSlice objects. If clusterIP is "None", - no virtual IP is allocated and the endpoints are published - as a set of endpoints rather than a virtual IP. "NodePort" - builds on ClusterIP and allocates a port on every node - which routes to the same endpoints as the clusterIP. "LoadBalancer" - builds on NodePort and creates an external load-balancer - (if supported in the current cloud) which routes to the - same endpoints as the clusterIP. "ExternalName" aliases - this service to the specified externalName. Several other - fields do not apply to ExternalName services. More info: - https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types' - type: string - type: object - status: - description: 'Most recently observed status of the service. - Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - conditions: - description: Current service state - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This - struct is intended for direct use as an array at the - field path .status.conditions. For example, \n type - FooStatus struct{ // Represents the observations of - a foo's current state. // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\" - // +patchMergeKey=type // +patchStrategy=merge // +listType=map - // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the - API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the - .status.conditions[x].observedGeneration is 9, the - condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define - expected values and meanings for this field, and - whether the values are considered a guaranteed API. - The value should be a CamelCase string. This field - may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, - False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in - foo.example.com/CamelCase. --- Many .condition.type - values are consistent across resources like Available, - but because arbitrary conditions can be useful (see - .node.status.conditions), the ability to deconflict - is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - loadBalancer: - description: LoadBalancer contains the current status of - the load-balancer, if one is present. - properties: - ingress: - description: Ingress is a list containing ingress points - for the load-balancer. Traffic intended for the service - should be sent to these ingress points. - items: - description: 'LoadBalancerIngress represents the status - of a load-balancer ingress point: traffic intended - for the service should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer - ingress points that are DNS based (typically - AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress - points that are IP based (typically GCE or OpenStack - load-balancers) - type: string - ports: - description: Ports is a list of records of service - ports If used, every port defined in the service - should have an entry in it - items: - properties: - error: - description: 'Error is to record the problem - with the service port The format of the - error shall comply with the following - rules: - built-in error values shall be - specified in this file and those shall - use CamelCase names - cloud provider specific - error values must have names that comply - with the format foo.example.com/CamelCase. - --- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of - the service port of which status is recorded - here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of - the service port of which status is recorded - here The supported values are: "TCP", - "UDP", "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - type: object - type: object - type: array - startScript: - description: Path to druid start script to be run on container start - type: string - startUpProbe: - description: StartupProbe for nodeSpec - properties: - exec: - description: Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command is - simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit status - of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be - considered failed after having succeeded. Defaults to 3. Minimum - value is 1. - format: int32 - type: integer - grpc: - description: GRPC specifies an action involving a GRPC port. This - is a beta field and requires enabling GRPCContainerProbe feature - gate. - properties: - port: - description: Port number of the gRPC service. Number must - be in the range 1 to 65535. - format: int32 - type: integer - service: - description: "Service is the name of the service to place - in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - \n If this is not specified, the default behavior is defined - by gRPC." - type: string - required: - - port - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod - IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows - repeated headers. - items: - description: HTTPHeader describes a custom header to be - used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: integer - - type: string - description: Name or number of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults - to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default - to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be - considered successful after having failed. Defaults to 1. Must - be 1 for liveness and startup. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocket specifies an action involving a TCP port. - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: integer - - type: string - description: Number or name of the port to access on the container. - Number must be in the range 1 to 65535. Name must be an - IANA_SVC_NAME. - x-kubernetes-int-or-string: true - required: - - port - type: object - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to terminate - gracefully upon probe failure. The grace period is the duration - in seconds after the processes running in the pod are sent a - termination signal and the time when the processes are forcibly - halted with a kill signal. Set this value longer than the expected - cleanup time for your process. If this value is nil, the pod's - terminationGracePeriodSeconds will be used. Otherwise, this - value overrides the value provided by the pod spec. Value must - be non-negative integer. The value zero indicates stop immediately - via the kill signal (no opportunity to shut down). This is a - beta field and requires enabling ProbeTerminationGracePeriod - feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds - is used if unset. - format: int64 - type: integer - timeoutSeconds: - description: 'Number of seconds after which the probe times out. - Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - tolerations: - description: Toleration to be used in order to run Druid on nodes - tainted - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - updateStrategy: - description: StatefulSetUpdateStrategy indicates the strategy that - the StatefulSet controller will use to perform updates. It includes - any additional parameters necessary to perform the update for the - indicated strategy. - properties: - rollingUpdate: - description: RollingUpdate is used to communicate parameters when - Type is RollingUpdateStatefulSetStrategyType. - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: 'The maximum number of pods that can be unavailable - during the update. Value can be an absolute number (ex: - 5) or a percentage of desired pods (ex: 10%). Absolute number - is calculated from percentage by rounding up. This can not - be 0. Defaults to 1. This field is alpha-level and is only - honored by servers that enable the MaxUnavailableStatefulSet - feature. The field applies to all pods in the range 0 to - Replicas-1. That means if there is any unavailable pod in - the range 0 to Replicas-1, it will be counted towards MaxUnavailable.' - x-kubernetes-int-or-string: true - partition: - description: Partition indicates the ordinal at which the - StatefulSet should be partitioned for updates. During a - rolling update, all pods from ordinal Replicas-1 to Partition - are updated. All pods from ordinal Partition-1 to 0 remain - untouched. This is helpful in being able to do a canary - based deployment. The default value is 0. - format: int32 - type: integer - type: object - type: - description: Type indicates the type of the StatefulSetUpdateStrategy. - Default is RollingUpdate. - type: string - type: object - volumeClaimTemplates: - description: volumes etc for the Druid pods - items: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: 'spec defines the desired characteristics of a - volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify either: - * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the provisioner - or an external controller can support the specified data - source, it will create a new volume based on the contents - of the specified data source. When the AnyVolumeDataSource - feature gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will be copied - to dataSource when dataSourceRef.namespace is not specified. - If the namespace is specified, then dataSourceRef will - not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, the - specified Kind must be in the core API group. For - any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object from which - to populate the volume with data, if a non-empty volume - is desired. This may be any object from a non-empty API - group (non core object) or a PersistentVolumeClaim object. - When this field is specified, volume binding will only - succeed if the type of the specified object matches some - installed volume populator or dynamic provisioner. This - field will replace the functionality of the dataSource - field and as such if both fields are non-empty, they must - have the same value. For backwards compatibility, when - namespace isn''t specified in dataSourceRef, both fields - (dataSource and dataSourceRef) will be set to the same - value automatically if one of them is empty and the other - is non-empty. When namespace is specified in dataSourceRef, - dataSource isn''t set to the same value and must be empty. - There are three important differences between dataSource - and dataSourceRef: * While dataSource only allows two - specific types of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. * While - dataSource ignores disallowed values (dropping them), - dataSourceRef preserves all values, and generates an error - if a disallowed value is specified. * While dataSource - only allows local objects, dataSourceRef allows objects - in any namespaces. (Beta) Using this field requires the - AnyVolumeDataSource feature gate to be enabled. (Alpha) - Using the namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, the - specified Kind must be in the core API group. For - any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace is specified, - a gateway.networking.k8s.io/ReferenceGrant object - is required in the referent namespace to allow that - namespace's owner to accept the reference. See the - ReferenceGrant documentation for details. (Alpha) - This field requires the CrossNamespaceVolumeDataSource - feature gate to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify resource - requirements that are lower than previous value but must - still be higher than capacity recorded in the status field - of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. \n This field - is immutable. It can only be set for containers." - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry - in pod.spec.resourceClaims of the Pod where - this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes to consider - for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the StorageClass - required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - type: object - status: - description: 'status represents the current information/status - of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - accessModes: - description: 'accessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: allocatedResources is the storage resource - within AllocatedResources tracks the capacity allocated - to a PVC. It may be larger than the actual capacity when - a volume expansion operation is requested. For storage - quota, the larger value from allocatedResources and PVC.spec.resources - is used. If allocatedResources is not set, PVC.spec.resources - alone is used for quota calculation. If a volume expansion - capacity request is lowered, allocatedResources is only - lowered if there are no expansion operations in progress - and if the actual volume capacity is equal or lower than - the requested capacity. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: object - capacity: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: capacity represents the actual resources of - the underlying volume. - type: object - conditions: - description: conditions is the current Condition of persistent - volume claim. If underlying persistent volume is being - resized then the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: lastProbeTime is the time we probed the - condition. - format: date-time - type: string - lastTransitionTime: - description: lastTransitionTime is the time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: message is the human-readable message - indicating details about last transition. - type: string - reason: - description: reason is a unique, this should be a - short, machine understandable string that gives - the reason for condition's last transition. If it - reports "ResizeStarted" that means the underlying - persistent volume is being resized. - type: string - status: - type: string - type: - description: PersistentVolumeClaimConditionType is - a valid value of PersistentVolumeClaimCondition.Type - type: string - required: - - status - - type - type: object - type: array - phase: - description: phase represents the current phase of PersistentVolumeClaim. - type: string - resizeStatus: - description: resizeStatus stores status of resize operation. - ResizeStatus is not set by default but when expansion - is complete resizeStatus is set to empty string by resize - controller or kubelet. This is an alpha field and requires - enabling RecoverVolumeExpansionFailure feature. - type: string - type: object - type: object - type: array - volumeMounts: - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume should - be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly to - SubPath but environment variable references $(VAR_NAME) are - expanded using the container's environment. Defaults to "" - (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'awsElasticBlockStore represents an AWS Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'readOnly value true will force the readOnly - setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'volumeID is unique ID of the persistent disk - resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: azureDisk represents an Azure Data Disk mount on - the host and bind mount to the pod. - properties: - cachingMode: - description: 'cachingMode is the Host Caching mode: None, - Read Only, Read Write.' - type: string - diskName: - description: diskName is the Name of the data disk in the - blob storage - type: string - diskURI: - description: diskURI is the URI of data disk in the blob - storage - type: string - fsType: - description: fsType is Filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'kind expected values are Shared: multiple - blob disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: azureFile represents an Azure File Service mount - on the host and bind mount to the pod. - properties: - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: secretName is the name of secret that contains - Azure Storage Account Name and Key - type: string - shareName: - description: shareName is the azure share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: cephFS represents a Ceph FS mount on the host that - shares a pod's lifetime - properties: - monitors: - description: 'monitors is Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'path is Optional: Used as the mounted root, - rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'secretFile is Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'secretRef is Optional: SecretRef is reference - to the authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Examples: "ext4", "xfs", "ntfs". Implicitly inferred to - be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'secretRef is optional: points to a secret - object containing parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeID: - description: 'volumeID used to identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: configMap represents a configMap that should populate - this volume - properties: - defaultMode: - description: 'defaultMode is optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items if unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the ConfigMap, the volume setup will error unless it is - marked optional. Paths must be relative and may not contain - the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: optional specify whether the ConfigMap or its - keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - csi: - description: csi (Container Storage Interface) represents ephemeral - storage that is handled by certain external CSI drivers (Beta - feature). - properties: - driver: - description: driver is the name of the CSI driver that handles - this volume. Consult with your admin for the correct name - as registered in the cluster. - type: string - fsType: - description: fsType to mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value is passed to the associated - CSI driver which will determine the default filesystem - to apply. - type: string - nodePublishSecretRef: - description: nodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - readOnly: - description: readOnly specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: volumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: downwardAPI represents downward API about the pod - that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a Optional: mode bits used to set - permissions on created files by default. Must be an octal - value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to set permissions - on this file, must be an octal value between 0000 - and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires - decimal values for mode bits. If not specified, - the volume defaultMode will be used. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'emptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'medium represents what type of storage medium - should back this directory. The default is "" which means - to use the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - description: 'sizeLimit is the total amount of local storage - required for this EmptyDir volume. The size limit is also - applicable for memory medium. The maximum usage on memory - medium EmptyDir would be the minimum value between the - SizeLimit specified here and the sum of memory limits - of all containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - description: "ephemeral represents a volume that is handled - by a cluster storage driver. The volume's lifecycle is tied - to the pod that defines it - it will be created before the - pod starts, and deleted when the pod is removed. \n Use this - if: a) the volume is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot or capacity - tracking are needed, c) the storage driver is specified through - a storage class, and d) the storage driver supports dynamic - volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource - for more information on the connection between this volume - type and PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes that persist - for longer than the lifecycle of an individual pod. \n Use - CSI for light-weight local ephemeral volumes if the CSI driver - is meant to be used that way - see the documentation of the - driver for more information. \n A pod can use both types of - ephemeral volumes and persistent volumes at the same time." - properties: - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to - provision the volume. The pod in which this EphemeralVolumeSource - is embedded will be the owner of the PVC, i.e. the PVC - will be deleted together with the pod. The name of the - PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. - Pod validation will reject the pod if the concatenated - name is not valid for a PVC (for example, too long). \n - An existing PVC with that name that is not owned by the - pod will *not* be used for the pod to avoid using an unrelated - volume by mistake. Starting the pod is then blocked until - the unrelated PVC is removed. If such a pre-created PVC - is meant to be used by the pod, the PVC has to updated - with an owner reference to the pod once the pod exists. - Normally this should not be necessary, but it may be useful - when manually reconstructing a broken cluster. \n This - field is read-only and no changes will be made by Kubernetes - to the PVC after it has been created. \n Required, must - not be nil." - properties: - metadata: - description: May contain labels and annotations that - will be copied into the PVC when creating it. No other - fields are allowed and will be rejected during validation. - properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: - type: string - type: object - spec: - description: The specification for the PersistentVolumeClaim. - The entire content is copied unchanged into the PVC - that gets created from this template. The same fields - as in a PersistentVolumeClaim are also valid here. - properties: - accessModes: - description: 'accessModes contains the desired access - modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - dataSource: - description: 'dataSource field can be used to specify - either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) - * An existing PVC (PersistentVolumeClaim) If the - provisioner or an external controller can support - the specified data source, it will create a new - volume based on the contents of the specified - data source. When the AnyVolumeDataSource feature - gate is enabled, dataSource contents will be copied - to dataSourceRef, and dataSourceRef contents will - be copied to dataSource when dataSourceRef.namespace - is not specified. If the namespace is specified, - then dataSourceRef will not be copied to dataSource.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - dataSourceRef: - description: 'dataSourceRef specifies the object - from which to populate the volume with data, if - a non-empty volume is desired. This may be any - object from a non-empty API group (non core object) - or a PersistentVolumeClaim object. When this field - is specified, volume binding will only succeed - if the type of the specified object matches some - installed volume populator or dynamic provisioner. - This field will replace the functionality of the - dataSource field and as such if both fields are - non-empty, they must have the same value. For - backwards compatibility, when namespace isn''t - specified in dataSourceRef, both fields (dataSource - and dataSourceRef) will be set to the same value - automatically if one of them is empty and the - other is non-empty. When namespace is specified - in dataSourceRef, dataSource isn''t set to the - same value and must be empty. There are three - important differences between dataSource and dataSourceRef: - * While dataSource only allows two specific types - of objects, dataSourceRef allows any non-core - object, as well as PersistentVolumeClaim objects. - * While dataSource ignores disallowed values (dropping - them), dataSourceRef preserves all values, and - generates an error if a disallowed value is specified. - * While dataSource only allows local objects, - dataSourceRef allows objects in any namespaces. - (Beta) Using this field requires the AnyVolumeDataSource - feature gate to be enabled. (Alpha) Using the - namespace field of dataSourceRef requires the - CrossNamespaceVolumeDataSource feature gate to - be enabled.' - properties: - apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API - group. For any other third-party types, APIGroup - is required. - type: string - kind: - description: Kind is the type of resource being - referenced - type: string - name: - description: Name is the name of resource being - referenced - type: string - namespace: - description: Namespace is the namespace of resource - being referenced Note that when a namespace - is specified, a gateway.networking.k8s.io/ReferenceGrant - object is required in the referent namespace - to allow that namespace's owner to accept - the reference. See the ReferenceGrant documentation - for details. (Alpha) This field requires the - CrossNamespaceVolumeDataSource feature gate - to be enabled. - type: string - required: - - kind - - name - type: object - resources: - description: 'resources represents the minimum resources - the volume should have. If RecoverVolumeExpansionFailure - feature is enabled users are allowed to specify - resource requirements that are lower than previous - value but must still be higher than capacity recorded - in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field - and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. - It can only be set for containers." - items: - description: ResourceClaim references one - entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name - of one entry in pod.spec.resourceClaims - of the Pod where this field is used. - It makes that resource available inside - a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum - amount of compute resources required. If Requests - is omitted for a container, it defaults to - Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: - https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - selector: - description: selector is a label query over volumes - to consider for binding. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - storageClassName: - description: 'storageClassName is the name of the - StorageClass required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume - is required by the claim. Value of Filesystem - is implied when not included in claim spec. - type: string - volumeName: - description: volumeName is the binding reference - to the PersistentVolume backing this claim. - type: string - type: object - required: - - spec - type: object - type: object - fc: - description: fc represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to the - pod. - properties: - fsType: - description: 'fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'lun is Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'readOnly is Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'targetWWNs is Optional: FC target worldwide - names (WWNs)' - items: - type: string - type: array - wwids: - description: 'wwids Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: flexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: driver is the name of the driver to use for - this volume. - type: string - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". The default filesystem depends - on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'options is Optional: this field holds extra - command options if any.' - type: object - readOnly: - description: 'readOnly is Optional: defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'secretRef is Optional: secretRef is reference - to the secret object containing sensitive information - to pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the plugin - scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - required: - - driver - type: object - flocker: - description: flocker represents a Flocker volume attached to - a kubelet's host machine. This depends on the Flocker control - service being running - properties: - datasetName: - description: datasetName is Name of the dataset stored as - metadata -> name on the dataset for Flocker should be - considered as deprecated - type: string - datasetUUID: - description: datasetUUID is the UUID of the dataset. This - is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'gcePersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'fsType is filesystem type of the volume that - you want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'partition is the partition in the volume that - you want to mount. If omitted, the default is to mount - by volume name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'pdName is unique name of the PD resource in - GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'gitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir into - the Pod''s container.' - properties: - directory: - description: directory is the target directory name. Must - not contain or start with '..'. If '.' is supplied, the - volume directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: repository is the URL - type: string - revision: - description: revision is the commit hash for the specified - revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'endpoints is the endpoint name that details - Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'path is the Glusterfs volume path. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'readOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'hostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'type for HostPath Volume Defaults to "" More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'iscsi represents an ISCSI Disk resource that is - attached to a kubelet''s host machine and then exposed to - the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: chapAuthDiscovery defines whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: chapAuthSession defines whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: initiatorName is the custom iSCSI Initiator - Name. If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: iqn is the target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iscsiInterface is the interface Name that uses - an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: lun represents iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: portals is the iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if the port is - other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: secretRef is the CHAP Secret for iSCSI target - and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - targetPortal: - description: targetPortal is iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port is other than - default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'name of the volume. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'nfs represents an NFS mount on the host that shares - a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'path that is exported by the NFS server. More - info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'readOnly here will force the NFS export to - be mounted with read-only permissions. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'server is the hostname or IP address of the - NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'persistentVolumeClaimVolumeSource represents a - reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'claimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: readOnly Will force the ReadOnly setting in - VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: photonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: pdID is the ID that identifies Photon Controller - persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: portworxVolume represents a portworx volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fSType represents the filesystem type to mount - Must be a filesystem type supported by the host operating - system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: volumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: projected items for all in one resources secrets, - configmaps, and downward API - properties: - defaultMode: - description: defaultMode are the mode bits used to set permissions - on created files by default. Must be an octal value between - 0000 and 0777 or a decimal value between 0 and 511. YAML - accepts both octal and decimal values, JSON requires decimal - values for mode bits. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like fsGroup, - and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: sources is the list of volume projections - items: - description: Projection that may be projected along with - other supported volume types - properties: - configMap: - description: configMap information about the configMap - data to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the ConfigMap, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - downwardAPI: - description: downwardAPI information about the downwardAPI - data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the - FieldPath is written in terms of, - defaults to "v1". - type: string - fieldPath: - description: Path of the field to select - in the specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - mode: - description: 'Optional: mode bits used to - set permissions on this file, must be - an octal value between 0000 and 0777 or - a decimal value between 0 and 511. YAML - accepts both octal and decimal values, - JSON requires decimal values for mode - bits. If not specified, the volume defaultMode - will be used. This might be in conflict - with other options that affect the file - mode, like fsGroup, and the result can - be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must - not be absolute or contain the ''..'' - path. Must be utf-8 encoded. The first - item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and requests - (limits.cpu, limits.memory, requests.cpu - and requests.memory) are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format - of the exposed resources, defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to - select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - required: - - path - type: object - type: array - type: object - secret: - description: secret information about the secret data - to project - properties: - items: - description: items if unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified which - is not present in the Secret, the volume setup - will error unless it is marked optional. Paths - must be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path within - a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits - used to set permissions on this file. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and - 511. YAML accepts both octal and decimal - values, JSON requires decimal values for - mode bits. If not specified, the volume - defaultMode will be used. This might be - in conflict with other options that affect - the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of - the file to map the key to. May not be - an absolute path. May not contain the - path element '..'. May not start with - the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: optional field specify whether the - Secret or its key must be defined - type: boolean - type: object - x-kubernetes-map-type: atomic - serviceAccountToken: - description: serviceAccountToken is information about - the serviceAccountToken data to project - properties: - audience: - description: audience is the intended audience - of the token. A recipient of a token must identify - itself with an identifier specified in the audience - of the token, and otherwise should reject the - token. The audience defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: expirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, the - kubelet volume plugin will proactively rotate - the service account token. The kubelet will - start trying to rotate the token if the token - is older than 80 percent of its time to live - or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: path is the path relative to the - mount point of the file to project the token - into. - type: string - required: - - path - type: object - type: object - type: array - type: object - quobyte: - description: quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: group to map volume access to Default is no - group - type: string - readOnly: - description: readOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. - type: boolean - registry: - description: registry represents a single or multiple Quobyte - Registry services specified as a string as host:port pair - (multiple entries are separated with commas) which acts - as the central registry for volumes - type: string - tenant: - description: tenant owning the given Quobyte volume in the - Backend Used with dynamically provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: user to map volume access to Defaults to serivceaccount - user - type: string - volume: - description: volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'rbd represents a Rados Block Device mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'fsType is the filesystem type of the volume - that you want to mount. Tip: Ensure that the filesystem - type is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'image is the rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'monitors is a collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'pool is the rados pool name. Default is rbd. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'readOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'secretRef is name of the authentication secret - for RBDUser. If provided overrides keyring. Default is - nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - user: - description: 'user is the rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: scaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: gateway is the host address of the ScaleIO - API Gateway. - type: string - protectionDomain: - description: protectionDomain is the name of the ScaleIO - Protection Domain for the configured storage. - type: string - readOnly: - description: readOnly Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef references to the secret for ScaleIO - user and other sensitive information. If this is not provided, - Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - sslEnabled: - description: sslEnabled Flag enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: storageMode indicates whether the storage for - a volume should be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: storagePool is the ScaleIO Storage Pool associated - with the protection domain. - type: string - system: - description: system is the name of the storage system as - configured in ScaleIO. - type: string - volumeName: - description: volumeName is the name of a volume already - created in the ScaleIO system that is associated with - this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'defaultMode is Optional: mode bits used to - set permissions on created files by default. Must be an - octal value between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. Defaults to - 0644. Directories within the path are not affected by - this setting. This might be in conflict with other options - that affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - items: - description: items If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and content - is the value. If specified, the listed keys will be projected - into the specified paths, and unlisted keys will not be - present. If a key is specified which is not present in - the Secret, the volume setup will error unless it is marked - optional. Paths must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: key is the key to project. - type: string - mode: - description: 'mode is Optional: mode bits used to - set permissions on this file. Must be an octal value - between 0000 and 0777 or a decimal value between - 0 and 511. YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - format: int32 - type: integer - path: - description: path is the relative path of the file - to map the key to. May not be an absolute path. - May not contain the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: optional field specify whether the Secret or - its keys must be defined - type: boolean - secretName: - description: 'secretName is the name of the secret in the - pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: storageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: fsType is the filesystem type to mount. Must - be a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: readOnly defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: secretRef specifies the secret to use for obtaining - the StorageOS API credentials. If not specified, default - values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - volumeName: - description: volumeName is the human-readable name of the - StorageOS volume. Volume names are only unique within - a namespace. - type: string - volumeNamespace: - description: volumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows the - Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name to - override the default behaviour. Set to "default" if you - are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: vsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: fsType is filesystem type to mount. Must be - a filesystem type supported by the host operating system. - Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: storagePolicyID is the storage Policy Based - Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: storagePolicyName is the storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: volumePath is the path that identifies vSphere - volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - zookeeper: - description: futuristic stuff to make Druid dependency setup extensible - from within Druid operator ignore for now. - properties: - spec: - description: RawMessage is a raw encoded JSON value. It implements - Marshaler and Unmarshaler and can be used to delay JSON decoding - or precompute a JSON encoding. - format: byte - type: string - type: - type: string - required: - - spec - - type - type: object - required: - - common.runtime.properties - - commonConfigMountPath - - nodes - - startScript - type: object - status: - description: DruidStatus defines the observed state of Druid - properties: - configMaps: - items: - type: string - type: array - deployments: - items: - type: string - type: array - druidNodeStatus: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' - properties: - druidNode: - type: string - druidNodeConditionStatus: - type: string - druidNodeConditionType: - type: string - reason: - type: string - type: object - hpAutoscalers: - items: - type: string - type: array - ingress: - items: - type: string - type: array - persistentVolumeClaims: - items: - type: string - type: array - podDisruptionBudgets: - items: - type: string - type: array - pods: - items: - type: string - type: array - services: - items: - type: string - type: array - statefulSets: - items: - type: string - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/druid-operator/config/manager/kustomization.yaml b/druid-operator/config/manager/kustomization.yaml deleted file mode 100644 index c9e787640d1c..000000000000 --- a/druid-operator/config/manager/kustomization.yaml +++ /dev/null @@ -1,23 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -resources: -- manager.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: controller - newName: datainfrahq/druid-operator - newTag: latest diff --git a/druid-operator/config/manager/manager.yaml b/druid-operator/config/manager/manager.yaml deleted file mode 100644 index 8f68400af586..000000000000 --- a/druid-operator/config/manager/manager.yaml +++ /dev/null @@ -1,117 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: namespace - app.kubernetes.io/instance: system - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager - app.kubernetes.io/name: deployment - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - spec: - # TODO(user): Uncomment the following code to configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/arch - # operator: In - # values: - # - amd64 - # - arm64 - # - ppc64le - # - s390x - # - key: kubernetes.io/os - # operator: In - # values: - # - linux - securityContext: - runAsNonRoot: true - # TODO(user): For common cases that do not require escalating privileges - # it is recommended to ensure that all your Pods/Containers are restrictive. - # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted - # Please uncomment the following code if your project does NOT have to work on old Kubernetes - # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). - # seccompProfile: - # type: RuntimeDefault - containers: - - command: - - /manager - args: - - --leader-elect - image: controller:latest - name: manager - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 diff --git a/druid-operator/config/prometheus/kustomization.yaml b/druid-operator/config/prometheus/kustomization.yaml deleted file mode 100644 index ffdabb51121b..000000000000 --- a/druid-operator/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -resources: -- monitor.yaml diff --git a/druid-operator/config/prometheus/monitor.yaml b/druid-operator/config/prometheus/monitor.yaml deleted file mode 100644 index 30df9404c60a..000000000000 --- a/druid-operator/config/prometheus/monitor.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- - -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: servicemonitor - app.kubernetes.io/instance: controller-manager-metrics-monitor - app.kubernetes.io/component: metrics - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager diff --git a/druid-operator/config/rbac/auth_proxy_client_clusterrole.yaml b/druid-operator/config/rbac/auth_proxy_client_clusterrole.yaml deleted file mode 100644 index e335b5d86f46..000000000000 --- a/druid-operator/config/rbac/auth_proxy_client_clusterrole.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: metrics-reader - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get diff --git a/druid-operator/config/rbac/auth_proxy_role.yaml b/druid-operator/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index c43d2158cf00..000000000000 --- a/druid-operator/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: proxy-role - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/druid-operator/config/rbac/auth_proxy_role_binding.yaml b/druid-operator/config/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index 3b423e3de6ff..000000000000 --- a/druid-operator/config/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: proxy-rolebinding - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/druid-operator/config/rbac/auth_proxy_service.yaml b/druid-operator/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 0a5885371f70..000000000000 --- a/druid-operator/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: service - app.kubernetes.io/instance: controller-manager-metrics-service - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager diff --git a/druid-operator/config/rbac/druid_druidingestion_editor_role.yaml b/druid-operator/config/rbac/druid_druidingestion_editor_role.yaml deleted file mode 100644 index 31c6a0f94835..000000000000 --- a/druid-operator/config/rbac/druid_druidingestion_editor_role.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# permissions for end users to edit druidingestions. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: druidingestion-editor-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: druidingestion-editor-role -rules: -- apiGroups: - - druid.apache.org - resources: - - druidingestions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - druid.apache.org - resources: - - druidingestions/status - verbs: - - get diff --git a/druid-operator/config/rbac/druid_druidingestion_viewer_role.yaml b/druid-operator/config/rbac/druid_druidingestion_viewer_role.yaml deleted file mode 100644 index 745f2dcbbb3b..000000000000 --- a/druid-operator/config/rbac/druid_druidingestion_viewer_role.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# permissions for end users to view druidingestions. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: druidingestion-viewer-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: druidingestion-viewer-role -rules: -- apiGroups: - - druid.apache.org - resources: - - druidingestions - verbs: - - get - - list - - watch -- apiGroups: - - druid.apache.org - resources: - - druidingestions/status - verbs: - - get diff --git a/druid-operator/config/rbac/druid_editor_role.yaml b/druid-operator/config/rbac/druid_editor_role.yaml deleted file mode 100644 index 285f231a3786..000000000000 --- a/druid-operator/config/rbac/druid_editor_role.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# permissions for end users to edit druids. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: druid-editor-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: druid-editor-role -rules: -- apiGroups: - - druid.apache.org - resources: - - druids - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - druid.apache.org - resources: - - druids/status - verbs: - - get diff --git a/druid-operator/config/rbac/druid_viewer_role.yaml b/druid-operator/config/rbac/druid_viewer_role.yaml deleted file mode 100644 index 44eccf8aaad8..000000000000 --- a/druid-operator/config/rbac/druid_viewer_role.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# permissions for end users to view druids. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: druid-viewer-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: druid-viewer-role -rules: -- apiGroups: - - druid.apache.org - resources: - - druids - verbs: - - get - - list - - watch -- apiGroups: - - druid.apache.org - resources: - - druids/status - verbs: - - get diff --git a/druid-operator/config/rbac/kustomization.yaml b/druid-operator/config/rbac/kustomization.yaml deleted file mode 100644 index 0084d8e10c6c..000000000000 --- a/druid-operator/config/rbac/kustomization.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml diff --git a/druid-operator/config/rbac/leader_election_role.yaml b/druid-operator/config/rbac/leader_election_role.yaml deleted file mode 100644 index b57ba4ea630c..000000000000 --- a/druid-operator/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,59 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/name: role - app.kubernetes.io/instance: leader-election-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/druid-operator/config/rbac/leader_election_role_binding.yaml b/druid-operator/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index c4eaa538601a..000000000000 --- a/druid-operator/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: rolebinding - app.kubernetes.io/instance: leader-election-rolebinding - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/druid-operator/config/rbac/role.yaml b/druid-operator/config/rbac/role.yaml deleted file mode 100644 index abed24a7a7e4..000000000000 --- a/druid-operator/config/rbac/role.yaml +++ /dev/null @@ -1,167 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: manager-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - druid.apache.org - resources: - - druids - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - druid.apache.org - resources: - - druids/status - verbs: - - get - - patch - - update -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list - - watch diff --git a/druid-operator/config/rbac/role_binding.yaml b/druid-operator/config/rbac/role_binding.yaml deleted file mode 100644 index 77e967eeadf6..000000000000 --- a/druid-operator/config/rbac/role_binding.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: manager-rolebinding - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/druid-operator/config/rbac/service_account.yaml b/druid-operator/config/rbac/service_account.yaml deleted file mode 100644 index 783a95a84f13..000000000000 --- a/druid-operator/config/rbac/service_account.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: serviceaccount - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: druid-operator - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - name: controller-manager - namespace: system diff --git a/druid-operator/config/samples/druid_v1alpha1_druid.yaml b/druid-operator/config/samples/druid_v1alpha1_druid.yaml deleted file mode 100644 index f649799aa949..000000000000 --- a/druid-operator/config/samples/druid_v1alpha1_druid.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: druid.apache.org/v1alpha1 -kind: Druid -metadata: - labels: - app.kubernetes.io/name: druid - app.kubernetes.io/instance: druid-sample - app.kubernetes.io/part-of: druid-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: druid-operator - name: druid-sample -spec: - # TODO(user): Add fields here diff --git a/druid-operator/config/samples/druid_v1alpha1_druidingestion.yaml b/druid-operator/config/samples/druid_v1alpha1_druidingestion.yaml deleted file mode 100644 index 4dfb341d1957..000000000000 --- a/druid-operator/config/samples/druid_v1alpha1_druidingestion.yaml +++ /dev/null @@ -1,90 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: druid.apache.org/v1alpha1 -kind: DruidIngestion -metadata: - labels: - app.kubernetes.io/name: druidingestion - app.kubernetes.io/instance: druidingestion-sample - name: wikipedia-10 -spec: - suspend: false - druidCluster: tiny-cluster - ingestion: - type: native-batch - spec: |- - { - "type" : "index_parallel", - "spec" : { - "dataSchema" : { - "dataSource" : "wikipedia-10", - "dimensionsSpec" : { - "dimensions" : [ - "channel", - "cityName", - "comment", - "countryIsoCode", - "countryName", - "isAnonymous", - "isMinor", - "isNew", - "isRobot", - "isUnpatrolled", - "metroCode", - "namespace", - "page", - "regionIsoCode", - "regionName", - "user", - { "name": "added", "type": "long" }, - { "name": "deleted", "type": "long" }, - { "name": "delta", "type": "long" } - ] - }, - "timestampSpec": { - "column": "time", - "format": "iso" - }, - "metricsSpec" : [], - "granularitySpec" : { - "type" : "uniform", - "segmentGranularity" : "day", - "queryGranularity" : "none", - "intervals" : ["2015-09-12/2015-09-13"], - "rollup" : false - } - }, - "ioConfig" : { - "type" : "index_parallel", - "inputSource" : { - "type" : "local", - "baseDir" : "quickstart/tutorial/", - "filter" : "wikiticker-2015-09-12-sampled.json.gz" - }, - "inputFormat" : { - "type": "json" - }, - "appendToExisting" : false - }, - "tuningConfig" : { - "type" : "index_parallel", - "partitionsSpec": { - "type": "dynamic" - }, - "maxRowsInMemory" : 25000 - } - } - } diff --git a/druid-operator/controllers/druid/additional_containers.go b/druid-operator/controllers/druid/additional_containers.go deleted file mode 100644 index 0a5275fa1c89..000000000000 --- a/druid-operator/controllers/druid/additional_containers.go +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "fmt" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - v1 "k8s.io/api/core/v1" -) - -func addAdditionalContainers(m *v1alpha1.Druid, nodeSpec *v1alpha1.DruidNodeSpec, podSpec *v1.PodSpec) { - allAdditional := getAllAdditionalContainers(m, nodeSpec) - - for _, additional := range allAdditional { - container := convertAdditionalContainer(&additional) - - if additional.RunAsInit { - podSpec.InitContainers = append(podSpec.InitContainers, container) - } else { - podSpec.Containers = append(podSpec.Containers, container) - } - } -} - -func getAllAdditionalContainers(m *v1alpha1.Druid, nodeSpec *v1alpha1.DruidNodeSpec) []v1alpha1.AdditionalContainer { - var allAdditional []v1alpha1.AdditionalContainer - if m.Spec.AdditionalContainer != nil { - allAdditional = append(allAdditional, m.Spec.AdditionalContainer...) - } - if nodeSpec.AdditionalContainer != nil { - allAdditional = append(allAdditional, nodeSpec.AdditionalContainer...) - } - return allAdditional -} - -func convertAdditionalContainer(additional *v1alpha1.AdditionalContainer) v1.Container { - return v1.Container{ - Image: additional.Image, - Name: additional.ContainerName, - Resources: additional.Resources, - VolumeMounts: additional.VolumeMounts, - Command: additional.Command, - Args: additional.Args, - ImagePullPolicy: additional.ImagePullPolicy, - SecurityContext: additional.ContainerSecurityContext, - Env: additional.Env, - EnvFrom: additional.EnvFrom, - } -} - -func validateAdditionalContainersSpec(drd *v1alpha1.Druid) error { - for _, nodeSpec := range drd.Spec.Nodes { - if err := validateNodeAdditionalContainersSpec(drd, &nodeSpec); err != nil { - return err - } - } - return nil -} - -func validateNodeAdditionalContainersSpec(drd *v1alpha1.Druid, nodeSpec *v1alpha1.DruidNodeSpec) error { - allAdditional := getAllAdditionalContainers(drd, nodeSpec) - var containerNames []string - for _, container := range allAdditional { - containerNames = append(containerNames, container.ContainerName) - } - if duplicate, containerName := hasDuplicateString(containerNames); duplicate { - return fmt.Errorf("node group %s has duplicate container name: %s", - nodeSpec.NodeType, containerName) - } - return nil -} diff --git a/druid-operator/controllers/druid/additional_containers_test.go b/druid-operator/controllers/druid/additional_containers_test.go deleted file mode 100644 index 301b182c3162..000000000000 --- a/druid-operator/controllers/druid/additional_containers_test.go +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "fmt" - "time" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - v1 "k8s.io/api/apps/v1" - "k8s.io/apimachinery/pkg/types" -) - -// +kubebuilder:docs-gen:collapse=Imports - -var _ = Describe("Test Additional Containers", func() { - const ( - timeout = time.Second * 45 - interval = time.Millisecond * 250 - ) - - Context("When adding cluster-level additional containers", func() { - It("Should add the containers to the pod", func() { - By("By creating a Druid object") - filePath := "testdata/additional-containers.yaml" - druid, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - - Expect(k8sClient.Create(ctx, druid)).To(Succeed()) - - existDruid := &v1alpha1.Druid{} - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druid.Name, Namespace: druid.Namespace}, existDruid) - return err == nil - }, timeout, interval).Should(BeTrue()) - - brokerDeployment := &v1.Deployment{} - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{ - Namespace: druid.Namespace, - Name: fmt.Sprintf("druid-%s-%s", druid.Name, "brokers"), - }, brokerDeployment) - return err == nil - }, timeout, interval).Should(BeTrue()) - - Expect(brokerDeployment.Spec.Template.Spec.Containers).ShouldNot(BeNil()) - - isClusterContainerExists := false - isNodeContainerExists := false - for _, container := range brokerDeployment.Spec.Template.Spec.Containers { - if container.Name == "cluster-level" { - isClusterContainerExists = true - continue - } - if container.Name == "node-level" { - isNodeContainerExists = true - continue - } - } - - Expect(isClusterContainerExists).Should(BeTrue()) - Expect(isNodeContainerExists).Should(BeTrue()) - }) - }) -}) diff --git a/druid-operator/controllers/druid/configuration.go b/druid-operator/controllers/druid/configuration.go deleted file mode 100644 index 4c91bf748506..000000000000 --- a/druid-operator/controllers/druid/configuration.go +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "context" - "fmt" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -func makeConfigMap(name string, namespace string, labels map[string]string, data map[string]string) (*v1.ConfigMap, error) { - return &v1.ConfigMap{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "v1", - Kind: "ConfigMap", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Namespace: namespace, - Labels: labels, - }, - Data: data, - }, nil -} - -func makeCommonConfigMap(ctx context.Context, sdk client.Client, m *v1alpha1.Druid, ls map[string]string) (*v1.ConfigMap, error) { - prop := m.Spec.CommonRuntimeProperties - - if m.Spec.Zookeeper != nil { - if zm, err := createZookeeperManager(m.Spec.Zookeeper); err != nil { - return nil, err - } else { - prop = prop + "\n" + zm.Configuration() + "\n" - } - } - - if m.Spec.MetadataStore != nil { - if msm, err := createMetadataStoreManager(m.Spec.MetadataStore); err != nil { - return nil, err - } else { - prop = prop + "\n" + msm.Configuration() + "\n" - } - } - - if m.Spec.DeepStorage != nil { - if dsm, err := createDeepStorageManager(m.Spec.DeepStorage); err != nil { - return nil, err - } else { - prop = prop + "\n" + dsm.Configuration() + "\n" - } - } - - data := map[string]string{ - "common.runtime.properties": prop, - } - - if m.Spec.DimensionsMapPath != "" { - data["metricDimensions.json"] = m.Spec.DimensionsMapPath - } - if m.Spec.HdfsSite != "" { - data["hdfs-site.xml"] = m.Spec.HdfsSite - } - if m.Spec.CoreSite != "" { - data["core-site.xml"] = m.Spec.CoreSite - } - - if err := addExtraCommonConfig(ctx, sdk, m, data); err != nil { - return nil, err - } - - cfg, err := makeConfigMap( - fmt.Sprintf("%s-druid-common-config", m.ObjectMeta.Name), - m.Namespace, - ls, - data) - return cfg, err -} - -func addExtraCommonConfig(ctx context.Context, sdk client.Client, m *v1alpha1.Druid, data map[string]string) error { - if m.Spec.ExtraCommonConfig == nil { - return nil - } - - for _, cmRef := range m.Spec.ExtraCommonConfig { - cm := &v1.ConfigMap{} - if err := sdk.Get(ctx, types.NamespacedName{ - Name: cmRef.Name, - Namespace: cmRef.Namespace}, cm); err != nil { - // If a configMap is not found - output error and keep reconciliation - continue - } - - for fileName, fileContent := range cm.Data { - data[fileName] = fileContent - } - } - - return nil -} - -func makeConfigMapForNodeSpec(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, lm map[string]string, nodeSpecUniqueStr string) (*v1.ConfigMap, error) { - - data := map[string]string{ - "runtime.properties": fmt.Sprintf("druid.port=%d\n%s", nodeSpec.DruidPort, nodeSpec.RuntimeProperties), - "jvm.config": fmt.Sprintf("%s\n%s", firstNonEmptyStr(nodeSpec.JvmOptions, m.Spec.JvmOptions), nodeSpec.ExtraJvmOptions), - } - log4jconfig := firstNonEmptyStr(nodeSpec.Log4jConfig, m.Spec.Log4jConfig) - if log4jconfig != "" { - data["log4j2.xml"] = log4jconfig - } - - return makeConfigMap( - fmt.Sprintf("%s-config", nodeSpecUniqueStr), - m.Namespace, - lm, - data) -} - -func getNodeConfigMountPath(nodeSpec *v1alpha1.DruidNodeSpec) string { - return fmt.Sprintf("/druid/conf/druid/%s", nodeSpec.NodeType) -} diff --git a/druid-operator/controllers/druid/deep_storage_dep_mgmt.go b/druid-operator/controllers/druid/deep_storage_dep_mgmt.go deleted file mode 100644 index b60a360e9500..000000000000 --- a/druid-operator/controllers/druid/deep_storage_dep_mgmt.go +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "encoding/json" - "fmt" - "reflect" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - "github.com/datainfrahq/druid-operator/controllers/druid/ext" -) - -var deepStorageExtTypes = map[string]reflect.Type{} - -func init() { - deepStorageExtTypes["default"] = reflect.TypeOf(ext.DefaultDeepStorageManager{}) -} - -// We might have to add more methods to this interface to enable extensions that completely manage -// deploy, upgrade and termination of deep storage. -type deepStorageManager interface { - Configuration() string -} - -func createDeepStorageManager(spec *v1alpha1.DeepStorageSpec) (deepStorageManager, error) { - if t, ok := deepStorageExtTypes[spec.Type]; ok { - v := reflect.New(t).Interface() - if err := json.Unmarshal(spec.Spec, v); err != nil { - return nil, fmt.Errorf("Couldn't unmarshall deepStorage type[%s]. Error[%s].", spec.Type, err.Error()) - } else { - return v.(deepStorageManager), nil - } - } else { - return nil, fmt.Errorf("Can't find type[%s] for DeepStorage Mgmt.", spec.Type) - } -} diff --git a/druid-operator/controllers/druid/druid_controller.go b/druid-operator/controllers/druid/druid_controller.go deleted file mode 100644 index 69941b21791a..000000000000 --- a/druid-operator/controllers/druid/druid_controller.go +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "context" - "os" - "time" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/client-go/tools/record" - - "github.com/go-logr/logr" - "k8s.io/apimachinery/pkg/runtime" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - - druidv1alpha1 "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" -) - -// DruidReconciler reconciles a Druid object -type DruidReconciler struct { - client.Client - Log logr.Logger - Scheme *runtime.Scheme - // reconcile time duration, defaults to 10s - ReconcileWait time.Duration - Recorder record.EventRecorder -} - -func NewDruidReconciler(mgr ctrl.Manager) *DruidReconciler { - return &DruidReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("Druid"), - Scheme: mgr.GetScheme(), - ReconcileWait: LookupReconcileTime(), - Recorder: mgr.GetEventRecorderFor("druid-operator"), - } -} - -// +kubebuilder:rbac:groups=druid.apache.org,resources=druids,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=druid.apache.org,resources=druids/status,verbs=get;update;patch -// +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups="",resources=events,verbs=get;list;watch;create;patch -// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=autoscaling,resources=horizontalpodautoscalers,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=policy,resources=poddisruptionbudgets,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=storage.k8s.io,resources=storageclasses,verbs=get;list;watch - -func (r *DruidReconciler) Reconcile(ctx context.Context, request reconcile.Request) (ctrl.Result, error) { - _ = r.Log.WithValues("druid", request.NamespacedName) - - // Fetch the Druid instance - instance := &druidv1alpha1.Druid{} - err := r.Get(ctx, request.NamespacedName, instance) - if err != nil { - if errors.IsNotFound(err) { - // Request object not found, could have been deleted after reconcile request. - // Owned objects are automatically garbage collected. For additional cleanup logic use finalizers. - // Return and don't requeue - return ctrl.Result{}, nil - } - // Error reading the object - requeue the request. - return ctrl.Result{}, err - } - - // Initialize Emit Events - var emitEvent EventEmitter = EmitEventFuncs{r.Recorder} - - // Deploy Druid Cluster - if err := deployDruidCluster(ctx, r.Client, instance, emitEvent); err != nil { - return ctrl.Result{}, err - } - - // Update Druid Dynamic Configs - if err := updateDruidDynamicConfigs(ctx, r.Client, instance, emitEvent); err != nil { - return ctrl.Result{}, err - } - - // If both operations succeed, requeue after specified wait time - return ctrl.Result{RequeueAfter: r.ReconcileWait}, nil -} - -func (r *DruidReconciler) SetupWithManager(mgr ctrl.Manager) error { - return ctrl.NewControllerManagedBy(mgr). - For(&druidv1alpha1.Druid{}). - WithEventFilter(GenericPredicates{}). - WithOptions(controller.Options{ - MaxConcurrentReconciles: getMaxConcurrentReconciles(), - }). - Complete(r) -} - -func LookupReconcileTime() time.Duration { - val, exists := os.LookupEnv("RECONCILE_WAIT") - if !exists { - return time.Second * 10 - } else { - v, err := time.ParseDuration(val) - if err != nil { - logger.Error(err, err.Error()) - // Exit Program if not valid - os.Exit(1) - } - return v - } -} - -func getMaxConcurrentReconciles() int { - var MaxConcurrentReconciles = "MAX_CONCURRENT_RECONCILES" - - nu, found := os.LookupEnv(MaxConcurrentReconciles) - if !found { - return 1 - } - return Str2Int(nu) -} diff --git a/druid-operator/controllers/druid/druid_controller_test.go b/druid-operator/controllers/druid/druid_controller_test.go deleted file mode 100644 index bffd9a64a0c0..000000000000 --- a/druid-operator/controllers/druid/druid_controller_test.go +++ /dev/null @@ -1,351 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "fmt" - "time" - - druidv1alpha1 "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - appsv1 "k8s.io/api/apps/v1" - autoscalev2 "k8s.io/api/autoscaling/v2" - v1 "k8s.io/api/core/v1" - netv1 "k8s.io/api/networking/v1" - policyv1 "k8s.io/api/policy/v1" - "k8s.io/apimachinery/pkg/types" -) - -// +kubebuilder:docs-gen:collapse=Imports - -/* -testDruidOperator -*/ -var _ = Describe("Druid Operator", func() { - - // Define utility constants for object names and testing timeouts/durations and intervals. - const ( - filePath = "testdata/druid-smoke-test-cluster.yaml" - timeout = time.Second * 45 - interval = time.Millisecond * 250 - ) - druid := &druidv1alpha1.Druid{} - druidComponents := []string{"coordinators", "historicals", "routers", "brokers"} - - Context("When testing Druid Operator", func() { - druidCR, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - - It("Test druidCR creation - testDruidOperator", func() { - By("By creating a new druidCR") - Expect(k8sClient.Create(ctx, druidCR)).To(Succeed()) - - // Get CR and match ConfigMaps - expectedConfigMaps := []string{ - fmt.Sprintf("druid-%s-brokers-config", druidCR.Name), - fmt.Sprintf("druid-%s-coordinators-config", druidCR.Name), - fmt.Sprintf("druid-%s-historicals-config", druidCR.Name), - fmt.Sprintf("druid-%s-routers-config", druidCR.Name), - fmt.Sprintf("%s-druid-common-config", druidCR.Name), - } - - By("By getting a newly created druidCR") - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druidCR.Name, Namespace: druidCR.Namespace}, druid) - if !areStringArraysEqual(druid.Status.ConfigMaps, expectedConfigMaps) { - return false - } - return err == nil - }, timeout, interval).Should(BeTrue()) - - // Match ConfigMaps - By("By matching ConfigMaps") - Expect(druid.Status.ConfigMaps).Should(ConsistOf(expectedConfigMaps)) - - // Match Services - By("By matching Services") - expectedServices := []string{ - fmt.Sprintf("druid-%s-brokers", druidCR.Name), - fmt.Sprintf("druid-%s-coordinators", druidCR.Name), - fmt.Sprintf("druid-%s-historicals", druidCR.Name), - fmt.Sprintf("druid-%s-routers", druidCR.Name), - } - Expect(druid.Status.Services).Should(ConsistOf(expectedServices)) - - // Match StatefulSets - By("By matching StatefulSets") - expectedStatefulSets := []string{ - fmt.Sprintf("druid-%s-coordinators", druidCR.Name), - fmt.Sprintf("druid-%s-historicals", druidCR.Name), - fmt.Sprintf("druid-%s-routers", druidCR.Name), - } - Expect(druid.Status.StatefulSets).Should(ConsistOf(expectedStatefulSets)) - - // Match Deployments - By("By matching Deployments") - expectedDeployments := []string{ - fmt.Sprintf("druid-%s-brokers", druidCR.Name), - } - Expect(druid.Status.Deployments).Should(ConsistOf(expectedDeployments)) - - // Match PDBs - By("By matching PDBs") - expectedPDBs := []string{ - fmt.Sprintf("druid-%s-brokers", druidCR.Name), - } - Expect(druid.Status.PodDisruptionBudgets).Should(ConsistOf(expectedPDBs)) - - // Match HPAs - By("By matching HPAs") - expectedHPAs := []string{ - fmt.Sprintf("druid-%s-brokers", druidCR.Name), - } - Expect(druid.Status.HPAutoScalers).Should(ConsistOf(expectedHPAs)) - - // Match Ingress - By("By matching Ingress") - expectedIngress := []string{ - fmt.Sprintf("druid-%s-routers", druidCR.Name), - } - Expect(druid.Status.Ingress).Should(ConsistOf(expectedIngress)) - - }) - - It("Test broker deployment", func() { - componentName := "brokers" - createdDeploy := &appsv1.Deployment{} - brokerDeployment := fmt.Sprintf("druid-%s-%s", druidCR.Name, componentName) - depNamespacedName := types.NamespacedName{Name: brokerDeployment, Namespace: druidCR.Namespace} - - // Match Deployment replicas - By("By getting deployment and checking replicas") - - Eventually(func() bool { - err := k8sClient.Get(ctx, depNamespacedName, createdDeploy) - return err == nil - }, timeout, interval).Should(BeTrue()) - - Expect(*createdDeploy.Spec.Replicas).To(Equal(druidCR.Spec.Nodes[componentName].Replicas)) - - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druidCR.Name, Namespace: druidCR.Namespace}, druid) - return err == nil - }, timeout, interval).Should(BeTrue()) - - By("By updating broker deployment replicas") - replicaCount := 2 - if druidRep, ok := druid.Spec.Nodes[componentName]; ok { - druidRep.Replicas = int32(replicaCount) - druid.Spec.Nodes[componentName] = druidRep - } - // updating CR - Expect(k8sClient.Update(ctx, druid)).Should(Succeed()) - - // Fetch druid CR and check replicas - Eventually(func() bool { - k8sClient.Get(ctx, depNamespacedName, druid) - return druid.Spec.Nodes[componentName].Replicas == 2 - }, timeout, interval).Should(BeTrue()) - - // Fetch deployment and check replicas - Eventually(func() bool { - k8sClient.Get(ctx, depNamespacedName, createdDeploy) - return *createdDeploy.Spec.Replicas == 2 - }, timeout, interval).Should(BeTrue()) - }) - - // Test statefulsets replica count and update the replica count then match - expectedStatefulSets := []string{"coordinators", "historicals", "routers"} - for _, componentName := range expectedStatefulSets { - componentName := componentName - It(fmt.Sprintf("Test statefulset for %s", componentName), func() { - createdSts := &appsv1.StatefulSet{} - stsName := fmt.Sprintf("druid-%s-%s", druidCR.Name, componentName) - stsNamespacedName := types.NamespacedName{Name: stsName, Namespace: druidCR.Namespace} - - // Match statefulset replicas - By(fmt.Sprintf("By getting statefulset and checking replicas for %s ", stsName)) - Eventually(func() bool { - err := k8sClient.Get(ctx, stsNamespacedName, createdSts) - return err == nil - }, timeout, interval).Should(BeTrue()) - Expect(*createdSts.Spec.Replicas).To(Equal(druidCR.Spec.Nodes[componentName].Replicas)) - - By(fmt.Sprintf("By updating statefulset replicas %s ", stsName)) - replicaCount := 2 - if druidRep, ok := druid.Spec.Nodes[componentName]; ok { - druidRep.Replicas = int32(replicaCount) - druid.Spec.Nodes[componentName] = druidRep - } - // updating CR - Expect(k8sClient.Update(ctx, druid)).Should(Succeed()) - - // Fetch druid CR and check replicas - Eventually(func() bool { - k8sClient.Get(ctx, types.NamespacedName{Name: druidCR.Name, Namespace: druidCR.Namespace}, druid) - return druid.Spec.Nodes[componentName].Replicas == 2 - }, timeout, interval).Should(BeTrue()) - - // Fetch statefulset and check replicas - Eventually(func() bool { - k8sClient.Get(ctx, stsNamespacedName, createdSts) - return *createdSts.Spec.Replicas == 2 - }, timeout, interval).Should(BeTrue()) - }) - } - - // Test statefulsets replica count and update the replica count then match - for _, componentName := range druidComponents { - componentName := componentName - It(fmt.Sprintf("Test kubernetes service for %s", componentName), func() { - createdService := &v1.Service{} - serviceName := fmt.Sprintf("druid-%s-%s", druidCR.Name, componentName) - serviceNamespacedName := types.NamespacedName{Name: serviceName, Namespace: druidCR.Namespace} - - // Checking the kubernetes service Type - By(fmt.Sprintf("By checking kubernetes service type %s ", serviceName)) - Eventually(func() bool { - err := k8sClient.Get(ctx, serviceNamespacedName, createdService) - return err == nil - }, timeout, interval).Should(BeTrue()) - Expect(createdService.Spec.Type).To(Equal(druidCR.Spec.Services[0].Spec.Type)) - // Kubernetes service check for targetport and port - By(fmt.Sprintf("By checking kubernetes service port for %s ", serviceName)) - Expect(createdService.Spec.Ports[0].Port).To(Equal(druidCR.Spec.Nodes[componentName].DruidPort)) - Expect(createdService.Spec.Ports[0].TargetPort.IntVal).To(Equal(druidCR.Spec.Nodes[componentName].DruidPort)) - }) - } - // Check for pod distruption budget - It("Test poddisruptionbudget for broker", func() { - componentName := "brokers" - createdPdb := &policyv1.PodDisruptionBudget{} - pdbName := fmt.Sprintf("druid-%s-%s", druidCR.Name, componentName) - pdbNamespacedName := types.NamespacedName{Name: pdbName, Namespace: druidCR.Namespace} - - // Checking the kubernetes service Type - By(fmt.Sprintf("By checking kubernetes poddisruptionbudget for %s ", pdbName)) - - Eventually(func() bool { - err := k8sClient.Get(ctx, pdbNamespacedName, createdPdb) - return err == nil - }, timeout, interval).Should(BeTrue()) - Expect(createdPdb.Spec.MinAvailable).To(Equal(druidCR.Spec.Nodes[componentName].PodDisruptionBudgetSpec.MinAvailable)) - }) - // Check for ingress - It("Test ingress for router", func() { - componentName := "routers" - createdIngress := &netv1.Ingress{} - ingressName := fmt.Sprintf("druid-%s-%s", druidCR.Name, componentName) - ingressNamespacedName := types.NamespacedName{Name: ingressName, Namespace: druidCR.Namespace} - - // Checking the kubernetes service Type - By(fmt.Sprintf("By checking ingress for %s ", ingressName)) - Eventually(func() bool { - err := k8sClient.Get(ctx, ingressNamespacedName, createdIngress) - return err == nil - }, timeout, interval).Should(BeTrue()) - // check host and validate the domain - Expect(createdIngress.Spec.Rules[0].Host).To(Equal(druidCR.Spec.Nodes[componentName].Ingress.Rules[0].Host)) - // check service name - Expect(createdIngress.Spec.Rules[0].HTTP.Paths[0].Backend.Service.Name).To(Equal(druidCR.Spec.Nodes[componentName].Ingress.Rules[0].HTTP.Paths[0].Backend.Service.Name)) - // check service port name - Expect(createdIngress.Spec.Rules[0].HTTP.Paths[0].Backend.Service.Port.Name).To(Equal(druidCR.Spec.Nodes[componentName].Ingress.Rules[0].HTTP.Paths[0].Backend.Service.Port.Name)) - // check ingress path - Expect(createdIngress.Spec.Rules[0].HTTP.Paths[0].Path).To(Equal(druidCR.Spec.Nodes[componentName].Ingress.Rules[0].HTTP.Paths[0].Path)) - // check ingress pathtype - Expect(*createdIngress.Spec.Rules[0].HTTP.Paths[0].PathType).To(Equal(*druidCR.Spec.Nodes[componentName].Ingress.Rules[0].HTTP.Paths[0].PathType)) - // check tls hostname - Expect(createdIngress.Spec.TLS[0].Hosts).To(Equal(druidCR.Spec.Nodes[componentName].Ingress.TLS[0].Hosts)) - // check tls secret name - Expect(createdIngress.Spec.TLS[0].SecretName).To(Equal(druidCR.Spec.Nodes[componentName].Ingress.TLS[0].SecretName)) - }) - // Check for pod distruption budget - It("Test common configmap", func() { - createdConfigMap := &v1.ConfigMap{} - configMapName := fmt.Sprintf("%s-druid-common-config", druidCR.Name) - configMapNamespacedName := types.NamespacedName{Name: configMapName, Namespace: druidCR.Namespace} - - // Checking the kubernetes service Type - By(fmt.Sprintf("By checking common configmap for %s config ", configMapName)) - - Eventually(func() bool { - err := k8sClient.Get(ctx, configMapNamespacedName, createdConfigMap) - return err == nil - }, timeout, interval).Should(BeTrue()) - Expect(createdConfigMap.Data["metricDimensions.json"]).To(Equal(druidCR.Spec.DimensionsMapPath)) - Expect(createdConfigMap.Data["common.runtime.properties"]).To(Equal(druidCR.Spec.CommonRuntimeProperties)) - }) - for _, componentName := range druidComponents { - componentName := componentName - It(fmt.Sprintf("Test configMap for %s", componentName), func() { - createdConfigMap := &v1.ConfigMap{} - configMapName := fmt.Sprintf("druid-%s-%s-config", druidCR.Name, componentName) - configMapNamespacedName := types.NamespacedName{Name: configMapName, Namespace: druidCR.Namespace} - runtimeProperties := fmt.Sprintf("druid.port=%d\n%s", druidCR.Spec.Nodes[componentName].DruidPort, druidCR.Spec.Nodes[componentName].RuntimeProperties) - jvmConfig := fmt.Sprintf("%s\n%s", druidCR.Spec.JvmOptions, druidCR.Spec.Nodes[componentName].ExtraJvmOptions) - // Checking the kubernetes service Type - By(fmt.Sprintf("By checking configmap check for %s config", configMapName)) - Eventually(func() bool { - err := k8sClient.Get(ctx, configMapNamespacedName, createdConfigMap) - return err == nil - }, timeout, interval).Should(BeTrue()) - Expect(createdConfigMap.Data["log4j2.xml"]).To(Equal(druidCR.Spec.Log4jConfig)) - Expect(createdConfigMap.Data["runtime.properties"]).To(Equal(runtimeProperties)) - Expect(createdConfigMap.Data["jvm.config"]).To(Equal(jvmConfig)) - - }) - } - // Check for HPA - It("Test horizontal pod autoscaler for broker", func() { - componentName := "brokers" - createdHpa := &autoscalev2.HorizontalPodAutoscaler{} - hpaName := fmt.Sprintf("druid-%s-%s", druidCR.Name, componentName) - hpaNamespacedName := types.NamespacedName{Name: hpaName, Namespace: druidCR.Namespace} - - // Checking the kubernetes service Type - By(fmt.Sprintf("By checking horizontal pod autoscaler for %s ", hpaName)) - Eventually(func() bool { - err := k8sClient.Get(ctx, hpaNamespacedName, createdHpa) - return err == nil - }, timeout, interval).Should(BeTrue()) - // check for max replicas - Expect(createdHpa.Spec.MaxReplicas).To(Equal(druidCR.Spec.Nodes[componentName].HPAutoScaler.MaxReplicas)) - // check for min replicas - Expect(createdHpa.Spec.MinReplicas).To(Equal(druidCR.Spec.Nodes[componentName].HPAutoScaler.MinReplicas)) - // check for ScaleTargetRef - Expect(createdHpa.Spec.ScaleTargetRef).To(Equal(druidCR.Spec.Nodes[componentName].HPAutoScaler.ScaleTargetRef)) - }) - - }) -}) - -func areStringArraysEqual(a1, a2 []string) bool { - if len(a1) == len(a2) { - for i, v := range a1 { - if v != a2[i] { - return false - } - } - } else { - return false - } - return true -} diff --git a/druid-operator/controllers/druid/dynamic_config.go b/druid-operator/controllers/druid/dynamic_config.go deleted file mode 100644 index 2a11b2ff2c7e..000000000000 --- a/druid-operator/controllers/druid/dynamic_config.go +++ /dev/null @@ -1,177 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "context" - "fmt" - "net/http" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - druidapi "github.com/datainfrahq/druid-operator/pkg/druidapi" - internalhttp "github.com/datainfrahq/druid-operator/pkg/http" - "github.com/datainfrahq/druid-operator/pkg/util" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -// updateDruidDynamicConfigs updates the Druid cluster's dynamic configurations -// for both overlords (middlemanagers) and coordinators. -func updateDruidDynamicConfigs( - ctx context.Context, - client client.Client, - druid *v1alpha1.Druid, - emitEvent EventEmitter, -) error { - nodeTypes := []string{"middlemanagers", "coordinators"} - - for _, nodeType := range nodeTypes { - nodeConfig, exists := druid.Spec.Nodes[nodeType] - if !exists || nodeConfig.DynamicConfig.Size() == 0 { - // Skip if dynamic configurations are not provided for the node type - continue - } - - dynamicConfig := nodeConfig.DynamicConfig.Raw - - svcName, err := druidapi.GetRouterSvcUrl(druid.Namespace, druid.Name, client) - if err != nil { - emitEvent.EmitEventGeneric( - druid, - string(druidGetRouterSvcUrlFailed), - fmt.Sprintf("Failed to get router service URL for %s", nodeType), - err, - ) - return err - } - - basicAuth, err := druidapi.GetAuthCreds( - ctx, - client, - druid.Spec.Auth, - ) - if err != nil { - emitEvent.EmitEventGeneric( - druid, - string(druidGetAuthCredsFailed), - fmt.Sprintf("Failed to get authentication credentials for %s", nodeType), - err, - ) - return err - } - - // Create the HTTP client with basic authentication - httpClient := internalhttp.NewHTTPClient( - &http.Client{}, - &internalhttp.Auth{BasicAuth: basicAuth}, - ) - - // Determine the URL path for dynamic configurations based on the nodeType - var dynamicConfigPath string - switch nodeType { - case "middlemanagers": - dynamicConfigPath = druidapi.MakePath(svcName, "indexer", "worker") - case "coordinators": - dynamicConfigPath = druidapi.MakePath(svcName, "coordinator", "config") - default: - return fmt.Errorf("unsupported node type: %s", nodeType) - } - - // Fetch current dynamic configurations - currentResp, err := httpClient.Do( - http.MethodGet, - dynamicConfigPath, - nil, - ) - if err != nil { - emitEvent.EmitEventGeneric( - druid, - string(druidFetchCurrentConfigsFailed), - fmt.Sprintf("Failed to fetch current %s dynamic configurations", nodeType), - err, - ) - return err - } - if currentResp.StatusCode != http.StatusOK { - err = fmt.Errorf( - "failed to retrieve current Druid %s dynamic configurations. Status code: %d, Response body: %s", - nodeType, currentResp.StatusCode, string(currentResp.ResponseBody), - ) - emitEvent.EmitEventGeneric( - druid, - string(druidFetchCurrentConfigsFailed), - fmt.Sprintf("Failed to fetch current %s dynamic configurations", nodeType), - err, - ) - return err - } - - // Handle empty response body - var currentConfigsJson string - if len(currentResp.ResponseBody) == 0 { - currentConfigsJson = "{}" // Initialize as empty JSON object if response body is empty - } else { - currentConfigsJson = currentResp.ResponseBody - } - - // Compare current and desired configurations - equal, err := util.IncludesJson(currentConfigsJson, string(dynamicConfig)) - if err != nil { - emitEvent.EmitEventGeneric( - druid, - string(druidConfigComparisonFailed), - fmt.Sprintf("Failed to compare %s configurations", nodeType), - err, - ) - return err - } - if equal { - // Configurations are already up-to-date - continue - } - - // Update the Druid cluster's dynamic configurations if needed - respDynamicConfigs, err := httpClient.Do( - http.MethodPost, - dynamicConfigPath, - dynamicConfig, - ) - if err != nil { - emitEvent.EmitEventGeneric( - druid, - string(druidUpdateConfigsFailed), - fmt.Sprintf("Failed to update %s dynamic configurations", nodeType), - err, - ) - return err - } - if respDynamicConfigs.StatusCode != http.StatusOK { - return fmt.Errorf("failed to update Druid %s dynamic configurations", nodeType) - } - - emitEvent.EmitEventGeneric( - druid, - string(druidUpdateConfigsSuccess), - fmt.Sprintf("Successfully updated %s dynamic configurations", nodeType), - nil, - ) - } - - return nil -} diff --git a/druid-operator/controllers/druid/ext/deep_storage_default_ext.go b/druid-operator/controllers/druid/ext/deep_storage_default_ext.go deleted file mode 100644 index e6dc45673e8b..000000000000 --- a/druid-operator/controllers/druid/ext/deep_storage_default_ext.go +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package ext - -type DefaultDeepStorageManager struct { - Properties string `json:"properties"` -} - -func (p *DefaultDeepStorageManager) Configuration() string { - return p.Properties -} diff --git a/druid-operator/controllers/druid/ext/metadata_store_default_ext.go b/druid-operator/controllers/druid/ext/metadata_store_default_ext.go deleted file mode 100644 index 2766fd11c650..000000000000 --- a/druid-operator/controllers/druid/ext/metadata_store_default_ext.go +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package ext - -type DefaultMetadataStoreManager struct { - Properties string `json:"properties"` -} - -func (p *DefaultMetadataStoreManager) Configuration() string { - return p.Properties -} diff --git a/druid-operator/controllers/druid/ext/zookeeper_default_ext.go b/druid-operator/controllers/druid/ext/zookeeper_default_ext.go deleted file mode 100644 index 842cb886bd1f..000000000000 --- a/druid-operator/controllers/druid/ext/zookeeper_default_ext.go +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package ext - -type DefaultZkManager struct { - Properties string `json:"properties"` -} - -func (p *DefaultZkManager) Configuration() string { - return p.Properties -} diff --git a/druid-operator/controllers/druid/finalizers.go b/druid-operator/controllers/druid/finalizers.go deleted file mode 100644 index 432ffdf99c03..000000000000 --- a/druid-operator/controllers/druid/finalizers.go +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "context" - "encoding/json" - "fmt" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - appsv1 "k8s.io/api/apps/v1" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -const ( - deletePVCFinalizerName = "deletepvc.finalizers.druid.apache.org" -) - -var ( - defaultFinalizers []string -) - -func updateFinalizers(ctx context.Context, sdk client.Client, m *v1alpha1.Druid, emitEvents EventEmitter) error { - desiredFinalizers := m.GetFinalizers() - additionFinalizers := defaultFinalizers - - desiredFinalizers = RemoveString(desiredFinalizers, deletePVCFinalizerName) - if !m.Spec.DisablePVCDeletionFinalizer { - additionFinalizers = append(additionFinalizers, deletePVCFinalizerName) - } - - for _, finalizer := range additionFinalizers { - if !ContainsString(desiredFinalizers, finalizer) { - desiredFinalizers = append(desiredFinalizers, finalizer) - } - } - - if !equality.Semantic.DeepEqual(m.GetFinalizers(), desiredFinalizers) { - m.SetFinalizers(desiredFinalizers) - - finalizersBytes, err := json.Marshal(m.GetFinalizers()) - if err != nil { - return fmt.Errorf("failed to serialize finalizers patch to bytes: %v", err) - } - - patch := []byte(fmt.Sprintf(`[{"op": "replace", "path": "/metadata/finalizers", "value": %s}]`, finalizersBytes)) - - err = sdk.Patch(ctx, m, client.RawPatch(types.JSONPatchType, patch)) - if err != nil { - return err - } - - } - - return nil -} - -func executeFinalizers(ctx context.Context, sdk client.Client, m *v1alpha1.Druid, emitEvents EventEmitter) error { - if m.Spec.DisablePVCDeletionFinalizer == false { - if err := executePVCFinalizer(ctx, sdk, m, emitEvents); err != nil { - return err - } - } - return nil -} - -/* -executePVCFinalizer will execute a PVC deletion of all Druid's PVCs. -Flow: - 1. Get sts List and PVC List - 2. Range and Delete sts first and then delete pvc. PVC must be deleted after sts termination has been executed - else pvc finalizer shall block deletion since a pod/sts is referencing it. - 3. Once delete is executed we block program and return. -*/ -func executePVCFinalizer(ctx context.Context, sdk client.Client, druid *v1alpha1.Druid, eventEmitter EventEmitter) error { - if ContainsString(druid.ObjectMeta.Finalizers, deletePVCFinalizerName) { - pvcLabels := map[string]string{ - "druid_cr": druid.Name, - } - - pvcList, err := readers.List(ctx, sdk, druid, pvcLabels, eventEmitter, func() objectList { return &v1.PersistentVolumeClaimList{} }, func(listObj runtime.Object) []object { - items := listObj.(*v1.PersistentVolumeClaimList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }) - if err != nil { - return err - } - - stsList, err := readers.List(ctx, sdk, druid, makeLabelsForDruid(druid), eventEmitter, func() objectList { return &appsv1.StatefulSetList{} }, func(listObj runtime.Object) []object { - items := listObj.(*appsv1.StatefulSetList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }) - if err != nil { - return err - } - - eventEmitter.EmitEventGeneric(druid, string(druidFinalizerTriggered), - fmt.Sprintf("Trigerring finalizer [%s] for CR [%s] in namespace [%s]", deletePVCFinalizerName, druid.Name, druid.Namespace), nil) - - if err = deleteSTSAndPVC(ctx, sdk, druid, stsList, pvcList, eventEmitter); err != nil { - eventEmitter.EmitEventGeneric(druid, string(druidFinalizerFailed), - fmt.Sprintf("Finalizer [%s] failed for CR [%s] in namespace [%s]", deletePVCFinalizerName, druid.Name, druid.Namespace), err) - - return err - } - - eventEmitter.EmitEventGeneric(druid, string(druidFinalizerSuccess), - fmt.Sprintf("Finalizer [%s] success for CR [%s] in namespace [%s]", deletePVCFinalizerName, druid.Name, druid.Namespace), nil) - - // remove our finalizer from the list and update it. - druid.ObjectMeta.Finalizers = RemoveString(druid.ObjectMeta.Finalizers, deletePVCFinalizerName) - - _, err = writers.Update(ctx, sdk, druid, druid, eventEmitter) - if err != nil { - return err - } - - } - return nil -} diff --git a/druid-operator/controllers/druid/finalizers_test.go b/druid-operator/controllers/druid/finalizers_test.go deleted file mode 100644 index a26759e84549..000000000000 --- a/druid-operator/controllers/druid/finalizers_test.go +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "time" - - druidv1alpha1 "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "k8s.io/apimachinery/pkg/types" -) - -// +kubebuilder:docs-gen:collapse=Imports - -/* -finalizers_test -*/ -var _ = Describe("Test finalizers logic", func() { - const ( - filePath = "testdata/finalizers.yaml" - timeout = time.Second * 45 - interval = time.Millisecond * 250 - ) - - var ( - druid = &druidv1alpha1.Druid{} - ) - - Context("When creating a druid cluster", func() { - It("Should create the druid object", func() { - By("Creating a new druid") - druidCR, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - Expect(k8sClient.Create(ctx, druidCR)).To(Succeed()) - - By("Getting a newly created druid") - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druidCR.Name, Namespace: druidCR.Namespace}, druid) - return err == nil - }, timeout, interval).Should(BeTrue()) - }) - It("Should add the delete PVC finalizer", func() { - By("Waiting for the finalizer to be created") - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druid.Name, Namespace: druid.Namespace}, druid) - if err == nil && ContainsString(druid.GetFinalizers(), deletePVCFinalizerName) { - return true - } - return false - }, timeout, interval).Should(BeTrue()) - }) - It("Should delete druid successfully", func() { - By("Waiting for the druid cluster to be deleted") - Expect(k8sClient.Delete(ctx, druid)).To(Succeed()) - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druid.Name, Namespace: druid.Namespace}, druid) - return err != nil - }, timeout, interval).Should(BeTrue()) - }) - }) - - Context("When creating a druid cluster with disablePVCDeletion", func() { - It("Should create the druid object", func() { - By("Creating a new druid") - druidCR, err := readDruidClusterSpecFromFile(filePath) - druidCR.Spec.DisablePVCDeletionFinalizer = true - Expect(err).Should(BeNil()) - Expect(k8sClient.Create(ctx, druidCR)).To(Succeed()) - - By("Getting a newly created druid") - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druidCR.Name, Namespace: druidCR.Namespace}, druid) - return err == nil - }, timeout, interval).Should(BeTrue()) - }) - It("Should not add the delete PVC finalizer", func() { - By("Call for the update finalizer function") - Expect(updateFinalizers(ctx, k8sClient, druid, emitEvent)).Should(BeNil()) - - By("Getting a updated druid") - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druid.Name, Namespace: druid.Namespace}, druid) - return err == nil - }, timeout, interval).Should(BeTrue()) - - By("Checking the absence of the finalizer") - Expect(ContainsString(druid.GetFinalizers(), deletePVCFinalizerName)).Should(BeFalse()) - }) - It("Should delete druid successfully", func() { - Expect(k8sClient.Delete(ctx, druid)).To(Succeed()) - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druid.Name, Namespace: druid.Namespace}, druid) - return err != nil - }, timeout, interval).Should(BeTrue()) - }) - }) - - Context("When creating a druid cluster", func() { - It("Should create the druid object", func() { - By("Creating a new druid") - druidCR, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - Expect(k8sClient.Create(ctx, druidCR)).To(Succeed()) - - By("Getting the CR") - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druidCR.Name, Namespace: druidCR.Namespace}, druid) - return err == nil - }, timeout, interval).Should(BeTrue()) - }) - It("Should add the delete PVC finalizer", func() { - By("Waiting for the finalizer to be created") - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druid.Name, Namespace: druid.Namespace}, druid) - if err == nil && ContainsString(druid.GetFinalizers(), deletePVCFinalizerName) { - return true - } - return false - }, timeout, interval).Should(BeTrue()) - }) - It("Should remove the delete PVC finalizer", func() { - By("Disabling the deletePVC finalizer") - druid.Spec.DisablePVCDeletionFinalizer = true - Expect(k8sClient.Update(ctx, druid)).To(BeNil()) - By("Waiting for the finalizer to be deleted") - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druid.Name, Namespace: druid.Namespace}, druid) - if err == nil && !ContainsString(druid.GetFinalizers(), deletePVCFinalizerName) { - return true - } - return false - }, timeout, interval).Should(BeTrue()) - }) - It("Should delete druid successfully", func() { - Expect(k8sClient.Delete(ctx, druid)).To(Succeed()) - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druid.Name, Namespace: druid.Namespace}, druid) - return err != nil - }, timeout, interval).Should(BeTrue()) - }) - }) -}) diff --git a/druid-operator/controllers/druid/handler.go b/druid-operator/controllers/druid/handler.go deleted file mode 100644 index ae651fc2c2ed..000000000000 --- a/druid-operator/controllers/druid/handler.go +++ /dev/null @@ -1,1429 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "context" - "crypto/sha1" - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "regexp" - "sort" - "strconv" - "time" - - autoscalev2 "k8s.io/api/autoscaling/v2" - networkingv1 "k8s.io/api/networking/v1" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - appsv1 "k8s.io/api/apps/v1" - v1 "k8s.io/api/core/v1" - policyv1 "k8s.io/api/policy/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/intstr" - "sigs.k8s.io/controller-runtime/pkg/client" - logf "sigs.k8s.io/controller-runtime/pkg/log" -) - -const ( - druidOpResourceHash = "druidOpResourceHash" - defaultCommonConfigMountPath = "/druid/conf/druid/_common" - toBeDeletedLabel = "toBeDeleted" - deletionTSLabel = "deletionTS" -) - -var logger = logf.Log.WithName("druid_operator_handler") - -func deployDruidCluster(ctx context.Context, sdk client.Client, m *v1alpha1.Druid, emitEvents EventEmitter) error { - - if err := verifyDruidSpec(m); err != nil { - e := fmt.Errorf("invalid DruidSpec[%s:%s] due to [%s]", m.Kind, m.Name, err.Error()) - emitEvents.EmitEventGeneric(m, "DruidOperatorInvalidSpec", "", e) - return nil - } - - allNodeSpecs := getNodeSpecsByOrder(m) - - statefulSetNames := make(map[string]bool) - deploymentNames := make(map[string]bool) - serviceNames := make(map[string]bool) - configMapNames := make(map[string]bool) - podDisruptionBudgetNames := make(map[string]bool) - hpaNames := make(map[string]bool) - ingressNames := make(map[string]bool) - pvcNames := make(map[string]bool) - - ls := makeLabelsForDruid(m) - - commonConfig, err := makeCommonConfigMap(ctx, sdk, m, ls) - if err != nil { - return err - } - commonConfigSHA, err := getObjectHash(commonConfig) - if err != nil { - return err - } - - if _, err := sdkCreateOrUpdateAsNeeded(ctx, sdk, - func() (object, error) { return makeCommonConfigMap(ctx, sdk, m, ls) }, - func() object { return &v1.ConfigMap{} }, - alwaysTrueIsEqualsFn, noopUpdaterFn, m, configMapNames, emitEvents); err != nil { - return err - } - - if m.GetDeletionTimestamp() != nil { - return executeFinalizers(ctx, sdk, m, emitEvents) - } - - if err := updateFinalizers(ctx, sdk, m, emitEvents); err != nil { - return err - } - - for _, elem := range allNodeSpecs { - key := elem.key - nodeSpec := elem.spec - - //Name in k8s must pass regex '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - //So this unique string must follow same. - nodeSpecUniqueStr := makeNodeSpecificUniqueString(m, key) - - lm := makeLabelsForNodeSpec(&nodeSpec, m, m.Name, nodeSpecUniqueStr) - - // create configmap first - nodeConfig, err := makeConfigMapForNodeSpec(&nodeSpec, m, lm, nodeSpecUniqueStr) - if err != nil { - return err - } - - nodeConfigSHA, err := getObjectHash(nodeConfig) - if err != nil { - return err - } - - if _, err := sdkCreateOrUpdateAsNeeded(ctx, sdk, - func() (object, error) { return nodeConfig, nil }, - func() object { return &v1.ConfigMap{} }, - alwaysTrueIsEqualsFn, noopUpdaterFn, m, configMapNames, emitEvents); err != nil { - return err - } - - //create services before creating statefulset - firstServiceName := "" - services := firstNonNilValue(nodeSpec.Services, m.Spec.Services).([]v1.Service) - for _, svc := range services { - if _, err := sdkCreateOrUpdateAsNeeded(ctx, sdk, - func() (object, error) { return makeService(&svc, &nodeSpec, m, lm, nodeSpecUniqueStr) }, - func() object { return &v1.Service{} }, alwaysTrueIsEqualsFn, - func(prev, curr object) { (curr.(*v1.Service)).Spec.ClusterIP = (prev.(*v1.Service)).Spec.ClusterIP }, - m, serviceNames, emitEvents); err != nil { - return err - } - if firstServiceName == "" { - firstServiceName = svc.ObjectMeta.Name - } - } - - nodeSpec.Ports = append(nodeSpec.Ports, v1.ContainerPort{ContainerPort: nodeSpec.DruidPort, Name: "druid-port"}) - - if nodeSpec.Kind == "Deployment" { - if deployCreateUpdateStatus, err := sdkCreateOrUpdateAsNeeded(ctx, sdk, - func() (object, error) { - return makeDeployment(&nodeSpec, m, lm, nodeSpecUniqueStr, fmt.Sprintf("%s-%s", commonConfigSHA, nodeConfigSHA), firstServiceName) - }, - func() object { return &appsv1.Deployment{} }, - deploymentIsEquals, noopUpdaterFn, m, deploymentNames, emitEvents); err != nil { - return err - } else if m.Spec.RollingDeploy { - - if deployCreateUpdateStatus == resourceUpdated { - return nil - } - - // Ignore isObjFullyDeployed() for the first iteration ie cluster creation - // will force cluster creation in parallel, post first iteration rolling updates - // will be sequential. - if m.Generation > 1 { - // Check Deployment rolling update status, if in-progress then stop here - done, err := isObjFullyDeployed(ctx, sdk, nodeSpec, nodeSpecUniqueStr, m, func() object { return &appsv1.Deployment{} }, emitEvents) - if !done { - return err - } - } - } - } else { - - // scalePVCForSTS to be called only if volumeExpansion is supported by the storage class. - // Ignore for the first iteration ie cluster creation, else get sts shall unnecessary log errors. - - if m.Generation > 1 && m.Spec.ScalePvcSts { - if err := expandStatefulSetVolumes(ctx, sdk, m, &nodeSpec, emitEvents, nodeSpecUniqueStr); err != nil { - return err - } - } - - // Create/Update StatefulSet - if stsCreateUpdateStatus, err := sdkCreateOrUpdateAsNeeded(ctx, sdk, - func() (object, error) { - return makeStatefulSet(&nodeSpec, m, lm, nodeSpecUniqueStr, fmt.Sprintf("%s-%s", commonConfigSHA, nodeConfigSHA), firstServiceName) - }, - func() object { return &appsv1.StatefulSet{} }, - statefulSetIsEquals, noopUpdaterFn, m, statefulSetNames, emitEvents); err != nil { - return err - } else if m.Spec.RollingDeploy { - - if stsCreateUpdateStatus == resourceUpdated { - // we just updated, give sts controller some time to update status of replicas after update - return nil - } - - // Default is set to true - execCheckCrashStatus(ctx, sdk, &nodeSpec, m, nodeSpecUniqueStr, emitEvents) - - // Ignore isObjFullyDeployed() for the first iteration ie cluster creation - // will force cluster creation in parallel, post first iteration rolling updates - // will be sequential. - if m.Generation > 1 { - //Check StatefulSet rolling update status, if in-progress then stop here - done, err := isObjFullyDeployed(ctx, sdk, nodeSpec, nodeSpecUniqueStr, m, func() object { return &appsv1.StatefulSet{} }, emitEvents) - if !done { - return err - } - } - } - - // Default is set to true - execCheckCrashStatus(ctx, sdk, &nodeSpec, m, nodeSpecUniqueStr, emitEvents) - } - - // Create Ingress Spec - if nodeSpec.Ingress != nil { - if _, err := sdkCreateOrUpdateAsNeeded(ctx, sdk, - func() (object, error) { - return makeIngress(&nodeSpec, m, ls, nodeSpecUniqueStr) - }, - func() object { return &networkingv1.Ingress{} }, - alwaysTrueIsEqualsFn, noopUpdaterFn, m, ingressNames, emitEvents); err != nil { - return err - } - } - - // Create PodDisruptionBudget - if nodeSpec.PodDisruptionBudgetSpec != nil { - if _, err := sdkCreateOrUpdateAsNeeded(ctx, sdk, - func() (object, error) { return makePodDisruptionBudget(&nodeSpec, m, lm, nodeSpecUniqueStr) }, - func() object { return &policyv1.PodDisruptionBudget{} }, - alwaysTrueIsEqualsFn, noopUpdaterFn, m, podDisruptionBudgetNames, emitEvents); err != nil { - return err - } - } - - // Create HPA Spec - if nodeSpec.HPAutoScaler != nil { - if _, err := sdkCreateOrUpdateAsNeeded(ctx, sdk, - func() (object, error) { - return makeHorizontalPodAutoscaler(&nodeSpec, m, ls, nodeSpecUniqueStr) - }, - func() object { return &autoscalev2.HorizontalPodAutoscaler{} }, - alwaysTrueIsEqualsFn, noopUpdaterFn, m, hpaNames, emitEvents); err != nil { - return err - } - } - - if nodeSpec.PersistentVolumeClaim != nil { - for _, pvc := range nodeSpec.PersistentVolumeClaim { - if _, err := sdkCreateOrUpdateAsNeeded(ctx, sdk, - func() (object, error) { return makePersistentVolumeClaim(&pvc, &nodeSpec, m, lm, nodeSpecUniqueStr) }, - func() object { return &v1.PersistentVolumeClaim{} }, alwaysTrueIsEqualsFn, - noopUpdaterFn, - m, pvcNames, emitEvents); err != nil { - return err - } - } - } - } - - // Ignore on cluster creation - if m.Generation > 1 && m.Spec.DeleteOrphanPvc { - if err := deleteOrphanPVC(ctx, sdk, m, emitEvents); err != nil { - return err - } - } - - //update status and delete unwanted resources - updatedStatus := v1alpha1.DruidClusterStatus{} - - updatedStatus.StatefulSets = deleteUnusedResources(ctx, sdk, m, statefulSetNames, ls, - func() objectList { return &appsv1.StatefulSetList{} }, - func(listObj runtime.Object) []object { - items := listObj.(*appsv1.StatefulSetList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }, emitEvents) - sort.Strings(updatedStatus.StatefulSets) - - updatedStatus.Deployments = deleteUnusedResources(ctx, sdk, m, deploymentNames, ls, - func() objectList { return &appsv1.DeploymentList{} }, - func(listObj runtime.Object) []object { - items := listObj.(*appsv1.DeploymentList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }, emitEvents) - sort.Strings(updatedStatus.Deployments) - - updatedStatus.HPAutoScalers = deleteUnusedResources(ctx, sdk, m, hpaNames, ls, - func() objectList { return &autoscalev2.HorizontalPodAutoscalerList{} }, - func(listObj runtime.Object) []object { - items := listObj.(*autoscalev2.HorizontalPodAutoscalerList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }, emitEvents) - sort.Strings(updatedStatus.HPAutoScalers) - - updatedStatus.Ingress = deleteUnusedResources(ctx, sdk, m, ingressNames, ls, - func() objectList { return &networkingv1.IngressList{} }, - func(listObj runtime.Object) []object { - items := listObj.(*networkingv1.IngressList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }, emitEvents) - sort.Strings(updatedStatus.Ingress) - - updatedStatus.PodDisruptionBudgets = deleteUnusedResources(ctx, sdk, m, podDisruptionBudgetNames, ls, - func() objectList { return &policyv1.PodDisruptionBudgetList{} }, - func(listObj runtime.Object) []object { - items := listObj.(*policyv1.PodDisruptionBudgetList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }, emitEvents) - sort.Strings(updatedStatus.PodDisruptionBudgets) - - updatedStatus.Services = deleteUnusedResources(ctx, sdk, m, serviceNames, ls, - func() objectList { return &v1.ServiceList{} }, - func(listObj runtime.Object) []object { - items := listObj.(*v1.ServiceList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }, emitEvents) - sort.Strings(updatedStatus.Services) - - updatedStatus.ConfigMaps = deleteUnusedResources(ctx, sdk, m, configMapNames, ls, - func() objectList { return &v1.ConfigMapList{} }, - func(listObj runtime.Object) []object { - items := listObj.(*v1.ConfigMapList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }, emitEvents) - sort.Strings(updatedStatus.ConfigMaps) - - podList, _ := readers.List(ctx, sdk, m, makeLabelsForDruid(m), emitEvents, func() objectList { return &v1.PodList{} }, func(listObj runtime.Object) []object { - items := listObj.(*v1.PodList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }) - - updatedStatus.Pods = getPodNames(podList) - sort.Strings(updatedStatus.Pods) - - // All druid nodes are in Ready state. - // In case any druid node goes into a bad state, it shall be handled in above rollingDeploy block - updatedStatus.DruidNodeStatus = *newDruidNodeTypeStatus(v1.ConditionTrue, v1alpha1.DruidClusterReady, "", nil) - - // In case of rolling Deploy not present OR any error not catched in the above block, check the pod ready - // state and condition and patch the status with the CR - for _, po := range podList { - for _, c := range po.(*v1.Pod).Status.Conditions { - if c.Type == v1.PodReady && c.Status == v1.ConditionFalse { - updatedStatus.DruidNodeStatus = *newDruidNodeTypeStatus(v1.ConditionTrue, v1alpha1.DruidNodeErrorState, po.GetName(), errors.New(c.Reason)) - } - } - } - - err = druidClusterStatusPatcher(ctx, sdk, updatedStatus, m, emitEvents) - if err != nil { - return err - } - - return nil -} - -func deleteSTSAndPVC(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, stsList, pvcList []object, emitEvents EventEmitter) error { - - for _, sts := range stsList { - err := writers.Delete(ctx, sdk, drd, sts, emitEvents, &client.DeleteAllOfOptions{}) - if err != nil { - return err - } - } - - for i := range pvcList { - err := writers.Delete(ctx, sdk, drd, pvcList[i], emitEvents, &client.DeleteAllOfOptions{}) - if err != nil { - return err - } - } - - return nil -} - -func checkIfCRExists(ctx context.Context, sdk client.Client, m *v1alpha1.Druid, emitEvents EventEmitter) bool { - _, err := readers.Get(ctx, sdk, m.Name, m, func() object { return &v1alpha1.Druid{} }, emitEvents) - if err != nil { - return false - } else { - return true - } -} - -func deleteOrphanPVC(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, emitEvents EventEmitter) error { - - podList, err := readers.List(ctx, sdk, drd, makeLabelsForDruid(drd), emitEvents, func() objectList { return &v1.PodList{} }, func(listObj runtime.Object) []object { - items := listObj.(*v1.PodList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }) - if err != nil { - return err - } - - pvcLabels := map[string]string{ - "druid_cr": drd.Name, - } - - pvcList, err := readers.List(ctx, sdk, drd, pvcLabels, emitEvents, func() objectList { return &v1.PersistentVolumeClaimList{} }, func(listObj runtime.Object) []object { - items := listObj.(*v1.PersistentVolumeClaimList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }) - if err != nil { - return err - } - - // Fix: https://github.com/datainfrahq/druid-operator/issues/149 - for _, pod := range podList { - if pod.(*v1.Pod).Status.Phase != v1.PodRunning { - return nil - } - for _, status := range pod.(*v1.Pod).Status.Conditions { - if status.Status != v1.ConditionTrue { - return nil - } - } - } - - mountedPVC := make([]string, len(podList)) - for _, pod := range podList { - if pod.(*v1.Pod).Spec.Volumes != nil { - for _, vol := range pod.(*v1.Pod).Spec.Volumes { - if vol.PersistentVolumeClaim != nil && pod.(*v1.Pod).Status.Phase != v1.PodPending { - if !ContainsString(mountedPVC, vol.PersistentVolumeClaim.ClaimName) { - mountedPVC = append(mountedPVC, vol.PersistentVolumeClaim.ClaimName) - } - } - } - } - - } - - if mountedPVC != nil { - for i, pvc := range pvcList { - - if !ContainsString(mountedPVC, pvc.GetName()) { - - if _, ok := pvc.GetLabels()[toBeDeletedLabel]; ok { - err := checkPVCLabelsAndDelete(ctx, sdk, drd, emitEvents, pvcList[i]) - if err != nil { - return err - } - } else { - // set labels when pvc comes for deletion for the first time - getPvcLabels := pvc.GetLabels() - getPvcLabels[toBeDeletedLabel] = "yes" - getPvcLabels[deletionTSLabel] = strconv.FormatInt(time.Now().Unix(), 10) - - err = setPVCLabels(ctx, sdk, drd, emitEvents, pvcList[i], getPvcLabels, true) - if err != nil { - return err - } - } - } else { - // do not delete pvc - if _, ok := pvc.GetLabels()[toBeDeletedLabel]; ok { - getPvcLabels := pvc.GetLabels() - delete(getPvcLabels, toBeDeletedLabel) - delete(getPvcLabels, deletionTSLabel) - - err = setPVCLabels(ctx, sdk, drd, emitEvents, pvcList[i], getPvcLabels, false) - if err != nil { - return err - } - } - } - } - } - return nil -} - -func checkPVCLabelsAndDelete(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, emitEvents EventEmitter, pvc object) error { - deletionTS := pvc.GetLabels()[deletionTSLabel] - - parsedDeletionTS, err := strconv.ParseInt(deletionTS, 10, 64) - - if err != nil { - msg := fmt.Sprintf("Unable to parse label %s [%s:%s]", deletionTSLabel, deletionTS, pvc.GetName()) - logger.Info(msg, "name", drd.Name, "namespace", drd.Namespace) - return err - } - - timeNow := time.Now().Unix() - timeDiff := timeDifference(parsedDeletionTS, timeNow) - - if timeDiff >= int64(time.Second/time.Second)*60 { - // delete pvc - err = writers.Delete(ctx, sdk, drd, pvc, emitEvents, &client.DeleteAllOfOptions{}) - if err != nil { - return err - } else { - msg := fmt.Sprintf("Deleted orphaned pvc [%s:%s] successfully", pvc.GetName(), drd.Namespace) - logger.Info(msg, "name", drd.Name, "namespace", drd.Namespace) - } - } else { - // wait for 60s - msg := fmt.Sprintf("pvc [%s:%s] marked to be deleted after %ds", pvc.GetName(), drd.Namespace, 60-timeDiff) - logger.Info(msg, "name", drd.Name, "namespace", drd.Namespace) - } - return nil -} - -func setPVCLabels(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, emitEvents EventEmitter, pvc object, labels map[string]string, isSetLabel bool) error { - - pvc.SetLabels(labels) - _, err := writers.Update(ctx, sdk, drd, pvc, emitEvents) - if err != nil { - return err - } else { - if isSetLabel { - msg := fmt.Sprintf("marked pvc for deletion , added labels %s and %s successfully [%s]", toBeDeletedLabel, deletionTSLabel, pvc.GetName()) - logger.Info(msg, "name", drd.Name, "namespace", drd.Namespace) - } else { - msg := fmt.Sprintf("unmarked pvc for deletion, removed labels %s and %s successfully in pvc [%s]", toBeDeletedLabel, deletionTSLabel, pvc.GetName()) - logger.Info(msg, "name", drd.Name, "namespace", drd.Namespace) - } - } - return nil -} - -func execCheckCrashStatus(ctx context.Context, sdk client.Client, nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, nodeSpecUniqueStr string, event EventEmitter) { - if m.Spec.ForceDeleteStsPodOnError == false { - return - } else { - if nodeSpec.PodManagementPolicy == "OrderedReady" { - checkCrashStatus(ctx, sdk, nodeSpec, m, nodeSpecUniqueStr, event) - } - } -} - -func checkCrashStatus(ctx context.Context, sdk client.Client, nodeSpec *v1alpha1.DruidNodeSpec, drd *v1alpha1.Druid, nodeSpecUniqueStr string, emitEvents EventEmitter) error { - - podList, err := readers.List(ctx, sdk, drd, makeLabelsForNodeSpec(nodeSpec, drd, drd.Name, nodeSpecUniqueStr), emitEvents, func() objectList { return &v1.PodList{} }, func(listObj runtime.Object) []object { - items := listObj.(*v1.PodList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }) - if err != nil { - return err - } - - // the below condition evalutes if a pod is in - // 1. failed state 2. unknown state - // OR condtion.status is false which evalutes if neither of these conditions are met - // 1. ContainersReady 2. PodInitialized 3. PodReady 4. PodScheduled - for _, p := range podList { - if p.(*v1.Pod).Status.Phase == v1.PodFailed || p.(*v1.Pod).Status.Phase == v1.PodUnknown { - err := writers.Delete(ctx, sdk, drd, p, emitEvents, &client.DeleteOptions{}) - if err != nil { - return err - } - msg := fmt.Sprintf("Deleted pod [%s] in namespace [%s], since it was in [%s] state.", p.GetName(), p.GetNamespace(), p.(*v1.Pod).Status.Phase) - logger.Info(msg, "Object", stringifyForLogging(p, drd), "name", drd.Name, "namespace", drd.Namespace) - } else { - for _, condition := range p.(*v1.Pod).Status.Conditions { - if condition.Type == v1.ContainersReady { - if condition.Status == v1.ConditionFalse { - for _, containerStatus := range p.(*v1.Pod).Status.ContainerStatuses { - if containerStatus.RestartCount > 1 { - err := writers.Delete(ctx, sdk, drd, p, emitEvents, &client.DeleteOptions{}) - if err != nil { - return err - } - msg := fmt.Sprintf("Deleted pod [%s] in namespace [%s], since the container [%s] was crashlooping.", p.GetName(), p.GetNamespace(), containerStatus.Name) - logger.Info(msg, "Object", stringifyForLogging(p, drd), "name", drd.Name, "namespace", drd.Namespace) - } - } - } - } - } - } - } - - return nil -} - -func deleteUnusedResources(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, - names map[string]bool, selectorLabels map[string]string, emptyListObjFn func() objectList, itemsExtractorFn func(obj runtime.Object) []object, emitEvents EventEmitter) []string { - - listOpts := []client.ListOption{ - client.InNamespace(drd.Namespace), - client.MatchingLabels(selectorLabels), - } - - survivorNames := make([]string, 0, len(names)) - - listObj := emptyListObjFn() - - if err := sdk.List(ctx, listObj, listOpts...); err != nil { - e := fmt.Errorf("failed to list [%s] due to [%s]", listObj.GetObjectKind().GroupVersionKind().Kind, err.Error()) - logger.Error(e, e.Error(), "name", drd.Name, "namespace", drd.Namespace) - } else { - for _, s := range itemsExtractorFn(listObj) { - if names[s.GetName()] == false { - err := writers.Delete(ctx, sdk, drd, s, emitEvents, &client.DeleteOptions{}) - if err != nil { - survivorNames = append(survivorNames, s.GetName()) - } - } else { - survivorNames = append(survivorNames, s.GetName()) - } - } - } - - return survivorNames -} - -func alwaysTrueIsEqualsFn(prev, curr object) bool { - return true -} - -func noopUpdaterFn(prev, curr object) { - // do nothing -} - -func sdkCreateOrUpdateAsNeeded( - ctx context.Context, - sdk client.Client, - objFn func() (object, error), - emptyObjFn func() object, - isEqualFn func(prev, curr object) bool, - updaterFn func(prev, curr object), - drd *v1alpha1.Druid, - names map[string]bool, - emitEvent EventEmitter) (DruidNodeStatus, error) { - - if obj, err := objFn(); err != nil { - return "", err - } else { - names[obj.GetName()] = true - - addOwnerRefToObject(obj, asOwner(drd)) - addHashToObject(obj) - - prevObj := emptyObjFn() - if err := sdk.Get(ctx, *namespacedName(obj.GetName(), obj.GetNamespace()), prevObj); err != nil { - if apierrors.IsNotFound(err) { - // resource does not exist, create it. - create, err := writers.Create(ctx, sdk, drd, obj, emitEvent) - if err != nil { - return "", err - } else { - return create, nil - } - } else { - e := fmt.Errorf("Failed to get [%s:%s] due to [%s].", obj.GetObjectKind().GroupVersionKind().Kind, obj.GetName(), err.Error()) - logger.Error(e, e.Error(), "Prev object", stringifyForLogging(prevObj, drd), "name", drd.Name, "namespace", drd.Namespace) - emitEvent.EmitEventGeneric(drd, string(druidOjectGetFail), "", err) - return "", e - } - } else { - // resource already exists, updated it if needed - if obj.GetAnnotations()[druidOpResourceHash] != prevObj.GetAnnotations()[druidOpResourceHash] || !isEqualFn(prevObj, obj) { - - obj.SetResourceVersion(prevObj.GetResourceVersion()) - updaterFn(prevObj, obj) - update, err := writers.Update(ctx, sdk, drd, obj, emitEvent) - if err != nil { - return "", err - } else { - return update, err - } - } else { - return "", nil - } - } - } -} - -func isObjFullyDeployed(ctx context.Context, sdk client.Client, nodeSpec v1alpha1.DruidNodeSpec, nodeSpecUniqueStr string, drd *v1alpha1.Druid, emptyObjFn func() object, emitEvent EventEmitter) (bool, error) { - - // Get Object - obj, err := readers.Get(ctx, sdk, nodeSpecUniqueStr, drd, emptyObjFn, emitEvent) - if err != nil { - return false, err - } - - // In case obj is a statefulset or deployment, make sure the sts/deployment has successfully reconciled to desired state - // TODO: @AdheipSingh once https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/apps/types.go#L217 k8s conditions detect sts fail errors. - if detectType(obj) == "*v1.StatefulSet" { - if obj.(*appsv1.StatefulSet).Status.CurrentRevision != obj.(*appsv1.StatefulSet).Status.UpdateRevision { - return false, nil - } else if obj.(*appsv1.StatefulSet).Status.CurrentReplicas != obj.(*appsv1.StatefulSet).Status.ReadyReplicas { - return false, nil - } else { - return obj.(*appsv1.StatefulSet).Status.CurrentRevision == obj.(*appsv1.StatefulSet).Status.UpdateRevision, nil - } - } else if detectType(obj) == "*v1.Deployment" { - for _, condition := range obj.(*appsv1.Deployment).Status.Conditions { - // This detects a failure condition, operator should send a rolling deployment failed event - if condition.Type == appsv1.DeploymentReplicaFailure { - return false, errors.New(condition.Reason) - } else if condition.Type == appsv1.DeploymentProgressing && condition.Status != v1.ConditionTrue || obj.(*appsv1.Deployment).Status.ReadyReplicas != obj.(*appsv1.Deployment).Status.Replicas { - return false, nil - } else { - return obj.(*appsv1.Deployment).Status.ReadyReplicas == obj.(*appsv1.Deployment).Status.Replicas, nil - } - } - } - return false, nil -} - -// desVolumeClaimTemplateSize: the druid CR holds this value for a sts volumeclaimtemplate -// currVolumeClaimTemplateSize: the sts owned by druid CR holds this value in volumeclaimtemplate -// pvcSize: the pvc referenced by the sts holds this value -// type of vars is resource.Quantity. ref: https://godoc.org/k8s.io/apimachinery/pkg/api/resource -func getVolumeClaimTemplateSizes(sts object, nodeSpec *v1alpha1.DruidNodeSpec, pvc []object) (desVolumeClaimTemplateSize, currVolumeClaimTemplateSize, pvcSize []resource.Quantity) { - - for i := range nodeSpec.VolumeClaimTemplates { - desVolumeClaimTemplateSize = append(desVolumeClaimTemplateSize, nodeSpec.VolumeClaimTemplates[i].Spec.Resources.Requests[v1.ResourceStorage]) - } - - for i := range sts.(*appsv1.StatefulSet).Spec.VolumeClaimTemplates { - currVolumeClaimTemplateSize = append(currVolumeClaimTemplateSize, sts.(*appsv1.StatefulSet).Spec.VolumeClaimTemplates[i].Spec.Resources.Requests[v1.ResourceStorage]) - } - - for i := range pvc { - pvcSize = append(pvcSize, pvc[i].(*v1.PersistentVolumeClaim).Spec.Resources.Requests[v1.ResourceStorage]) - } - - return desVolumeClaimTemplateSize, currVolumeClaimTemplateSize, pvcSize - -} - -func stringifyForLogging(obj object, drd *v1alpha1.Druid) string { - if bytes, err := json.Marshal(obj); err != nil { - logger.Error(err, err.Error(), fmt.Sprintf("Failed to serialize [%s:%s]", obj.GetObjectKind().GroupVersionKind().Kind, obj.GetName()), "name", drd.Name, "namespace", drd.Namespace) - return fmt.Sprintf("%v", obj) - } else { - return string(bytes) - } - -} - -func addHashToObject(obj object) error { - if sha, err := getObjectHash(obj); err != nil { - return err - } else { - annotations := obj.GetAnnotations() - if annotations == nil { - annotations = make(map[string]string) - obj.SetAnnotations(annotations) - } - annotations[druidOpResourceHash] = sha - return nil - } -} - -func getObjectHash(obj object) (string, error) { - if bytes, err := json.Marshal(obj); err != nil { - return "", err - } else { - sha1Bytes := sha1.Sum(bytes) - return base64.StdEncoding.EncodeToString(sha1Bytes[:]), nil - } -} - -func makeNodeSpecificUniqueString(m *v1alpha1.Druid, key string) string { - return fmt.Sprintf("druid-%s-%s", m.Name, key) -} - -func makeService(svc *v1.Service, nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, ls map[string]string, nodeSpecUniqueStr string) (*v1.Service, error) { - svc.TypeMeta = metav1.TypeMeta{ - APIVersion: "v1", - Kind: "Service", - } - - svc.ObjectMeta.Name = getServiceName(svc.ObjectMeta.Name, nodeSpecUniqueStr) - - svc.ObjectMeta.Namespace = m.Namespace - - if svc.ObjectMeta.Labels == nil { - svc.ObjectMeta.Labels = ls - } else { - for k, v := range ls { - svc.ObjectMeta.Labels[k] = v - } - } - - if svc.Spec.Selector == nil { - svc.Spec.Selector = ls - } else { - for k, v := range ls { - svc.Spec.Selector[k] = v - } - } - - if svc.Spec.Ports == nil { - svc.Spec.Ports = []v1.ServicePort{ - { - Name: "service-port", - Port: nodeSpec.DruidPort, - TargetPort: intstr.FromInt(int(nodeSpec.DruidPort)), - }, - } - } - - return svc, nil -} - -func getServiceName(nameTemplate, nodeSpecUniqueStr string) string { - if nameTemplate == "" { - return nodeSpecUniqueStr - } else { - return fmt.Sprintf(nameTemplate, nodeSpecUniqueStr) - } -} - -func getPersistentVolumeClaim(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid) []v1.PersistentVolumeClaim { - pvc := []v1.PersistentVolumeClaim{} - - for _, val := range m.Spec.VolumeClaimTemplates { - pvc = append(pvc, val) - } - - for _, val := range nodeSpec.VolumeClaimTemplates { - pvc = append(pvc, val) - } - - return pvc - -} - -func getVolumeMounts(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid) []v1.VolumeMount { - volumeMount := []v1.VolumeMount{ - { - MountPath: firstNonEmptyStr(m.Spec.CommonConfigMountPath, defaultCommonConfigMountPath), - Name: "common-config-volume", - ReadOnly: true, - }, - { - MountPath: firstNonEmptyStr(nodeSpec.NodeConfigMountPath, getNodeConfigMountPath(nodeSpec)), - Name: "nodetype-config-volume", - ReadOnly: true, - }, - } - - volumeMount = append(volumeMount, m.Spec.VolumeMounts...) - volumeMount = append(volumeMount, nodeSpec.VolumeMounts...) - return volumeMount -} - -func getTolerations(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid) []v1.Toleration { - tolerations := []v1.Toleration{} - - for _, val := range m.Spec.Tolerations { - tolerations = append(tolerations, val) - } - for _, val := range nodeSpec.Tolerations { - tolerations = append(tolerations, val) - } - - return tolerations -} - -func getTopologySpreadConstraints(nodeSpec *v1alpha1.DruidNodeSpec) []v1.TopologySpreadConstraint { - var topologySpreadConstraint []v1.TopologySpreadConstraint - - for _, val := range nodeSpec.TopologySpreadConstraints { - topologySpreadConstraint = append(topologySpreadConstraint, val) - } - - return topologySpreadConstraint -} - -func getVolume(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, nodeSpecUniqueStr string) []v1.Volume { - volumesHolder := []v1.Volume{ - { - Name: "common-config-volume", - VolumeSource: v1.VolumeSource{ - ConfigMap: &v1.ConfigMapVolumeSource{ - LocalObjectReference: v1.LocalObjectReference{ - Name: fmt.Sprintf("%s-druid-common-config", m.ObjectMeta.Name), - }, - }}, - }, - { - Name: "nodetype-config-volume", - VolumeSource: v1.VolumeSource{ - ConfigMap: &v1.ConfigMapVolumeSource{ - LocalObjectReference: v1.LocalObjectReference{ - Name: fmt.Sprintf("%s-config", nodeSpecUniqueStr), - }, - }, - }, - }, - } - volumesHolder = append(volumesHolder, m.Spec.Volumes...) - volumesHolder = append(volumesHolder, nodeSpec.Volumes...) - return volumesHolder -} - -func getEnv(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, configMapSHA string) []v1.EnvVar { - envHolder := firstNonNilValue(nodeSpec.Env, m.Spec.Env).([]v1.EnvVar) - // enables to do the trick to force redeployment in case of configmap changes. - envHolder = append(envHolder, v1.EnvVar{Name: "configMapSHA", Value: configMapSHA}) - - return envHolder -} - -func getAffinity(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid) *v1.Affinity { - affinity := firstNonNilValue(m.Spec.Affinity, &v1.Affinity{}).(*v1.Affinity) - affinity = firstNonNilValue(nodeSpec.Affinity, affinity).(*v1.Affinity) - return affinity -} - -func setLivenessProbe(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid) *v1.Probe { - probeType := "liveness" - livenessProbe := updateDefaultPortInProbe( - firstNonNilValue(nodeSpec.LivenessProbe, m.Spec.LivenessProbe).(*v1.Probe), - nodeSpec.DruidPort) - if livenessProbe == nil && m.Spec.DefaultProbes { - livenessProbe = setDefaultProbe(nodeSpec.DruidPort, nodeSpec.NodeType, probeType) - } - return livenessProbe -} - -func setReadinessProbe(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid) *v1.Probe { - probeType := "readiness" - readinessProbe := updateDefaultPortInProbe( - firstNonNilValue(nodeSpec.ReadinessProbe, m.Spec.ReadinessProbe).(*v1.Probe), - nodeSpec.DruidPort) - if readinessProbe == nil && m.Spec.DefaultProbes { - readinessProbe = setDefaultProbe(nodeSpec.DruidPort, nodeSpec.NodeType, probeType) - } - return readinessProbe -} - -func setStartUpProbe(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid) *v1.Probe { - probeType := "startup" - startUpProbe := updateDefaultPortInProbe( - firstNonNilValue(nodeSpec.StartUpProbe, m.Spec.StartUpProbe).(*v1.Probe), - nodeSpec.DruidPort) - if startUpProbe == nil && m.Spec.DefaultProbes { - startUpProbe = setDefaultProbe(nodeSpec.DruidPort, nodeSpec.NodeType, probeType) - } - return startUpProbe -} - -func getEnvFrom(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid) []v1.EnvFromSource { - envFromHolder := firstNonNilValue(nodeSpec.EnvFrom, m.Spec.EnvFrom).([]v1.EnvFromSource) - return envFromHolder -} - -func getRollingUpdateStrategy(nodeSpec *v1alpha1.DruidNodeSpec) *appsv1.RollingUpdateDeployment { - var nil *int32 = nil - if nodeSpec.MaxSurge != nil || nodeSpec.MaxUnavailable != nil { - return &appsv1.RollingUpdateDeployment{ - MaxUnavailable: &intstr.IntOrString{ - IntVal: *nodeSpec.MaxUnavailable, - }, - MaxSurge: &intstr.IntOrString{ - IntVal: *nodeSpec.MaxSurge, - }, - } - } - return &appsv1.RollingUpdateDeployment{} - -} - -// makeStatefulSet shall create statefulset object. -func makeStatefulSet(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, ls map[string]string, nodeSpecUniqueStr, configMapSHA, serviceName string) (*appsv1.StatefulSet, error) { - - return &appsv1.StatefulSet{ - TypeMeta: metav1.TypeMeta{ - Kind: "StatefulSet", - APIVersion: "apps/v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: fmt.Sprintf("%s", nodeSpecUniqueStr), - Annotations: makeAnnotationsForWorkload(nodeSpec, m), - Namespace: m.Namespace, - Labels: ls, - }, - Spec: makeStatefulSetSpec(nodeSpec, m, ls, nodeSpecUniqueStr, configMapSHA, serviceName), - }, nil -} - -func statefulSetIsEquals(obj1, obj2 object) bool { - - // This used to match replica counts, but was reverted to fix https://github.com/datainfrahq/druid-operator/issues/160 - // because it is legitimate for HPA to change replica counts and operator shouldn't reset those. - - return true -} - -// makeDeployment shall create deployment object. -func makeDeployment(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, ls map[string]string, nodeSpecUniqueStr, configMapSHA, serviceName string) (*appsv1.Deployment, error) { - return &appsv1.Deployment{ - TypeMeta: metav1.TypeMeta{ - Kind: "Deployment", - APIVersion: "apps/v1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: fmt.Sprintf("%s", nodeSpecUniqueStr), - Annotations: makeAnnotationsForWorkload(nodeSpec, m), - Namespace: m.Namespace, - Labels: ls, - }, - Spec: makeDeploymentSpec(nodeSpec, m, ls, nodeSpecUniqueStr, configMapSHA, serviceName), - }, nil -} - -func deploymentIsEquals(obj1, obj2 object) bool { - - // This used to match replica counts, but was reverted to fix https://github.com/datainfrahq/druid-operator/issues/160 - // because it is legitimate for HPA to change replica counts and operator shouldn't reset those. - - return true -} - -// makeStatefulSetSpec shall create statefulset spec for statefulsets. -func makeStatefulSetSpec(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, ls map[string]string, nodeSpecificUniqueString, configMapSHA, serviceName string) appsv1.StatefulSetSpec { - - updateStrategy := firstNonNilValue(m.Spec.UpdateStrategy, &appsv1.StatefulSetUpdateStrategy{}).(*appsv1.StatefulSetUpdateStrategy) - updateStrategy = firstNonNilValue(nodeSpec.UpdateStrategy, updateStrategy).(*appsv1.StatefulSetUpdateStrategy) - - stsSpec := appsv1.StatefulSetSpec{ - ServiceName: serviceName, - Selector: &metav1.LabelSelector{ - MatchLabels: ls, - }, - Replicas: &nodeSpec.Replicas, - PodManagementPolicy: appsv1.PodManagementPolicyType(firstNonEmptyStr(firstNonEmptyStr(string(nodeSpec.PodManagementPolicy), string(m.Spec.PodManagementPolicy)), string(appsv1.ParallelPodManagement))), - UpdateStrategy: *updateStrategy, - Template: makePodTemplate(nodeSpec, m, ls, nodeSpecificUniqueString, configMapSHA), - VolumeClaimTemplates: getPersistentVolumeClaim(nodeSpec, m), - } - - return stsSpec - -} - -// makeDeploymentSpec shall create deployment Spec for deployments. -func makeDeploymentSpec(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, ls map[string]string, nodeSpecificUniqueString, configMapSHA, serviceName string) appsv1.DeploymentSpec { - deploySpec := appsv1.DeploymentSpec{ - Selector: &metav1.LabelSelector{ - MatchLabels: ls, - }, - Replicas: &nodeSpec.Replicas, - Template: makePodTemplate(nodeSpec, m, ls, nodeSpecificUniqueString, configMapSHA), - Strategy: appsv1.DeploymentStrategy{ - Type: "RollingUpdate", - RollingUpdate: getRollingUpdateStrategy(nodeSpec), - }, - } - - return deploySpec -} - -// makePodTemplate shall create podTemplate common to both deployment and statefulset. -func makePodTemplate(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, ls map[string]string, nodeSpecUniqueStr, configMapSHA string) v1.PodTemplateSpec { - return v1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ - Labels: ls, - Annotations: firstNonNilValue(nodeSpec.PodAnnotations, m.Spec.PodAnnotations).(map[string]string), - }, - Spec: makePodSpec(nodeSpec, m, nodeSpecUniqueStr, configMapSHA), - } -} - -// makePodSpec shall create podSpec common to both deployment and statefulset. -func makePodSpec(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, nodeSpecUniqueStr, configMapSHA string) v1.PodSpec { - - mainContainer := v1.Container{ - Image: firstNonEmptyStr(nodeSpec.Image, m.Spec.Image), - Name: fmt.Sprintf("%s", nodeSpecUniqueStr), - Command: []string{firstNonEmptyStr(m.Spec.StartScript, "bin/run-druid.sh"), nodeSpec.NodeType}, - ImagePullPolicy: v1.PullPolicy(firstNonEmptyStr(string(nodeSpec.ImagePullPolicy), string(m.Spec.ImagePullPolicy))), - Ports: nodeSpec.Ports, - Resources: nodeSpec.Resources, - Env: getEnv(nodeSpec, m, configMapSHA), - EnvFrom: getEnvFrom(nodeSpec, m), - VolumeMounts: getVolumeMounts(nodeSpec, m), - LivenessProbe: setLivenessProbe(nodeSpec, m), - ReadinessProbe: setReadinessProbe(nodeSpec, m), - StartupProbe: setStartUpProbe(nodeSpec, m), - Lifecycle: nodeSpec.Lifecycle, - SecurityContext: firstNonNilValue(nodeSpec.ContainerSecurityContext, m.Spec.ContainerSecurityContext).(*v1.SecurityContext), - } - - spec := v1.PodSpec{ - NodeSelector: firstNonNilValue(nodeSpec.NodeSelector, m.Spec.NodeSelector).(map[string]string), - TopologySpreadConstraints: getTopologySpreadConstraints(nodeSpec), - Tolerations: getTolerations(nodeSpec, m), - Affinity: getAffinity(nodeSpec, m), - ImagePullSecrets: firstNonNilValue(nodeSpec.ImagePullSecrets, m.Spec.ImagePullSecrets).([]v1.LocalObjectReference), - Containers: []v1.Container{mainContainer}, - TerminationGracePeriodSeconds: nodeSpec.TerminationGracePeriodSeconds, - Volumes: getVolume(nodeSpec, m, nodeSpecUniqueStr), - SecurityContext: firstNonNilValue(nodeSpec.PodSecurityContext, m.Spec.PodSecurityContext).(*v1.PodSecurityContext), - ServiceAccountName: firstNonEmptyStr(nodeSpec.ServiceAccountName, m.Spec.ServiceAccount), - PriorityClassName: firstNonEmptyStr(nodeSpec.PriorityClassName, m.Spec.PriorityClassName), - DNSPolicy: v1.DNSPolicy(firstNonEmptyStr(string(nodeSpec.DNSPolicy), string(m.Spec.DNSPolicy))), - DNSConfig: firstNonNilValue(nodeSpec.DNSConfig, m.Spec.DNSConfig).(*v1.PodDNSConfig), - } - - addAdditionalContainers(m, nodeSpec, &spec) - - return spec -} - -func setDefaultProbe(defaultPort int32, nodeType string, probeType string) *v1.Probe { - probe := &v1.Probe{ - ProbeHandler: v1.ProbeHandler{ - HTTPGet: &v1.HTTPGetAction{ - Path: "/status/health", - Port: intstr.IntOrString{ - IntVal: defaultPort, - }, - }, - }, - InitialDelaySeconds: 5, - TimeoutSeconds: 5, - PeriodSeconds: 10, - SuccessThreshold: 1, - FailureThreshold: 10, - } - - if nodeType == historical && probeType != "liveness" { - probe.HTTPGet.Path = "/druid/historical/v1/readiness" - probe.FailureThreshold = 20 - } - if nodeType == broker && probeType != "liveness" { - probe.HTTPGet.Path = "/druid/broker/v1/readiness" - probe.FailureThreshold = 20 - } - - if nodeType == historical && probeType == "startup" { - probe.InitialDelaySeconds = 180 - probe.PeriodSeconds = 30 - probe.TimeoutSeconds = 10 - } - return probe -} - -func updateDefaultPortInProbe(probe *v1.Probe, defaultPort int32) *v1.Probe { - if probe != nil && probe.HTTPGet != nil && probe.HTTPGet.Port.IntVal == 0 && probe.HTTPGet.Port.StrVal == "" { - probe.HTTPGet.Port.IntVal = defaultPort - } - return probe -} - -func makePodDisruptionBudget(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, ls map[string]string, nodeSpecUniqueStr string) (*policyv1.PodDisruptionBudget, error) { - pdbSpec := *nodeSpec.PodDisruptionBudgetSpec - pdbSpec.Selector = &metav1.LabelSelector{MatchLabels: ls} - - pdb := &policyv1.PodDisruptionBudget{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "policy/v1", - Kind: "PodDisruptionBudget", - }, - - ObjectMeta: metav1.ObjectMeta{ - Name: nodeSpecUniqueStr, - Namespace: m.Namespace, - Labels: ls, - }, - - Spec: pdbSpec, - } - - return pdb, nil -} - -func makeHorizontalPodAutoscaler(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, ls map[string]string, nodeSpecUniqueStr string) (*autoscalev2.HorizontalPodAutoscaler, error) { - nodeHSpec := *nodeSpec.HPAutoScaler - - hpa := &autoscalev2.HorizontalPodAutoscaler{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "autoscaling/v2", - Kind: "HorizontalPodAutoscaler", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: nodeSpecUniqueStr, - Namespace: m.Namespace, - Labels: ls, - }, - Spec: nodeHSpec, - } - - return hpa, nil -} - -func makeIngress(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, ls map[string]string, nodeSpecUniqueStr string) (*networkingv1.Ingress, error) { - nodeIngressSpec := *nodeSpec.Ingress - - ingress := &networkingv1.Ingress{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "networking.k8s.io/v1", - Kind: "Ingress", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: nodeSpecUniqueStr, - Annotations: nodeSpec.IngressAnnotations, - Namespace: m.Namespace, - Labels: ls, - }, - Spec: nodeIngressSpec, - } - - return ingress, nil -} - -func makePersistentVolumeClaim(pvc *v1.PersistentVolumeClaim, nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, ls map[string]string, nodeSpecUniqueStr string) (*v1.PersistentVolumeClaim, error) { - - pvc.TypeMeta = metav1.TypeMeta{ - APIVersion: "v1", - Kind: "PersistentVolumeClaim", - } - - pvc.ObjectMeta.Namespace = m.Namespace - - if pvc.ObjectMeta.Labels == nil { - pvc.ObjectMeta.Labels = ls - } else { - for k, v := range ls { - pvc.ObjectMeta.Labels[k] = v - } - } - - if pvc.ObjectMeta.Name == "" { - pvc.ObjectMeta.Name = nodeSpecUniqueStr - } else { - for _, p := range nodeSpec.PersistentVolumeClaim { - pvc.ObjectMeta.Name = p.Name - pvc.Spec = p.Spec - } - - } - - return pvc, nil -} - -// makeLabelsForDruid returns the labels for selecting the resources -// belonging to the given Druid object. -func makeLabelsForDruid(druid *v1alpha1.Druid) map[string]string { - return map[string]string{"app": "druid", "druid_cr": druid.GetName()} -} - -// makeLabelsForDruid returns the labels for selecting the resources -// belonging to the given druid CR name. adds labels from both node & -// cluster specs. node spec labels will take precedence over clusters labels -func makeLabelsForNodeSpec(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid, clusterName, nodeSpecUniqueStr string) map[string]string { - var labels = map[string]string{} - - for k, v := range m.Spec.PodLabels { - labels[k] = v - } - - for k, v := range nodeSpec.PodLabels { - labels[k] = v - } - - labels["app"] = "druid" - labels["druid_cr"] = clusterName - labels["nodeSpecUniqueStr"] = nodeSpecUniqueStr - labels["component"] = nodeSpec.NodeType - return labels -} - -// makeAnnotationsForWorkload returns the annotations for a Deployment or StatefulSet -// If a given key is set in both the DruidSpec and DruidNodeSpec, the node-scoped value will take precedence. -func makeAnnotationsForWorkload(nodeSpec *v1alpha1.DruidNodeSpec, m *v1alpha1.Druid) map[string]string { - var annotations = map[string]string{} - - if m.Spec.WorkloadAnnotations != nil { - annotations = m.Spec.WorkloadAnnotations - } - - for k, v := range nodeSpec.WorkloadAnnotations { - annotations[k] = v - } - - return annotations -} - -// addOwnerRefToObject appends the desired OwnerReference to the object -func addOwnerRefToObject(obj metav1.Object, ownerRef metav1.OwnerReference) { - obj.SetOwnerReferences(append(obj.GetOwnerReferences(), ownerRef)) -} - -// asOwner returns an OwnerReference set as the druid CR -func asOwner(m *v1alpha1.Druid) metav1.OwnerReference { - trueVar := true - return metav1.OwnerReference{ - APIVersion: m.APIVersion, - Kind: m.Kind, - Name: m.Name, - UID: m.UID, - Controller: &trueVar, - } -} - -// getPodNames returns the pod names of the array of pods passed in -func getPodNames(pods []object) []string { - var podNames []string - for _, pod := range pods { - podNames = append(podNames, pod.(*v1.Pod).Name) - } - return podNames -} - -func sendEvent(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, eventtype, reason, message string) { - - ref := &v1.ObjectReference{ - Kind: drd.Kind, - APIVersion: drd.APIVersion, - Name: drd.Name, - Namespace: drd.Namespace, - UID: drd.UID, - ResourceVersion: drd.ResourceVersion, - } - - t := metav1.Now() - namespace := ref.Namespace - if namespace == "" { - namespace = metav1.NamespaceDefault - } - - event := &v1.Event{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "v1", - Kind: "Event", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: fmt.Sprintf("%v.%x", ref.Name, t.UnixNano()), - Namespace: namespace, - }, - InvolvedObject: *ref, - Reason: reason, - Message: message, - FirstTimestamp: t, - LastTimestamp: t, - Count: 1, - Type: eventtype, - Source: v1.EventSource{Component: "druid-operator"}, - } - - if err := sdk.Create(ctx, event); err != nil { - logger.Error(err, fmt.Sprintf("Failed to push event [%v]", event)) - } -} - -func verifyDruidSpec(drd *v1alpha1.Druid) error { - keyValidationRegex, err := regexp.Compile("[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*") - if err != nil { - return err - } - - if err = validateAdditionalContainersSpec(drd); err != nil { - return err - } - - if err = validateVolumeClaimTemplateSpec(drd); err != nil { - return err - } - - errorMsg := "" - for key, node := range drd.Spec.Nodes { - if drd.Spec.Image == "" && node.Image == "" { - errorMsg = fmt.Sprintf("%sImage missing from Druid Cluster Spec\n", errorMsg) - } - - if !keyValidationRegex.MatchString(key) { - errorMsg = fmt.Sprintf("%sNode[%s] Key must match k8s resource name regex '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'", errorMsg, key) - } - } - - if errorMsg == "" { - return nil - } else { - return fmt.Errorf(errorMsg) - } -} - -func namespacedName(name, namespace string) *types.NamespacedName { - return &types.NamespacedName{Name: name, Namespace: namespace} -} diff --git a/druid-operator/controllers/druid/handler_test.go b/druid-operator/controllers/druid/handler_test.go deleted file mode 100644 index 2548c492a1e5..000000000000 --- a/druid-operator/controllers/druid/handler_test.go +++ /dev/null @@ -1,372 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "io/ioutil" - "reflect" - "testing" - - "github.com/ghodss/yaml" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - policyv1 "k8s.io/api/policy/v1" - - druidv1alpha1 "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" -) - -// +kubebuilder:docs-gen:collapse=Imports - -// testHandler -var _ = Describe("Test handler", func() { - Context("When testing handler", func() { - It("should make statefulset for broker", func() { - By("By making statefulset for broker") - filePath := "testdata/druid-test-cr.yaml" - clusterSpec, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - - nodeSpecUniqueStr := makeNodeSpecificUniqueString(clusterSpec, "brokers") - nodeSpec := clusterSpec.Spec.Nodes["brokers"] - - actual, _ := makeStatefulSet(&nodeSpec, clusterSpec, makeLabelsForNodeSpec(&nodeSpec, clusterSpec, clusterSpec.Name, nodeSpecUniqueStr), nodeSpecUniqueStr, "blah", nodeSpecUniqueStr) - addHashToObject(actual) - - expected := new(appsv1.StatefulSet) - err = readAndUnmarshallResource("testdata/broker-statefulset.yaml", &expected) - Expect(err).Should(BeNil()) - - Expect(actual).Should(Equal(expected)) - }) - It("should make statefulset for broker without default probe", func() { - By("By making statefulset for broker") - filePath := "testdata/druid-test-cr-noprobe.yaml" - clusterSpec, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - - nodeSpecUniqueStr := makeNodeSpecificUniqueString(clusterSpec, "brokers") - nodeSpec := clusterSpec.Spec.Nodes["brokers"] - - actual, _ := makeStatefulSet(&nodeSpec, clusterSpec, makeLabelsForNodeSpec(&nodeSpec, clusterSpec, clusterSpec.Name, nodeSpecUniqueStr), nodeSpecUniqueStr, "blah", nodeSpecUniqueStr) - addHashToObject(actual) - - expected := new(appsv1.StatefulSet) - err = readAndUnmarshallResource("testdata/broker-statefulset-noprobe.yaml", &expected) - Expect(err).Should(BeNil()) - - Expect(actual).Should(Equal(expected)) - }) - - It("should make statefulset for broker with sidecar", func() { - By("By making statefulset for broker with sidecar") - filePath := "testdata/druid-test-cr-sidecar.yaml" - clusterSpec, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - - nodeSpecUniqueStr := makeNodeSpecificUniqueString(clusterSpec, "brokers") - nodeSpec := clusterSpec.Spec.Nodes["brokers"] - - actual, _ := makeStatefulSet(&nodeSpec, clusterSpec, makeLabelsForNodeSpec(&nodeSpec, clusterSpec, clusterSpec.Name, nodeSpecUniqueStr), nodeSpecUniqueStr, "blah", nodeSpecUniqueStr) - addHashToObject(actual) - - expected := new(appsv1.StatefulSet) - readAndUnmarshallResource("testdata/broker-statefulset-sidecar.yaml", &expected) - Expect(err).Should(BeNil()) - - Expect(actual).Should(Equal(expected)) - }) - - It("should make deployment for broker", func() { - By("By making deployment for broker") - filePath := "testdata/druid-test-cr.yaml" - clusterSpec, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - - nodeSpecUniqueStr := makeNodeSpecificUniqueString(clusterSpec, "brokers") - nodeSpec := clusterSpec.Spec.Nodes["brokers"] - - actual, _ := makeDeployment(&nodeSpec, clusterSpec, makeLabelsForNodeSpec(&nodeSpec, clusterSpec, clusterSpec.Name, nodeSpecUniqueStr), nodeSpecUniqueStr, "blah", nodeSpecUniqueStr) - addHashToObject(actual) - - expected := new(appsv1.Deployment) - readAndUnmarshallResource("testdata/broker-deployment.yaml", &expected) - Expect(err).Should(BeNil()) - - Expect(actual).Should(Equal(expected)) - }) - - It("should make PDB for broker", func() { - By("By making PDB for broker") - filePath := "testdata/druid-test-cr.yaml" - clusterSpec, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - - nodeSpecUniqueStr := makeNodeSpecificUniqueString(clusterSpec, "brokers") - nodeSpec := clusterSpec.Spec.Nodes["brokers"] - - actual, _ := makePodDisruptionBudget(&nodeSpec, clusterSpec, makeLabelsForNodeSpec(&nodeSpec, clusterSpec, clusterSpec.Name, nodeSpecUniqueStr), nodeSpecUniqueStr) - addHashToObject(actual) - - expected := new(policyv1.PodDisruptionBudget) - readAndUnmarshallResource("testdata/broker-pod-disruption-budget.yaml", &expected) - Expect(err).Should(BeNil()) - - Expect(actual).Should(Equal(expected)) - }) - - It("should make headless service", func() { - By("By making headless service") - filePath := "testdata/druid-test-cr.yaml" - clusterSpec, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - - nodeSpecUniqueStr := makeNodeSpecificUniqueString(clusterSpec, "brokers") - nodeSpec := clusterSpec.Spec.Nodes["brokers"] - - actual, _ := makeService(&nodeSpec.Services[0], &nodeSpec, clusterSpec, makeLabelsForNodeSpec(&nodeSpec, clusterSpec, clusterSpec.Name, nodeSpecUniqueStr), nodeSpecUniqueStr) - addHashToObject(actual) - - expected := new(corev1.Service) - readAndUnmarshallResource("testdata/broker-headless-service.yaml", &expected) - Expect(err).Should(BeNil()) - - Expect(actual).Should(Equal(expected)) - }) - - It("should make load balancer service", func() { - By("By making load balancer service") - filePath := "testdata/druid-test-cr.yaml" - clusterSpec, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - - nodeSpecUniqueStr := makeNodeSpecificUniqueString(clusterSpec, "brokers") - nodeSpec := clusterSpec.Spec.Nodes["brokers"] - - actual, _ := makeService(&nodeSpec.Services[1], &nodeSpec, clusterSpec, makeLabelsForNodeSpec(&nodeSpec, clusterSpec, clusterSpec.Name, nodeSpecUniqueStr), nodeSpecUniqueStr) - addHashToObject(actual) - - expected := new(corev1.Service) - readAndUnmarshallResource("testdata/broker-load-balancer-service.yaml", &expected) - Expect(err).Should(BeNil()) - - Expect(actual).Should(Equal(expected)) - }) - - It("should make config map", func() { - By("By making config map") - filePath := "testdata/druid-test-cr.yaml" - clusterSpec, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - actual, _ := makeCommonConfigMap(ctx, k8sClient, clusterSpec, makeLabelsForDruid(clusterSpec)) - addHashToObject(actual) - - expected := new(corev1.ConfigMap) - readAndUnmarshallResource("testdata/common-config-map.yaml", &expected) - Expect(err).Should(BeNil()) - - Expect(actual).Should(Equal(expected)) - }) - - It("should make broker config map", func() { - By("By making broker config map") - filePath := "testdata/druid-test-cr.yaml" - clusterSpec, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - - nodeSpecUniqueStr := makeNodeSpecificUniqueString(clusterSpec, "brokers") - nodeSpec := clusterSpec.Spec.Nodes["brokers"] - - actual, _ := makeConfigMapForNodeSpec(&nodeSpec, clusterSpec, makeLabelsForNodeSpec(&nodeSpec, clusterSpec, clusterSpec.Name, nodeSpecUniqueStr), nodeSpecUniqueStr) - addHashToObject(actual) - - expected := new(corev1.ConfigMap) - readAndUnmarshallResource("testdata/broker-config-map.yaml", &expected) - Expect(err).Should(BeNil()) - - Expect(actual).Should(Equal(expected)) - }) - - }) -}) - -func readDruidClusterSpecFromFile(filePath string) (*druidv1alpha1.Druid, error) { - clusterSpec := new(druidv1alpha1.Druid) - bytes, err := ioutil.ReadFile(filePath) - if err != nil { - return clusterSpec, err - } - - err = yaml.Unmarshal(bytes, &clusterSpec) - if err != nil { - return clusterSpec, err - } - return clusterSpec, nil -} - -func readAndUnmarshallResource(file string, res interface{}) error { - bytes, err := ioutil.ReadFile(file) - if err != nil { - return err - } - - err = yaml.Unmarshal(bytes, res) - if err != nil { - return err - } - return nil -} - -func TestPodSpecDNSConfig(t *testing.T) { - tests := []struct { - name string - nodeDNSConfig *corev1.PodDNSConfig - specDNSConfig *corev1.PodDNSConfig - expected *corev1.PodDNSConfig - }{ - { - name: "Both nil", - nodeDNSConfig: nil, - specDNSConfig: nil, - expected: nil, - }, - { - name: "Only spec provided", - nodeDNSConfig: nil, - specDNSConfig: &corev1.PodDNSConfig{ - Nameservers: []string{"8.8.8.8"}, - Searches: []string{"example.com"}, - }, - expected: &corev1.PodDNSConfig{ - Nameservers: []string{"8.8.8.8"}, - Searches: []string{"example.com"}, - }, - }, - { - name: "Only node provided", - nodeDNSConfig: &corev1.PodDNSConfig{ - Nameservers: []string{"1.1.1.1"}, - Searches: []string{"node.local"}, - }, - specDNSConfig: nil, - expected: &corev1.PodDNSConfig{ - Nameservers: []string{"1.1.1.1"}, - Searches: []string{"node.local"}, - }, - }, - { - name: "Both provided, node wins", - nodeDNSConfig: &corev1.PodDNSConfig{ - Nameservers: []string{"1.1.1.1"}, - Searches: []string{"node.local"}, - }, - specDNSConfig: &corev1.PodDNSConfig{ - Nameservers: []string{"8.8.8.8"}, - Searches: []string{"example.com"}, - }, - expected: &corev1.PodDNSConfig{ - Nameservers: []string{"1.1.1.1"}, - Searches: []string{"node.local"}, - }, - }, - } - - for _, tc := range tests { - t.Run(tc.name, func(t *testing.T) { - m := &druidv1alpha1.Druid{ - Spec: druidv1alpha1.DruidSpec{ - DNSConfig: tc.specDNSConfig, - }, - } - nodeSpec := &druidv1alpha1.DruidNodeSpec{ - DNSConfig: tc.nodeDNSConfig, - } - podSpec := makePodSpec(nodeSpec, m, "unique", "dummySHA") - if !reflect.DeepEqual(podSpec.DNSConfig, tc.expected) { - t.Errorf("expected DNSConfig %v, got %v", tc.expected, podSpec.DNSConfig) - } - }) - } -} - -func TestPodSpecDNSConfigYAML(t *testing.T) { - m, err := readDruidClusterSpecFromFile("testdata/druid-test-cr.yaml") - if err != nil { - t.Fatalf("failed to read cluster spec: %v", err) - } - nodeSpec := m.Spec.Nodes["middlemanagers"] - podSpec := makePodSpec(&nodeSpec, m, "unique", "dummySHA") - expectedDNSConfig := &corev1.PodDNSConfig{ - Nameservers: []string{"10.0.0.53"}, - Searches: []string{"example.local"}, - } - if !reflect.DeepEqual(podSpec.DNSConfig, expectedDNSConfig) { - t.Errorf("expected DNSConfig %v, got %v", expectedDNSConfig, podSpec.DNSConfig) - } -} - -// TestPodSpecDNSPolicy verifies DNSPolicy resolution in makePodSpec. -func TestPodSpecDNSPolicy(t *testing.T) { - tests := []struct { - name string - nodeDNS string - specDNS string - expected corev1.DNSPolicy - }{ - {"Both empty", "", "", corev1.DNSPolicy("")}, - {"Only spec provided", "", "ClusterFirst", corev1.DNSPolicy("ClusterFirst")}, - {"Only node provided", "Default", "", corev1.DNSPolicy("Default")}, - {"Both provided, node wins", "Default", "ClusterFirst", corev1.DNSPolicy("Default")}, - } - - for _, tc := range tests { - tc := tc // capture current test case - t.Run(tc.name, func(t *testing.T) { - m := &druidv1alpha1.Druid{ - Spec: druidv1alpha1.DruidSpec{ - DNSPolicy: corev1.DNSPolicy(tc.specDNS), - }, - } - nodeSpec := &druidv1alpha1.DruidNodeSpec{ - DNSPolicy: corev1.DNSPolicy(tc.nodeDNS), - } - podSpec := makePodSpec(nodeSpec, m, "unique", "dummySHA") - if podSpec.DNSPolicy != tc.expected { - t.Errorf("expected DNSPolicy %q, got %q", tc.expected, podSpec.DNSPolicy) - } - }) - } -} - -// TestPodSpecDNSPolicyYAML validates that the generated PodSpec DNSPolicy matches the expected value, -// using the druid-test-cr.yaml as the single input file. -func TestPodSpecDNSPolicyYAML(t *testing.T) { - m, err := readDruidClusterSpecFromFile("testdata/druid-test-cr.yaml") - if err != nil { - t.Fatalf("failed to read cluster spec: %v", err) - } - nodeSpec := m.Spec.Nodes["middlemanagers"] - podSpec := makePodSpec(&nodeSpec, m, "unique", "dummySHA") - expectedDNSPolicy := corev1.DNSPolicy("ClusterFirst") - if podSpec.DNSPolicy != expectedDNSPolicy { - t.Errorf("expected DNSPolicy %q, got %q", expectedDNSPolicy, podSpec.DNSPolicy) - } -} diff --git a/druid-operator/controllers/druid/interface.go b/druid-operator/controllers/druid/interface.go deleted file mode 100644 index b7639d3bef89..000000000000 --- a/druid-operator/controllers/druid/interface.go +++ /dev/null @@ -1,308 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "context" - "fmt" - "reflect" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - appsv1 "k8s.io/api/apps/v1" - v1 "k8s.io/api/core/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/tools/record" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -type DruidNodeStatus string - -const ( - resourceCreated DruidNodeStatus = "CREATED" - resourceUpdated DruidNodeStatus = "UPDATED" -) - -type druidEventReason string - -// Events emitted should be UpperCamelCaseFormat -// druidEventreason is the reason this event is generated. druidEventreason should be short and unique -const ( - rollingDeployWait druidEventReason = "DruidNodeRollingDeployWait" - druidOjectGetFail druidEventReason = "DruidOperatorGetFail" - druidNodeUpdateFail druidEventReason = "DruidOperatorUpdateFail" - druidNodeUpdateSuccess druidEventReason = "DruidOperatorUpdateSuccess" - druidNodeDeleteFail druidEventReason = "DruidOperatorDeleteFail" - druidNodeDeleteSuccess druidEventReason = "DruidOperatorDeleteSuccess" - druidNodeCreateSuccess druidEventReason = "DruidOperatorCreateSuccess" - druidNodeCreateFail druidEventReason = "DruidOperatorCreateFail" - druidNodePatchFail druidEventReason = "DruidOperatorPatchFail" - druidNodePatchSucess druidEventReason = "DruidOperatorPatchSuccess" - druidObjectListFail druidEventReason = "DruidOperatorListFail" - - druidFinalizerTriggered druidEventReason = "DruidOperatorFinalizerTriggered" - druidFinalizerFailed druidEventReason = "DruidFinalizerFailed" - druidFinalizerSuccess druidEventReason = "DruidFinalizerSuccess" - - druidGetRouterSvcUrlFailed druidEventReason = "DruidAPIGetRouterSvcUrlFailed" - druidGetAuthCredsFailed druidEventReason = "DruidAPIGetAuthCredsFailed" - druidFetchCurrentConfigsFailed druidEventReason = "DruidAPIFetchCurrentConfigsFailed" - druidConfigComparisonFailed druidEventReason = "DruidAPIConfigComparisonFailed" - druidUpdateConfigsFailed druidEventReason = "DruidAPIUpdateConfigsFailed" - druidUpdateConfigsSuccess druidEventReason = "DruidAPIUpdateConfigsSuccess" -) - -// Reader Interface -type Reader interface { - List(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, selectorLabels map[string]string, emitEvent EventEmitter, emptyListObjFn func() objectList, ListObjFn func(obj runtime.Object) []object) ([]object, error) - Get(ctx context.Context, sdk client.Client, nodeSpecUniqueStr string, drd *v1alpha1.Druid, emptyObjFn func() object, emitEvent EventEmitter) (object, error) -} - -// Writer Interface -type Writer interface { - Delete(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, obj object, emitEvent EventEmitter, deleteOptions ...client.DeleteOption) error - Create(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, obj object, emitEvent EventEmitter) (DruidNodeStatus, error) - Update(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, obj object, emitEvent EventEmitter) (DruidNodeStatus, error) - Patch(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, obj object, status bool, patch client.Patch, emitEvent EventEmitter) error -} - -// EventEmitter Interface is a wrapper interface for all the emitter interface druid operator shall support. -// EventEmitter interface is initalized in druid_controller.go, reconcile method. The interface is passed as an arg to deployDruid(), handler.go -type EventEmitter interface { - K8sEventEmitter - GenericEventEmitter -} - -// GenericEventEmitter can be used for any case where the state change isn't handled by reader,writer or any custom event. -type GenericEventEmitter interface { - EmitEventGeneric(obj object, eventReason, msg string, err error) -} - -// Methods include an obj and k8s obj, obj is druid CR (runtime.Object) and k8s obj ( object interface ) -// K8sEventEmitter will also be displayed in logs of the operator. (only on state change) -// All methods are tied to reader,writer interfaces. Custom errors msg's and msg's are constructed within the methods and are not expected to change. -type K8sEventEmitter interface { - EmitEventRollingDeployWait(obj, k8sObj object, nodeSpecUniqueStr string) - EmitEventOnGetError(obj, getObj object, err error) - EmitEventOnUpdate(obj, updateObj object, err error) - EmitEventOnDelete(obj, deleteObj object, err error) - EmitEventOnCreate(obj, createObj object, err error) - EmitEventOnPatch(obj, patchObj object, err error) - EmitEventOnList(obj object, listObj objectList, err error) -} - -// Object Interface : Wrapper interface includes metav1 object and runtime object interface. -type object interface { - metav1.Object - runtime.Object -} - -// Object List Interface : Wrapper interface includes metav1 List and runtime object interface. -type objectList interface { - metav1.ListInterface - runtime.Object -} - -// WriterFuncs struct -type WriterFuncs struct{} - -// ReaderFuncs struct -type ReaderFuncs struct{} - -// EmitEventFuncs struct -type EmitEventFuncs struct { - record.EventRecorder -} - -// Initalizie Reader -var readers Reader = ReaderFuncs{} - -// Initalize Writer -var writers Writer = WriterFuncs{} - -// return k8s object type -// Deployment : *v1.Deployment -// StatefulSet: *v1.StatefulSet -func detectType(obj object) string { return reflect.TypeOf(obj).String() } - -// Patch method shall patch the status of Obj or the status. -// Pass status as true to patch the object status. -// NOTE: Not logging on patch success, it shall keep logging on each reconcile -func (f WriterFuncs) Patch(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, obj object, status bool, patch client.Patch, emitEvent EventEmitter) error { - - if !status { - if err := sdk.Patch(ctx, obj, patch); err != nil { - emitEvent.EmitEventOnPatch(drd, obj, err) - return err - } - } else { - if err := sdk.Status().Patch(ctx, obj, patch); err != nil { - emitEvent.EmitEventOnPatch(drd, obj, err) - return err - } - } - return nil -} - -// Update Func shall update the Object -func (f WriterFuncs) Update(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, obj object, emitEvent EventEmitter) (DruidNodeStatus, error) { - - if err := sdk.Update(ctx, obj); err != nil { - emitEvent.EmitEventOnUpdate(drd, obj, err) - return "", err - } else { - emitEvent.EmitEventOnUpdate(drd, obj, nil) - return resourceUpdated, nil - } - -} - -// Create methods shall create an object, and returns a string, error -func (f WriterFuncs) Create(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, obj object, emitEvent EventEmitter) (DruidNodeStatus, error) { - - if err := sdk.Create(ctx, obj); err != nil { - logger.Error(err, err.Error(), "object", stringifyForLogging(obj, drd), "name", drd.Name, "namespace", drd.Namespace, "errorType", apierrors.ReasonForError(err)) - emitEvent.EmitEventOnCreate(drd, obj, err) - return "", err - } else { - emitEvent.EmitEventOnCreate(drd, obj, nil) - return resourceCreated, nil - } - -} - -// Delete methods shall delete the object, deleteOptions is a variadic parameter to support various delete options such as cascade deletion. -func (f WriterFuncs) Delete(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, obj object, emitEvent EventEmitter, deleteOptions ...client.DeleteOption) error { - - if err := sdk.Delete(ctx, obj, deleteOptions...); err != nil { - emitEvent.EmitEventOnDelete(drd, obj, err) - return err - } else { - emitEvent.EmitEventOnDelete(drd, obj, err) - return nil - } -} - -// Get methods shall the get the object. -func (f ReaderFuncs) Get(ctx context.Context, sdk client.Client, nodeSpecUniqueStr string, drd *v1alpha1.Druid, emptyObjFn func() object, emitEvent EventEmitter) (object, error) { - obj := emptyObjFn() - - if err := sdk.Get(ctx, *namespacedName(nodeSpecUniqueStr, drd.Namespace), obj); err != nil { - emitEvent.EmitEventOnGetError(drd, obj, err) - return nil, err - } - return obj, nil -} - -// List methods shall return the list of an object -func (f ReaderFuncs) List(ctx context.Context, sdk client.Client, drd *v1alpha1.Druid, selectorLabels map[string]string, emitEvent EventEmitter, emptyListObjFn func() objectList, ListObjFn func(obj runtime.Object) []object) ([]object, error) { - listOpts := []client.ListOption{ - client.InNamespace(drd.Namespace), - client.MatchingLabels(selectorLabels), - } - listObj := emptyListObjFn() - - if err := sdk.List(ctx, listObj, listOpts...); err != nil { - emitEvent.EmitEventOnList(drd, listObj, err) - return nil, err - } - - return ListObjFn(listObj), nil -} - -// EmitEventRollingDeployWait shall emit an event when the current state of a druid node is rolling deploy -func (e EmitEventFuncs) EmitEventRollingDeployWait(obj, k8sObj object, nodeSpecUniqueStr string) { - if detectType(k8sObj) == "*v1.StatefulSet" { - msg := fmt.Sprintf("StatefulSet[%s] roll out is in progress CurrentRevision[%s] != UpdateRevision[%s]", nodeSpecUniqueStr, k8sObj.(*appsv1.StatefulSet).Status.CurrentRevision, k8sObj.(*appsv1.StatefulSet).Status.UpdateRevision) - e.Event(obj, v1.EventTypeNormal, string(rollingDeployWait), msg) - } else if detectType(k8sObj) == "*v1.Deployment" { - msg := fmt.Sprintf("Deployment[%s] roll out is in progress in namespace [%s], ReadyReplicas [%d] != Current Replicas [%d]", k8sObj.(*appsv1.Deployment).Name, k8sObj.GetNamespace(), k8sObj.(*appsv1.Deployment).Status.ReadyReplicas, k8sObj.(*appsv1.Deployment).Status.Replicas) - e.Event(obj, v1.EventTypeNormal, string(rollingDeployWait), msg) - } -} - -// EmitEventGeneric shall emit a generic event -func (e EmitEventFuncs) EmitEventGeneric(obj object, eventReason, msg string, err error) { - if err != nil { - e.Event(obj, v1.EventTypeWarning, eventReason, err.Error()) - } else if msg != "" { - e.Event(obj, v1.EventTypeNormal, eventReason, msg) - - } -} - -// EmitEventOnGetError shall emit event on GET err operation -func (e EmitEventFuncs) EmitEventOnGetError(obj, getObj object, err error) { - getErr := fmt.Errorf("Failed to get [Object:%s] due to [%s]", getObj.GetName(), err.Error()) - e.Event(obj, v1.EventTypeWarning, string(druidOjectGetFail), getErr.Error()) -} - -// EmitEventOnList shall emit event on LIST err operation -func (e EmitEventFuncs) EmitEventOnList(obj object, listObj objectList, err error) { - if err != nil { - errMsg := fmt.Errorf("Error listing object [%s] in namespace [%s] due to [%s]", listObj.GetObjectKind().GroupVersionKind().Kind, obj.GetNamespace(), err.Error()) - e.Event(obj, v1.EventTypeWarning, string(druidObjectListFail), errMsg.Error()) - } -} - -// EmitEventOnUpdate shall emit event on UPDATE operation -func (e EmitEventFuncs) EmitEventOnUpdate(obj, updateObj object, err error) { - if err != nil { - errMsg := fmt.Errorf("Failed to update [%s:%s] due to [%s].", updateObj.GetName(), detectType(updateObj), err.Error()) - e.Event(obj, v1.EventTypeWarning, string(druidNodeUpdateFail), errMsg.Error()) - } else { - msg := fmt.Sprintf("Updated [%s:%s].", updateObj.GetName(), detectType(updateObj)) - e.Event(obj, v1.EventTypeNormal, string(druidNodeUpdateSuccess), msg) - } -} - -// EmitEventOnDelete shall emit event on DELETE operation -func (e EmitEventFuncs) EmitEventOnDelete(obj, deleteObj object, err error) { - if err != nil { - errMsg := fmt.Errorf("Error deleting object [%s:%s] in namespace [%s] due to [%s]", detectType(deleteObj), deleteObj.GetName(), deleteObj.GetNamespace(), err.Error()) - e.Event(obj, v1.EventTypeWarning, string(druidNodeDeleteFail), errMsg.Error()) - } else { - msg := fmt.Sprintf("Successfully deleted object [%s:%s] in namespace [%s]", deleteObj.GetName(), detectType(deleteObj), deleteObj.GetNamespace()) - e.Event(obj, v1.EventTypeNormal, string(druidNodeDeleteSuccess), msg) - } -} - -// EmitEventOnCreate shall emit event on CREATE operation -func (e EmitEventFuncs) EmitEventOnCreate(obj, createObj object, err error) { - if err != nil { - errMsg := fmt.Errorf("Error creating object [%s] in namespace [%s:%s] due to [%s]", createObj.GetName(), detectType(createObj), createObj.GetNamespace(), err.Error()) - e.Event(obj, v1.EventTypeWarning, string(druidNodeCreateFail), errMsg.Error()) - } else { - msg := fmt.Sprintf("Successfully created object [%s:%s] in namespace [%s]", createObj.GetName(), detectType(createObj), createObj.GetNamespace()) - e.Event(obj, v1.EventTypeNormal, string(druidNodeCreateSuccess), msg) - } -} - -// EmitEventOnPatch shall emit event on PATCH operation -func (e EmitEventFuncs) EmitEventOnPatch(obj, patchObj object, err error) { - if err != nil { - errMsg := fmt.Errorf("Error patching object [%s:%s] in namespace [%s] due to [%s]", patchObj.GetName(), detectType(patchObj), patchObj.GetNamespace(), err.Error()) - e.Event(obj, v1.EventTypeWarning, string(druidNodePatchFail), errMsg.Error()) - } else { - msg := fmt.Sprintf("Successfully patched object [%s:%s] in namespace [%s]", patchObj.GetName(), detectType(patchObj), patchObj.GetNamespace()) - e.Event(obj, v1.EventTypeNormal, string(druidNodePatchSucess), msg) - } -} diff --git a/druid-operator/controllers/druid/metadata_store_dep_mgmt.go b/druid-operator/controllers/druid/metadata_store_dep_mgmt.go deleted file mode 100644 index e8eda8f1b746..000000000000 --- a/druid-operator/controllers/druid/metadata_store_dep_mgmt.go +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "encoding/json" - "fmt" - "reflect" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - "github.com/datainfrahq/druid-operator/controllers/druid/ext" -) - -var metadataStoreExtTypes = map[string]reflect.Type{} - -func init() { - metadataStoreExtTypes["default"] = reflect.TypeOf(ext.DefaultMetadataStoreManager{}) -} - -// We might have to add more methods to this interface to enable extensions that completely manage -// deploy, upgrade and termination of metadata store. -type metadataStoreManager interface { - Configuration() string -} - -func createMetadataStoreManager(spec *v1alpha1.MetadataStoreSpec) (metadataStoreManager, error) { - if t, ok := metadataStoreExtTypes[spec.Type]; ok { - v := reflect.New(t).Interface() - if err := json.Unmarshal(spec.Spec, v); err != nil { - return nil, fmt.Errorf("Couldn't unmarshall metadataStore type[%s]. Error[%s].", spec.Type, err.Error()) - } else { - return v.(metadataStoreManager), nil - } - } else { - return nil, fmt.Errorf("Can't find type[%s] for MetadataStore Mgmt.", spec.Type) - } -} diff --git a/druid-operator/controllers/druid/ordering.go b/druid-operator/controllers/druid/ordering.go deleted file mode 100644 index 2787d9eb3688..000000000000 --- a/druid-operator/controllers/druid/ordering.go +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - -var ( - druidServicesOrder = []string{historical, overlord, middleManager, indexer, broker, coordinator, router} -) - -type ServiceGroup struct { - key string - spec v1alpha1.DruidNodeSpec -} - -// getNodeSpecsByOrder returns all NodeSpecs f a given Druid object. -// Recommended order is described at http://druid.io/docs/latest/operations/rolling-updates.html -func getNodeSpecsByOrder(m *v1alpha1.Druid) []*ServiceGroup { - - scaledServiceSpecsByNodeType := map[string][]*ServiceGroup{} - for _, t := range druidServicesOrder { - scaledServiceSpecsByNodeType[t] = []*ServiceGroup{} - } - - for key, nodeSpec := range m.Spec.Nodes { - scaledServiceSpec := scaledServiceSpecsByNodeType[nodeSpec.NodeType] - scaledServiceSpecsByNodeType[nodeSpec.NodeType] = append(scaledServiceSpec, &ServiceGroup{key: key, spec: nodeSpec}) - } - - allScaledServiceSpecs := make([]*ServiceGroup, 0, len(m.Spec.Nodes)) - - for _, t := range druidServicesOrder { - allScaledServiceSpecs = append(allScaledServiceSpecs, scaledServiceSpecsByNodeType[t]...) - } - - return allScaledServiceSpecs -} diff --git a/druid-operator/controllers/druid/ordering_test.go b/druid-operator/controllers/druid/ordering_test.go deleted file mode 100644 index 8ee1d9a2ebd4..000000000000 --- a/druid-operator/controllers/druid/ordering_test.go +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "time" - - druidv1alpha1 "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "k8s.io/apimachinery/pkg/types" -) - -// +kubebuilder:docs-gen:collapse=Imports - -/* -ordering_test -*/ -var _ = Describe("Test ordering logic", func() { - const ( - filePath = "testdata/ordering.yaml" - timeout = time.Second * 45 - interval = time.Millisecond * 250 - ) - - var ( - druid = &druidv1alpha1.Druid{} - ) - - Context("When creating a druid cluster with multiple nodes", func() { - It("Should create the druid object", func() { - By("Creating a new druid") - druidCR, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - Expect(k8sClient.Create(ctx, druidCR)).To(Succeed()) - - By("Getting a newly created druid") - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druidCR.Name, Namespace: druidCR.Namespace}, druid) - return err == nil - }, timeout, interval).Should(BeTrue()) - }) - It("Should return an ordered list of nodes", func() { - orderedServiceGroups := getNodeSpecsByOrder(druid) - Expect(orderedServiceGroups[0].key).Should(MatchRegexp("historicals")) - Expect(orderedServiceGroups[1].key).Should(MatchRegexp("historicals")) - Expect(orderedServiceGroups[2].key).Should(Equal("overlords")) - Expect(orderedServiceGroups[3].key).Should(Equal("middle-managers")) - Expect(orderedServiceGroups[4].key).Should(Equal("indexers")) - Expect(orderedServiceGroups[5].key).Should(Equal("brokers")) - Expect(orderedServiceGroups[6].key).Should(Equal("coordinators")) - Expect(orderedServiceGroups[7].key).Should(Equal("routers")) - }) - }) -}) diff --git a/druid-operator/controllers/druid/predicates.go b/druid-operator/controllers/druid/predicates.go deleted file mode 100644 index c654431ae678..000000000000 --- a/druid-operator/controllers/druid/predicates.go +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "fmt" - - "sigs.k8s.io/controller-runtime/pkg/event" - "sigs.k8s.io/controller-runtime/pkg/predicate" -) - -// All methods to implement GenericPredicates type -// GenericPredicates to be passed to manager -type GenericPredicates struct { - predicate.Funcs -} - -// create() to filter create events -func (GenericPredicates) Create(e event.CreateEvent) bool { - return IgnoreNamespacePredicate(e.Object) && IgnoreIgnoredObjectPredicate(e.Object) -} - -// update() to filter update events -func (GenericPredicates) Update(e event.UpdateEvent) bool { - return IgnoreNamespacePredicate(e.ObjectNew) && IgnoreIgnoredObjectPredicate(e.ObjectNew) -} - -func IgnoreNamespacePredicate(obj object) bool { - namespaces := getEnvAsSlice("DENY_LIST", nil, ",") - - for _, namespace := range namespaces { - if obj.GetNamespace() == namespace { - msg := fmt.Sprintf("druid operator will not re-concile namespace [%s], alter DENY_LIST to re-concile", obj.GetNamespace()) - logger.Info(msg) - return false - } - } - return true -} - -func IgnoreIgnoredObjectPredicate(obj object) bool { - if ignoredStatus := obj.GetAnnotations()[ignoredAnnotation]; ignoredStatus == "true" { - msg := fmt.Sprintf("druid operator will not re-concile ignored Druid [%s], removed annotation to re-concile", obj.GetName()) - logger.Info(msg) - return false - } - return true -} diff --git a/druid-operator/controllers/druid/status.go b/druid-operator/controllers/druid/status.go deleted file mode 100644 index e31c8292eafb..000000000000 --- a/druid-operator/controllers/druid/status.go +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "context" - "encoding/json" - "fmt" - "reflect" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -// constructor to DruidNodeTypeStatus status -// handles error -func newDruidNodeTypeStatus( - nodeConditionStatus v1.ConditionStatus, - nodeCondition v1alpha1.DruidNodeConditionType, - nodeTierOrType string, - err error) *v1alpha1.DruidNodeTypeStatus { - - var reason string - - if nodeCondition == v1alpha1.DruidClusterReady { - nodeTierOrType = "All" - reason = "All Druid Nodes are in Ready Condition" - } else if nodeCondition == v1alpha1.DruidNodeRollingUpdate { - reason = "Druid Node [" + nodeTierOrType + "] is Rolling Update" - } else if err != nil { - reason = err.Error() - nodeCondition = v1alpha1.DruidNodeErrorState - } - - return &v1alpha1.DruidNodeTypeStatus{ - DruidNode: nodeTierOrType, - DruidNodeConditionStatus: nodeConditionStatus, - DruidNodeConditionType: nodeCondition, - Reason: reason, - } - -} - -// wrapper to patch druid cluster status -func druidClusterStatusPatcher(ctx context.Context, sdk client.Client, updatedStatus v1alpha1.DruidClusterStatus, m *v1alpha1.Druid, emitEvent EventEmitter) error { - - if !reflect.DeepEqual(updatedStatus, m.Status) { - patchBytes, err := json.Marshal(map[string]v1alpha1.DruidClusterStatus{"status": updatedStatus}) - if err != nil { - return fmt.Errorf("failed to serialize status patch to bytes: %v", err) - } - _ = writers.Patch(ctx, sdk, m, m, true, client.RawPatch(types.MergePatchType, patchBytes), emitEvent) - } - return nil -} - -// In case of state change, patch the status and emit event. -// emit events only on state change, to avoid event pollution. -func druidNodeConditionStatusPatch(ctx context.Context, - updatedStatus v1alpha1.DruidClusterStatus, - sdk client.Client, - nodeSpecUniqueStr string, - m *v1alpha1.Druid, - emitEvent EventEmitter, - emptyObjFn func() object) (err error) { - - if !reflect.DeepEqual(updatedStatus.DruidNodeStatus, m.Status.DruidNodeStatus) { - - err = druidClusterStatusPatcher(ctx, sdk, updatedStatus, m, emitEvent) - if err != nil { - return err - } - - obj, err := readers.Get(ctx, sdk, nodeSpecUniqueStr, m, emptyObjFn, emitEvent) - if err != nil { - return err - } - - emitEvent.EmitEventRollingDeployWait(m, obj, nodeSpecUniqueStr) - - return nil - - } - return nil -} diff --git a/druid-operator/controllers/druid/suite_test.go b/druid-operator/controllers/druid/suite_test.go deleted file mode 100644 index 2cf48580c7cc..000000000000 --- a/druid-operator/controllers/druid/suite_test.go +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -// +kubebuilder:docs-gen:collapse=Apache License - -package druid - -import ( - "context" - "path/filepath" - "testing" - - ctrl "sigs.k8s.io/controller-runtime" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/rest" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - - druidv1alpha1 "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - //+kubebuilder:scaffold:imports -) - -// These tests use Ginkgo (BDD-style Go testing framework). Refer to -// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -// +kubebuilder:docs-gen:collapse=Imports - -// Now, let's go through the code generated. - -var ( - cfg *rest.Config - k8sClient client.Client // You'll be using this client in your tests. - testEnv *envtest.Environment - ctx context.Context - cancel context.CancelFunc - emitEvent EventEmitter -) - -func TestAPIs(t *testing.T) { - RegisterFailHandler(Fail) - - RunSpecs(t, "Controller Suite") -} - -var _ = BeforeSuite(func() { - ctrl.SetLogger(zap.New()) - - ctx, cancel = context.WithCancel(context.TODO()) - - /* - First, the envtest cluster is configured to read CRDs from the CRD directory Kubebuilder scaffolds for you. - */ - By("bootstrapping test environment") - testEnv = &envtest.Environment{ - CRDInstallOptions: envtest.CRDInstallOptions{ - Paths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, - }, - ErrorIfCRDPathMissing: true, - } - - // Then, we start the envtest cluster. - var err error - // cfg is defined in this file globally. - cfg, err = testEnv.Start() - Expect(err).NotTo(HaveOccurred()) - Expect(cfg).NotTo(BeNil()) - - err = druidv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - /* - After the schemas, you will see the following marker. - This marker is what allows new schemas to be added here automatically when a new API is added to the project. - */ - - //+kubebuilder:scaffold:scheme - - // A client is created for our test CRUD operations. - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) - Expect(err).NotTo(HaveOccurred()) - Expect(k8sClient).NotTo(BeNil()) - - k8sManager, err := ctrl.NewManager(cfg, ctrl.Options{ - Scheme: scheme.Scheme, - }) - Expect(err).ToNot(HaveOccurred()) - - err = (&DruidReconciler{ - Client: k8sManager.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("Druid"), - Scheme: k8sManager.GetScheme(), - ReconcileWait: LookupReconcileTime(), - Recorder: k8sManager.GetEventRecorderFor("druid-operator"), - }).SetupWithManager(k8sManager) - Expect(err).ToNot(HaveOccurred()) - - emitEvent = EmitEventFuncs{k8sManager.GetEventRecorderFor("druid-operator")} - - go func() { - defer GinkgoRecover() - err = k8sManager.Start(ctx) - Expect(err).ToNot(HaveOccurred(), "failed to run manager") - }() - -}) - -/* -Kubebuilder also generates boilerplate functions for cleaning up envtest and actually running your test files in your controllers/ directory. -You won't need to touch these. -*/ - -var _ = AfterSuite(func() { - cancel() - By("tearing down the test environment") - err := testEnv.Stop() - Expect(err).NotTo(HaveOccurred()) -}) diff --git a/druid-operator/controllers/druid/testdata/additional-containers.yaml b/druid-operator/controllers/druid/testdata/additional-containers.yaml deleted file mode 100644 index ddb4654b8faa..000000000000 --- a/druid-operator/controllers/druid/testdata/additional-containers.yaml +++ /dev/null @@ -1,90 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: druid.apache.org/v1alpha1 -kind: Druid -metadata: - name: additional-containers - namespace: default -spec: - image: apache/druid:25.0.0 - startScript: /druid.sh - rollingDeploy: false - additionalContainer: - - command: - - /bin/sh echo hello - containerName: cluster-level - image: hello-world - securityContext: - fsGroup: 1000 - runAsUser: 1000 - runAsGroup: 1000 - services: - - spec: - type: ClusterIP - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Djava.io.tmpdir=/druid/data - common.runtime.properties: |- - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/druid/data/derbydb/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - - # Deep Storage - druid.storage.type=local - druid.storage.storageDirectory=/druid/deepstorage - - # Service discovery - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - nodes: - brokers: - nodeType: "broker" - kind: "Deployment" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - runtime.properties: |- - druid.service=druid/broker - additionalContainer: - - command: - - /bin/sh echo hello - containerName: node-level - image: hello-world - coordinators: - nodeType: "coordinator" - druid.port: 8080 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: |- - druid.service=druid/coordinator - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - historicals: - nodeType: "historical" - druid.port: 8080 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - runtime.properties: |- - druid.service=druid/historical - druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}] - druid.server.maxSize=10737418240 diff --git a/druid-operator/controllers/druid/testdata/broker-config-map.yaml b/druid-operator/controllers/druid/testdata/broker-config-map.yaml deleted file mode 100644 index 35e1e8d55c8e..000000000000 --- a/druid-operator/controllers/druid/testdata/broker-config-map.yaml +++ /dev/null @@ -1,66 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: v1 -data: - jvm.config: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -XX:+ExitOnOutOfMemoryError - -XX:+HeapDumpOnOutOfMemoryError - -XX:+UseG1GC - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - -Xmx1G - -Xms1G - log4j2.xml: |- - - - - - - - - - - - - - - runtime.properties: |- - druid.port=8080 - druid.service=druid/broker - - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=25 - - # Processing threads and buffers - druid.processing.buffer.sizeBytes=1 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 -kind: ConfigMap -metadata: - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - name: druid-druid-test-brokers-config - namespace: test-namespace - annotations: - druidOpResourceHash: O3jmICgrTjJkMBlGlE05W7dGhA0= diff --git a/druid-operator/controllers/druid/testdata/broker-deployment.yaml b/druid-operator/controllers/druid/testdata/broker-deployment.yaml deleted file mode 100644 index 766399b2a0ba..000000000000 --- a/druid-operator/controllers/druid/testdata/broker-deployment.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: druid-druid-test-brokers - namespace: test-namespace - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - annotations: - druidOpResourceHash: nQv/LmxctTSRsI5dtBe3jvN5WM8= - kubernetes.io/cluster-scoped-annotation: "cluster" - kubernetes.io/node-scoped-annotation: "broker" - kubernetes.io/override-annotation: "node-scoped-annotation" -spec: - replicas: 2 - selector: - matchLabels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - strategy: - rollingUpdate: {} - type: RollingUpdate - template: - metadata: - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - annotations: - key1: value1 - key2: value2 - spec: - tolerations: [] - affinity: {} - priorityClassName: high-priority - containers: - - command: - - bin/run-druid.sh - - broker - image: himanshu01/druid:druid-0.12.0-1 - name: druid-druid-test-brokers - env: - - name: configMapSHA - value: blah - ports: - - containerPort: 8083 - name: random - readinessProbe: - httpGet: - path: /status - port: 8080 - livenessProbe: - httpGet: - path: /status - port: 8080 - startupProbe: - failureThreshold: 20 - httpGet: - path: /druid/broker/v1/readiness - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "4" - memory: 2Gi - requests: - cpu: "4" - memory: 2Gi - volumeMounts: - - mountPath: /druid/conf/druid/_common - readOnly: true - name: common-config-volume - - mountPath: /druid/conf/druid/broker - readOnly: true - name: nodetype-config-volume - - mountPath: /druid/data - readOnly: true - name: data-volume - securityContext: - fsGroup: 107 - runAsUser: 106 - volumes: - - configMap: - name: druid-test-druid-common-config - name: common-config-volume - - configMap: - name: druid-druid-test-brokers-config - name: nodetype-config-volume diff --git a/druid-operator/controllers/druid/testdata/broker-headless-service.yaml b/druid-operator/controllers/druid/testdata/broker-headless-service.yaml deleted file mode 100644 index 5a6c292a3b2b..000000000000 --- a/druid-operator/controllers/druid/testdata/broker-headless-service.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: v1 -kind: Service -metadata: - annotations: - druidOpResourceHash: 5zzzIiXTlupyCeyb/P8llEZN1Ag= - creationTimestamp: null - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - name: druid-druid-test-brokers - namespace: test-namespace -spec: - clusterIP: None - ports: - - name: service-port - port: 8080 - targetPort: 8080 - selector: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - type: ClusterIP -status: - loadBalancer: {} diff --git a/druid-operator/controllers/druid/testdata/broker-load-balancer-service.yaml b/druid-operator/controllers/druid/testdata/broker-load-balancer-service.yaml deleted file mode 100644 index fe09bfa6307d..000000000000 --- a/druid-operator/controllers/druid/testdata/broker-load-balancer-service.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: v1 -kind: Service -metadata: - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 - druidOpResourceHash: vQE/6DfWCQnWFVvW3KxfOLBfdlA= - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - name: broker-druid-druid-test-brokers-service - namespace: test-namespace -spec: - ports: - - name: service-port - port: 8090 - targetPort: 8080 - selector: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - type: LoadBalancer diff --git a/druid-operator/controllers/druid/testdata/broker-pod-disruption-budget.yaml b/druid-operator/controllers/druid/testdata/broker-pod-disruption-budget.yaml deleted file mode 100644 index 6507495b5237..000000000000 --- a/druid-operator/controllers/druid/testdata/broker-pod-disruption-budget.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - name: druid-druid-test-brokers - namespace: test-namespace - annotations: - druidOpResourceHash: DmYcIjqpkJs9KWZ/tfHgHPBJ/wo= -spec: - maxUnavailable: 1 - selector: - matchLabels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker diff --git a/druid-operator/controllers/druid/testdata/broker-statefulset-noprobe.yaml b/druid-operator/controllers/druid/testdata/broker-statefulset-noprobe.yaml deleted file mode 100644 index d093ae4042fd..000000000000 --- a/druid-operator/controllers/druid/testdata/broker-statefulset-noprobe.yaml +++ /dev/null @@ -1,103 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: druid-druid-test-brokers - namespace: test-namespace - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - annotations: - druidOpResourceHash: SfMSTxw3YZTBJP0JKsd5ZBiGgkI= -spec: - podManagementPolicy: Parallel - replicas: 2 - selector: - matchLabels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - serviceName: druid-druid-test-brokers - template: - metadata: - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - annotations: - key1: value1 - key2: value2 - spec: - tolerations: [] - affinity: {} - containers: - - command: - - bin/run-druid.sh - - broker - image: himanshu01/druid:druid-0.12.0-1 - name: druid-druid-test-brokers - env: - - name: configMapSHA - value: blah - ports: - - containerPort: 8083 - name: random - readinessProbe: - httpGet: - path: /status - port: 8080 - resources: - limits: - cpu: "4" - memory: 2Gi - requests: - cpu: "4" - memory: 2Gi - volumeMounts: - - mountPath: /druid/conf/druid/_common - readOnly: true - name: common-config-volume - - mountPath: /druid/conf/druid/broker - readOnly: true - name: nodetype-config-volume - - mountPath: /druid/data - readOnly: true - name: data-volume - securityContext: - fsGroup: 107 - runAsUser: 106 - volumes: - - configMap: - name: druid-test-druid-common-config - name: common-config-volume - - configMap: - name: druid-druid-test-brokers-config - name: nodetype-config-volume - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 diff --git a/druid-operator/controllers/druid/testdata/broker-statefulset-sidecar.yaml b/druid-operator/controllers/druid/testdata/broker-statefulset-sidecar.yaml deleted file mode 100644 index e2e64deb692d..000000000000 --- a/druid-operator/controllers/druid/testdata/broker-statefulset-sidecar.yaml +++ /dev/null @@ -1,143 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -EOF < /dev/nullapiVersion: apps/v1 -kind: StatefulSet -metadata: - name: druid-druid-test-brokers - namespace: test-namespace - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - annotations: - druidOpResourceHash: Q+HvxwhK3mmgnAm97GEQpeWbDv0= -spec: - podManagementPolicy: Parallel - replicas: 2 - selector: - matchLabels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - serviceName: druid-druid-test-brokers - template: - metadata: - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - annotations: - key1: value1 - key2: value2 - spec: - tolerations: [] - affinity: {} - containers: - - command: - - bin/run-druid.sh - - broker - image: apache/druid:0.22.1 - name: druid-druid-test-brokers - env: - - name: configMapSHA - value: blah - ports: - - containerPort: 8083 - name: random - readinessProbe: - httpGet: - path: /status - port: 8080 - livenessProbe: - httpGet: - path: /status - port: 8080 - startupProbe: - failureThreshold: 20 - httpGet: - path: /druid/broker/v1/readiness - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "4" - memory: 2Gi - requests: - cpu: "4" - memory: 2Gi - volumeMounts: - - mountPath: /druid/conf/druid/_common - readOnly: true - name: common-config-volume - - mountPath: /druid/conf/druid/broker - readOnly: true - name: nodetype-config-volume - - mountPath: /druid/data - readOnly: true - name: data-volume - - command: - - /bin/sidekick - image: universalforwarder-sidekick:next - name: forwarder - resources: - requests: - memory: "1Gi" - cpu: "500m" - limits: - memory: "1Gi" - cpu: "500m" - args: - - -loggingEnabled=true - - -dataCenter=dataCenter - - -environment=environment - - -application=application - - -instance=instance - - -logFiles=logFiles - securityContext: - runAsUser: 506 - imagePullPolicy: Always - volumeMounts: - - name: logstore - mountPath: /logstore - env: - - name: SAMPLE_ENV - value: SAMPLE_VALUE - securityContext: - fsGroup: 107 - runAsUser: 106 - volumes: - - configMap: - name: druid-test-druid-common-config - name: common-config-volume - - configMap: - name: druid-druid-test-brokers-config - name: nodetype-config-volume - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 diff --git a/druid-operator/controllers/druid/testdata/broker-statefulset.yaml b/druid-operator/controllers/druid/testdata/broker-statefulset.yaml deleted file mode 100644 index 15d23ef4a60a..000000000000 --- a/druid-operator/controllers/druid/testdata/broker-statefulset.yaml +++ /dev/null @@ -1,120 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: druid-druid-test-brokers - namespace: test-namespace - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - annotations: - druidOpResourceHash: LXsKmbxQkX+94LkevlKDy4wemRQ= - kubernetes.io/cluster-scoped-annotation: "cluster" - kubernetes.io/node-scoped-annotation: "broker" - kubernetes.io/override-annotation: "node-scoped-annotation" -spec: - podManagementPolicy: Parallel - replicas: 2 - selector: - matchLabels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - serviceName: druid-druid-test-brokers - template: - metadata: - labels: - app: druid - druid_cr: druid-test - nodeSpecUniqueStr: druid-druid-test-brokers - component: broker - annotations: - key1: value1 - key2: value2 - spec: - tolerations: [] - affinity: {} - priorityClassName: high-priority - containers: - - command: - - bin/run-druid.sh - - broker - image: himanshu01/druid:druid-0.12.0-1 - name: druid-druid-test-brokers - env: - - name: configMapSHA - value: blah - ports: - - containerPort: 8083 - name: random - readinessProbe: - httpGet: - path: /status - port: 8080 - livenessProbe: - httpGet: - path: /status - port: 8080 - startupProbe: - failureThreshold: 20 - httpGet: - path: /druid/broker/v1/readiness - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - resources: - limits: - cpu: "4" - memory: 2Gi - requests: - cpu: "4" - memory: 2Gi - volumeMounts: - - mountPath: /druid/conf/druid/_common - readOnly: true - name: common-config-volume - - mountPath: /druid/conf/druid/broker - readOnly: true - name: nodetype-config-volume - - mountPath: /druid/data - readOnly: true - name: data-volume - securityContext: - fsGroup: 107 - runAsUser: 106 - volumes: - - configMap: - name: druid-test-druid-common-config - name: common-config-volume - - configMap: - name: druid-druid-test-brokers-config - name: nodetype-config-volume - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 diff --git a/druid-operator/controllers/druid/testdata/common-config-map.yaml b/druid-operator/controllers/druid/testdata/common-config-map.yaml deleted file mode 100644 index 039cfdb44f7a..000000000000 --- a/druid-operator/controllers/druid/testdata/common-config-map.yaml +++ /dev/null @@ -1,82 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: v1 -data: - common.runtime.properties: | - # - # Extensions - # - druid.extensions.loadList=["druid-datasketches", "druid-s3-extensions", "postgresql-metadata-storage"] - - # - # Logging - # - # Log all runtime properties on startup. Disable to avoid logging properties on startup: - druid.startup.logging.logProperties=true - - # - # Indexing service logs - # - # Store indexing logs in an S3 bucket named 'druid-deep-storage' with the - # prefix 'druid/indexing-logs' - druid.indexer.logs.type=s3 - druid.indexer.logs.s3Bucket=mybucket - druid.indexer.logs.s3Prefix=druid/indexing-logs - - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - - # - # Monitoring - # - druid.monitoring.monitors=["com.metamx.metrics.JvmMonitor"] - druid.emitter=logging - druid.emitter.logging.logLevel=info - - # Storage type of double columns - # ommiting this will lead to index double as float at the storage layer - druid.indexing.doubleStorage=double - druid.zk.service.host=zookeeper-0.zookeeper,zookeeper-1.zookeeper,zookeeper-2.zookeeper - druid.zk.paths.base=/druid - druid.zk.service.compress=false - - druid.metadata.storage.type=postgresql - druid.metadata.storage.connector.connectURI=jdbc:postgresql://rdsaddr.us-west-2.rds.amazonaws.com:5432/druiddb - druid.metadata.storage.connector.user=iamuser - druid.metadata.storage.connector.password=changeme - druid.metadata.storage.connector.createTables=true - - druid.storage.type=s3 - druid.storage.bucket=mybucket - druid.storage.baseKey=druid/segments - druid.s3.accessKey=accesskey - druid.s3.secretKey=secretkey - metricDimensions.json: |- - { - "query/time" : { "dimensions" : ["dataSource", "type"], "type" : "timer"} - } -kind: ConfigMap -metadata: - labels: - app: druid - druid_cr: druid-test - name: druid-test-druid-common-config - namespace: test-namespace - annotations: - druidOpResourceHash: 1/BkoZEvfj+rB80LzeQeu6T7mhs= diff --git a/druid-operator/controllers/druid/testdata/druid-smoke-test-cluster.yaml b/druid-operator/controllers/druid/testdata/druid-smoke-test-cluster.yaml deleted file mode 100644 index 6ccd626b3695..000000000000 --- a/druid-operator/controllers/druid/testdata/druid-smoke-test-cluster.yaml +++ /dev/null @@ -1,268 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: "druid.apache.org/v1alpha1" -kind: "Druid" -metadata: - name: smoke-test - namespace: default -spec: - image: druidio/druid:test - # Optionally specify image for all nodes. Can be specify on nodes also - # imagePullSecrets: - # - name: tutu - defaultProbes: true - startScript: /druid.sh - podLabels: - environment: stage - release: alpha - podAnnotations: - dummykey: dummyval - readinessProbe: - httpGet: - path: /status - port: 8088 - securityContext: - fsGroup: 1000 - runAsUser: 1000 - runAsGroup: 1000 - services: - - spec: - type: ClusterIP - clusterIP: None - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - hdfs-site.xml: |- - - - - dfs.replication - 1 - - - dfs.client.use.datanode.hostname - true - - - dfs.datanode.use.datanode.hostname - true - - - core-site.xml: |- - - - - fs.defaultFS - hdfs://HOSTNAME:9000 - - - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - -Djava.io.tmpdir=/druid/data/tmp - log4j.config: |- - - - - - - - - - - - - - - common.runtime.properties: | - - # Zookeeper - - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/druid/data/derbydb/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - - # Deep Storage - druid.storage.type=local - druid.storage.storageDirectory=/druid/deepstorage - - # - # Extensions - # - druid.extensions.loadList=[""] - - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - - druid.serverview.type=http - druid.coordinator.loadqueuepeon.type=http - druid.indexer.runner.type=httpRemote - druid.indexer.logs.type=file - druid.indexer.logs.directory=/druid/data/indexing-logs - druid.lookup.enableLookupSyncOnStartup=false - metricDimensions.json: |- - { - "query/time" : { "dimensions" : ["dataSource", "type"], "type" : "timer"} - } - volumeMounts: - - mountPath: /druid/data - name: data-volume - - mountPath: /druid/deepstorage - name: deepstorage-volume - volumes: - - name: data-volume - emptyDir: {} - - name: deepstorage-volume - hostPath: - path: /tmp/druid/deepstorage - type: DirectoryOrCreate - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - nodes: - brokers: - # Optionally specify for running broker as Deployment - # kind: Deployment - nodeType: "broker" - kind: "Deployment" - # Optionally specify for broker nodes - # imagePullSecrets: - # - name: tutu - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - podDisruptionBudgetSpec: - minAvailable: 1 - hpAutoscaler: - maxReplicas: 3 - minReplicas: 1 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: druid-smoke-test-brokers - runtime.properties: | - druid.service=druid/broker - - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=10 - - # Processing threads and buffers - druid.processing.buffer.sizeBytes=1 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - druid.sql.enable=true - extra.jvm.options: |- - -Xmx512M - -Xms512M - - coordinators: - # Optionally specify for running coordinator as Deployment - # kind: Deployment - nodeType: "coordinator" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: | - druid.service=druid/coordinator - - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - - # Configure this coordinator to also run as Overlord - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - druid.indexer.queue.startDelay=PT30S - druid.indexer.runner.type=local - extra.jvm.options: |- - -Xmx512M - -Xms512M - - historicals: - nodeType: "historical" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - runtime.properties: | - druid.service=druid/historical - druid.server.http.numThreads=5 - druid.processing.buffer.sizeBytes=1 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - # Segment storage - druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}] - druid.server.maxSize=10737418240 - extra.jvm.options: |- - -Xmx512M - -Xms512M - - routers: - nodeType: "router" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/router" - replicas: 1 - ingress: - rules: - - host: broker.myhostname.com - http: - paths: - - backend: - service: - name: brokersvc - port: - name: http - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - broker.myhostname.com - secretName: tls-broker-druid-cluster - runtime.properties: | - druid.service=druid/router - - # HTTP proxy - druid.router.http.numConnections=10 - druid.router.http.readTimeout=PT5M - druid.router.http.numMaxThreads=10 - druid.server.http.numThreads=10 - - # Service discovery - druid.router.defaultBrokerServiceName=druid/broker - druid.router.coordinatorServiceName=druid/coordinator - - # Management proxy to coordinator / overlord: required for unified web console. - druid.router.managementProxy.enabled=true - extra.jvm.options: |- - -Xmx512M - -Xms512M - diff --git a/druid-operator/controllers/druid/testdata/druid-test-cr-noprobe.yaml b/druid-operator/controllers/druid/testdata/druid-test-cr-noprobe.yaml deleted file mode 100644 index 76d7a969e65f..000000000000 --- a/druid-operator/controllers/druid/testdata/druid-test-cr-noprobe.yaml +++ /dev/null @@ -1,362 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: "druid.apache.org/v1alpha1" -kind: "Druid" -metadata: - name: druid-test - namespace: test-namespace -spec: - image: himanshu01/druid:druid-0.12.0-1 - defaultProbes: false - podAnnotations: - key1: value1 - key2: value2 - securityContext: - fsGroup: 107 - runAsUser: 106 - readinessProbe: - httpGet: - path: /status - zookeeper: - type: default - spec: - properties: |- - druid.zk.service.host=zookeeper-0.zookeeper,zookeeper-1.zookeeper,zookeeper-2.zookeeper - druid.zk.paths.base=/druid - druid.zk.service.compress=false - metadataStore: - type: default - spec: - properties: |- - druid.metadata.storage.type=postgresql - druid.metadata.storage.connector.connectURI=jdbc:postgresql://rdsaddr.us-west-2.rds.amazonaws.com:5432/druiddb - druid.metadata.storage.connector.user=iamuser - druid.metadata.storage.connector.password=changeme - druid.metadata.storage.connector.createTables=true - deepStorage: - type: default - spec: - properties: |- - druid.storage.type=s3 - druid.storage.bucket=mybucket - druid.storage.baseKey=druid/segments - druid.s3.accessKey=accesskey - druid.s3.secretKey=secretkey - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -XX:+ExitOnOutOfMemoryError - -XX:+HeapDumpOnOutOfMemoryError - -XX:+UseG1GC - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - log4j.config: |- - - - - - - - - - - - - - - common.runtime.properties: |- - # - # Extensions - # - druid.extensions.loadList=["druid-datasketches", "druid-s3-extensions", "postgresql-metadata-storage"] - - # - # Logging - # - # Log all runtime properties on startup. Disable to avoid logging properties on startup: - druid.startup.logging.logProperties=true - - # - # Indexing service logs - # - # Store indexing logs in an S3 bucket named 'druid-deep-storage' with the - # prefix 'druid/indexing-logs' - druid.indexer.logs.type=s3 - druid.indexer.logs.s3Bucket=mybucket - druid.indexer.logs.s3Prefix=druid/indexing-logs - - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - - # - # Monitoring - # - druid.monitoring.monitors=["com.metamx.metrics.JvmMonitor"] - druid.emitter=logging - druid.emitter.logging.logLevel=info - - # Storage type of double columns - # ommiting this will lead to index double as float at the storage layer - druid.indexing.doubleStorage=double - metricDimensions.json: |- - { - "query/time" : { "dimensions" : ["dataSource", "type"], "type" : "timer"} - } - nodes: - brokers: - nodeType: "broker" - services: - - spec: - type: ClusterIP - clusterIP: None - - metadata: - name: broker-%s-service - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 - spec: - type: LoadBalancer - ports: - - name: service-port - port: 8090 - targetPort: 8080 - druid.port: 8080 - replicas: 2 - podDisruptionBudgetSpec: - maxUnavailable: 1 - ports: - - name: random - containerPort: 8083 - runtime.properties: |- - druid.service=druid/broker - - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=25 - - # Processing threads and buffers - druid.processing.buffer.sizeBytes=1 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - readOnly: true - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - coordinators: - nodeType: "coordinator" - druid.port: 8080 - replicas: 1 - ports: - - name: random - containerPort: 8083 - runtime.properties: |- - druid.service=druid/coordinator - - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - historicals: - nodeType: "historical" - druid.port: 8080 - replicas: 2 - ports: - - name: random - containerPort: 8084 - runtime.properties: |- - druid.service=druid/historical - druid.server.http.numThreads=10 - druid.processing.buffer.sizeBytes=268435456 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - # Segment storage - druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}] - druid.server.maxSize=10737418240 - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - overlords: - nodeType: "overlord" - druid.port: 8080 - replicas: 1 - ports: - - name: random - containerPort: 8083 - runtime.properties: |- - druid.service=druid/overlord - - # HTTP server threads - druid.indexer.queue.startDelay=PT30S - druid.indexer.runner.type=remote - druid.indexer.storage.type=metadata - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - middlemanagers: - nodeType: "middleManager" - druid.port: 8080 - replicas: 1 - ports: - - name: peon-0-pt - containerPort: 8100 - - name: peon-1-pt - containerPort: 8101 - - name: peon-2-pt - containerPort: 8102 - - name: peon-3-pt - containerPort: 8103 - - name: peon-4-pt - containerPort: 8104 - - name: peon-5-pt - containerPort: 8105 - - name: peon-6-pt - containerPort: 8106 - - name: peon-7-pt - containerPort: 8107 - - name: peon-8-pt - containerPort: 8108 - - name: peon-9-pt - containerPort: 8109 - - runtime.properties: |- - druid.service=druid/middleManager - druid.worker.capacity=1 - druid.indexer.runner.javaOpts=-server -XX:MaxDirectMemorySize=10240g -Duser.timezone=UTC -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/druid/data/tmp -Dlog4j.debug -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCApplicationStoppedTime -XX:+PrintGCApplicationConcurrentTime -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=50 -XX:GCLogFileSize=10m -XX:+ExitOnOutOfMemoryError -XX:+HeapDumpOnOutOfMemoryError -XX:+UseG1GC -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Xloggc:/druid/data/logs/peon.gc.%t.%p.log -XX:HeapDumpPath=/druid/data/logs/peon.%t.%p.hprof -Xms1G -Xmx1G - druid.indexer.task.baseTaskDir=/druid/data/baseTaskDir - druid.server.http.numThreads=10 - druid.indexer.fork.property.druid.processing.buffer.sizeBytes=268435456 - druid.indexer.fork.property.druid.processing.numMergeBuffers=1 - druid.indexer.fork.property.druid.processing.numThreads=1 - druid.indexer.task.hadoopWorkingPath=/druid/data/hadoop-working-path - druid.indexer.task.defaultHadoopCoordinates=[\"org.apache.hadoop:hadoop-client:2.7.3\"] - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "3Gi" - cpu: "4" - limits: - memory: "3Gi" - cpu: "4" diff --git a/druid-operator/controllers/druid/testdata/druid-test-cr-sidecar.yaml b/druid-operator/controllers/druid/testdata/druid-test-cr-sidecar.yaml deleted file mode 100644 index ae606b35504b..000000000000 --- a/druid-operator/controllers/druid/testdata/druid-test-cr-sidecar.yaml +++ /dev/null @@ -1,393 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: "druid.apache.org/v1alpha1" -kind: "Druid" -metadata: - name: druid-test - namespace: test-namespace -spec: - image: apache/druid:0.22.1 - defaultProbes: true - podAnnotations: - key1: value1 - key2: value2 - securityContext: - fsGroup: 107 - runAsUser: 106 - readinessProbe: - httpGet: - path: /status - additionalContainer: - - image: universalforwarder-sidekick:next - containerName: forwarder - command: - - /bin/sidekick - imagePullPolicy: Always - securityContext: - runAsUser: 506 - volumeMounts: - - name: logstore - mountPath: /logstore - env: - - name: SAMPLE_ENV - value: SAMPLE_VALUE - resources: - requests: - memory: "1Gi" - cpu: "500m" - limits: - memory: "1Gi" - cpu: "500m" - args: - - -loggingEnabled=true - - -dataCenter=dataCenter - - -environment=environment - - -application=application - - -instance=instance - - -logFiles=logFiles - zookeeper: - type: default - spec: - properties: |- - druid.zk.service.host=zookeeper-0.zookeeper,zookeeper-1.zookeeper,zookeeper-2.zookeeper - druid.zk.paths.base=/druid - druid.zk.service.compress=false - metadataStore: - type: default - spec: - properties: |- - druid.metadata.storage.type=postgresql - druid.metadata.storage.connector.connectURI=jdbc:postgresql://rdsaddr.us-west-2.rds.amazonaws.com:5432/druiddb - druid.metadata.storage.connector.user=iamuser - druid.metadata.storage.connector.password=changeme - druid.metadata.storage.connector.createTables=true - deepStorage: - type: default - spec: - properties: |- - druid.storage.type=s3 - druid.storage.bucket=mybucket - druid.storage.baseKey=druid/segments - druid.s3.accessKey=accesskey - druid.s3.secretKey=secretkey - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -XX:+ExitOnOutOfMemoryError - -XX:+HeapDumpOnOutOfMemoryError - -XX:+UseG1GC - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - log4j.config: |- - - - - - - - - - - - - - - common.runtime.properties: |- - # - # Extensions - # - druid.extensions.loadList=["druid-datasketches", "druid-s3-extensions", "postgresql-metadata-storage"] - - # - # Logging - # - # Log all runtime properties on startup. Disable to avoid logging properties on startup: - druid.startup.logging.logProperties=true - - # - # Indexing service logs - # - # Store indexing logs in an S3 bucket named 'druid-deep-storage' with the - # prefix 'druid/indexing-logs' - druid.indexer.logs.type=s3 - druid.indexer.logs.s3Bucket=mybucket - druid.indexer.logs.s3Prefix=druid/indexing-logs - - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - - # - # Monitoring - # - druid.monitoring.monitors=["com.metamx.metrics.JvmMonitor"] - druid.emitter=logging - druid.emitter.logging.logLevel=info - - # Storage type of double columns - # ommiting this will lead to index double as float at the storage layer - druid.indexing.doubleStorage=double - metricDimensions.json: |- - { - "query/time" : { "dimensions" : ["dataSource", "type"], "type" : "timer"} - } - nodes: - brokers: - nodeType: "broker" - services: - - spec: - type: ClusterIP - clusterIP: None - - metadata: - name: broker-%s-service - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 - spec: - type: LoadBalancer - ports: - - name: service-port - port: 8090 - targetPort: 8080 - druid.port: 8080 - replicas: 2 - podDisruptionBudgetSpec: - maxUnavailable: 1 - livenessProbe: - httpGet: - path: /status - ports: - - name: random - containerPort: 8083 - runtime.properties: |- - druid.service=druid/broker - - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=25 - - # Processing threads and buffers - druid.processing.buffer.sizeBytes=1 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - readOnly: true - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - coordinators: - nodeType: "coordinator" - druid.port: 8080 - replicas: 1 - ports: - - name: random - containerPort: 8083 - runtime.properties: |- - druid.service=druid/coordinator - - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - historicals: - nodeType: "historical" - druid.port: 8080 - replicas: 2 - ports: - - name: random - containerPort: 8084 - runtime.properties: |- - druid.service=druid/historical - druid.server.http.numThreads=10 - druid.processing.buffer.sizeBytes=268435456 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - # Segment storage - druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}] - druid.server.maxSize=10737418240 - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - overlords: - nodeType: "overlord" - druid.port: 8080 - replicas: 1 - ports: - - name: random - containerPort: 8083 - runtime.properties: |- - druid.service=druid/overlord - - # HTTP server threads - druid.indexer.queue.startDelay=PT30S - druid.indexer.runner.type=remote - druid.indexer.storage.type=metadata - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - middlemanagers: - nodeType: "middleManager" - druid.port: 8080 - replicas: 1 - ports: - - name: peon-0-pt - containerPort: 8100 - - name: peon-1-pt - containerPort: 8101 - - name: peon-2-pt - containerPort: 8102 - - name: peon-3-pt - containerPort: 8103 - - name: peon-4-pt - containerPort: 8104 - - name: peon-5-pt - containerPort: 8105 - - name: peon-6-pt - containerPort: 8106 - - name: peon-7-pt - containerPort: 8107 - - name: peon-8-pt - containerPort: 8108 - - name: peon-9-pt - containerPort: 8109 - - runtime.properties: |- - druid.service=druid/middleManager - druid.worker.capacity=1 - druid.indexer.runner.javaOpts=-server -XX:MaxDirectMemorySize=10240g -Duser.timezone=UTC -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/druid/data/tmp -Dlog4j.debug -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCApplicationStoppedTime -XX:+PrintGCApplicationConcurrentTime -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=50 -XX:GCLogFileSize=10m -XX:+ExitOnOutOfMemoryError -XX:+HeapDumpOnOutOfMemoryError -XX:+UseG1GC -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Xloggc:/druid/data/logs/peon.gc.%t.%p.log -XX:HeapDumpPath=/druid/data/logs/peon.%t.%p.hprof -Xms1G -Xmx1G - druid.indexer.task.baseTaskDir=/druid/data/baseTaskDir - druid.server.http.numThreads=10 - druid.indexer.fork.property.druid.processing.buffer.sizeBytes=268435456 - druid.indexer.fork.property.druid.processing.numMergeBuffers=1 - druid.indexer.fork.property.druid.processing.numThreads=1 - druid.indexer.task.hadoopWorkingPath=/druid/data/hadoop-working-path - druid.indexer.task.defaultHadoopCoordinates=[\"org.apache.hadoop:hadoop-client:2.7.3\"] - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "3Gi" - cpu: "4" - limits: - memory: "3Gi" - cpu: "4" diff --git a/druid-operator/controllers/druid/testdata/druid-test-cr.yaml b/druid-operator/controllers/druid/testdata/druid-test-cr.yaml deleted file mode 100644 index 0d7b4e3fc848..000000000000 --- a/druid-operator/controllers/druid/testdata/druid-test-cr.yaml +++ /dev/null @@ -1,378 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: "druid.apache.org/v1alpha1" -kind: "Druid" -metadata: - name: druid-test - namespace: test-namespace -spec: - image: himanshu01/druid:druid-0.12.0-1 - defaultProbes: true - priorityClassName: high-priority - workloadAnnotations: - kubernetes.io/cluster-scoped-annotation: "cluster" - kubernetes.io/override-annotation: "cluster-scoped-annotation" - podAnnotations: - key1: value1 - key2: value2 - securityContext: - fsGroup: 107 - runAsUser: 106 - readinessProbe: - httpGet: - path: /status - zookeeper: - type: default - spec: - properties: |- - druid.zk.service.host=zookeeper-0.zookeeper,zookeeper-1.zookeeper,zookeeper-2.zookeeper - druid.zk.paths.base=/druid - druid.zk.service.compress=false - metadataStore: - type: default - spec: - properties: |- - druid.metadata.storage.type=postgresql - druid.metadata.storage.connector.connectURI=jdbc:postgresql://rdsaddr.us-west-2.rds.amazonaws.com:5432/druiddb - druid.metadata.storage.connector.user=iamuser - druid.metadata.storage.connector.password=changeme - druid.metadata.storage.connector.createTables=true - deepStorage: - type: default - spec: - properties: |- - druid.storage.type=s3 - druid.storage.bucket=mybucket - druid.storage.baseKey=druid/segments - druid.s3.accessKey=accesskey - druid.s3.secretKey=secretkey - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -XX:+ExitOnOutOfMemoryError - -XX:+HeapDumpOnOutOfMemoryError - -XX:+UseG1GC - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - log4j.config: |- - - - - - - - - - - - - - - common.runtime.properties: |- - # - # Extensions - # - druid.extensions.loadList=["druid-datasketches", "druid-s3-extensions", "postgresql-metadata-storage"] - - # - # Logging - # - # Log all runtime properties on startup. Disable to avoid logging properties on startup: - druid.startup.logging.logProperties=true - - # - # Indexing service logs - # - # Store indexing logs in an S3 bucket named 'druid-deep-storage' with the - # prefix 'druid/indexing-logs' - druid.indexer.logs.type=s3 - druid.indexer.logs.s3Bucket=mybucket - druid.indexer.logs.s3Prefix=druid/indexing-logs - - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - - # - # Monitoring - # - druid.monitoring.monitors=["com.metamx.metrics.JvmMonitor"] - druid.emitter=logging - druid.emitter.logging.logLevel=info - - # Storage type of double columns - # ommiting this will lead to index double as float at the storage layer - druid.indexing.doubleStorage=double - metricDimensions.json: |- - { - "query/time" : { "dimensions" : ["dataSource", "type"], "type" : "timer"} - } - nodes: - brokers: - nodeType: "broker" - workloadAnnotations: - kubernetes.io/node-scoped-annotation: "broker" - kubernetes.io/override-annotation: "node-scoped-annotation" - services: - - spec: - type: ClusterIP - clusterIP: None - - metadata: - name: broker-%s-service - annotations: - service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0 - spec: - type: LoadBalancer - ports: - - name: service-port - port: 8090 - targetPort: 8080 - druid.port: 8080 - replicas: 2 - podDisruptionBudgetSpec: - maxUnavailable: 1 - livenessProbe: - httpGet: - path: /status - ports: - - name: random - containerPort: 8083 - runtime.properties: |- - druid.service=druid/broker - - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=25 - - # Processing threads and buffers - druid.processing.buffer.sizeBytes=1 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - readOnly: true - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - coordinators: - nodeType: "coordinator" - druid.port: 8080 - replicas: 1 - ports: - - name: random - containerPort: 8083 - runtime.properties: |- - druid.service=druid/coordinator - - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - historicals: - nodeType: "historical" - druid.port: 8080 - replicas: 2 - ports: - - name: random - containerPort: 8084 - runtime.properties: |- - druid.service=druid/historical - druid.server.http.numThreads=10 - druid.processing.buffer.sizeBytes=268435456 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - # Segment storage - druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}] - druid.server.maxSize=10737418240 - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - overlords: - nodeType: "overlord" - druid.port: 8080 - replicas: 1 - ports: - - name: random - containerPort: 8083 - runtime.properties: |- - druid.service=druid/overlord - - # HTTP server threads - druid.indexer.queue.startDelay=PT30S - druid.indexer.runner.type=remote - druid.indexer.storage.type=metadata - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "2Gi" - cpu: "4" - limits: - memory: "2Gi" - cpu: "4" - - middlemanagers: - nodeType: "middleManager" - druid.port: 8080 - replicas: 1 - ports: - - name: peon-0-pt - containerPort: 8100 - - name: peon-1-pt - containerPort: 8101 - - name: peon-2-pt - containerPort: 8102 - - name: peon-3-pt - containerPort: 8103 - - name: peon-4-pt - containerPort: 8104 - - name: peon-5-pt - containerPort: 8105 - - name: peon-6-pt - containerPort: 8106 - - name: peon-7-pt - containerPort: 8107 - - name: peon-8-pt - containerPort: 8108 - - name: peon-9-pt - containerPort: 8109 - - runtime.properties: |- - druid.service=druid/middleManager - druid.worker.capacity=1 - druid.indexer.runner.javaOpts=-server -XX:MaxDirectMemorySize=10240g -Duser.timezone=UTC -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/druid/data/tmp -Dlog4j.debug -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCApplicationStoppedTime -XX:+PrintGCApplicationConcurrentTime -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=50 -XX:GCLogFileSize=10m -XX:+ExitOnOutOfMemoryError -XX:+HeapDumpOnOutOfMemoryError -XX:+UseG1GC -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Xloggc:/druid/data/logs/peon.gc.%t.%p.log -XX:HeapDumpPath=/druid/data/logs/peon.%t.%p.hprof -Xms1G -Xmx1G - druid.indexer.task.baseTaskDir=/druid/data/baseTaskDir - druid.server.http.numThreads=10 - druid.indexer.fork.property.druid.processing.buffer.sizeBytes=268435456 - druid.indexer.fork.property.druid.processing.numMergeBuffers=1 - druid.indexer.fork.property.druid.processing.numThreads=1 - druid.indexer.task.hadoopWorkingPath=/druid/data/hadoop-working-path - druid.indexer.task.defaultHadoopCoordinates=[\"org.apache.hadoop:hadoop-client:2.7.3\"] - extra.jvm.options: |- - -Xmx1G - -Xms1G - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - volumeMounts: - - mountPath: /druid/data - name: data-volume - resources: - requests: - memory: "3Gi" - cpu: "4" - limits: - memory: "3Gi" - cpu: "4" - dnsPolicy: ClusterFirst - dnsConfig: - nameservers: - - 10.0.0.53 - searches: - - example.local diff --git a/druid-operator/controllers/druid/testdata/finalizers.yaml b/druid-operator/controllers/druid/testdata/finalizers.yaml deleted file mode 100644 index 33fb0a1c1fca..000000000000 --- a/druid-operator/controllers/druid/testdata/finalizers.yaml +++ /dev/null @@ -1,85 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: druid.apache.org/v1alpha1 -kind: Druid -metadata: - name: finalizers - namespace: default -spec: - image: apache/druid:25.0.0 - startScript: /druid.sh - rollingDeploy: false - securityContext: - fsGroup: 1000 - runAsUser: 1000 - runAsGroup: 1000 - services: - - spec: - type: ClusterIP - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Djava.io.tmpdir=/druid/data - common.runtime.properties: |- - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/druid/data/derbydb/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - - # Deep Storage - druid.storage.type=local - druid.storage.storageDirectory=/druid/deepstorage - - # Service discovery - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - nodes: - brokers: - nodeType: "broker" - kind: "Deployment" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - runtime.properties: |- - druid.service=druid/broker - additionalContainer: - - command: - - /bin/sh echo hello - containerName: node-level - image: hello-world - coordinators: - nodeType: "coordinator" - druid.port: 8080 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: |- - druid.service=druid/coordinator - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - historicals: - nodeType: "historical" - druid.port: 8080 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - runtime.properties: |- - druid.service=druid/historical - druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}] - druid.server.maxSize=10737418240 diff --git a/druid-operator/controllers/druid/testdata/ordering.yaml b/druid-operator/controllers/druid/testdata/ordering.yaml deleted file mode 100644 index 4388e21cb516..000000000000 --- a/druid-operator/controllers/druid/testdata/ordering.yaml +++ /dev/null @@ -1,134 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -EOF < /dev/nullapiVersion: druid.apache.org/v1alpha1 -kind: Druid -metadata: - name: ordering - namespace: default -spec: - image: apache/druid:25.0.0 - startScript: /druid.sh - rollingDeploy: false - securityContext: - fsGroup: 1000 - runAsUser: 1000 - runAsGroup: 1000 - services: - - spec: - type: ClusterIP - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Djava.io.tmpdir=/druid/data - common.runtime.properties: |- - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/druid/data/derbydb/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - - # Deep Storage - druid.storage.type=local - druid.storage.storageDirectory=/druid/deepstorage - - # Service discovery - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - nodes: - indexers: - nodeType: "indexer" - druid.port: 8080 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/indexers" - replicas: 1 - runtime.properties: |- - druid.service=druid/indexer - brokers: - nodeType: "broker" - kind: "Deployment" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - runtime.properties: |- - druid.service=druid/broker - additionalContainer: - - command: - - /bin/sh echo hello - containerName: node-level - image: hello-world - historicals2: - nodeType: "historical" - druid.port: 8080 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - runtime.properties: |- - druid.service=druid/historical - druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}] - druid.server.maxSize=10737418240 - routers: - nodeType: "router" - kind: "Deployment" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/router" - replicas: 1 - runtime.properties: | - # General - druid.service=druid/router - # Service discovery - druid.router.defaultBrokerServiceName=druid/broker - druid.router.coordinatorServiceName=druid/coordinator - # Management proxy to coordinator / overlord: required for unified web console. - druid.router.managementProxy.enabled=true - coordinators: - nodeType: "coordinator" - druid.port: 8080 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: |- - druid.service=druid/coordinator - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - middle-managers: - nodeType: "middleManager" - kind: "Deployment" - druid.port: 8091 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/middleManager" - replicas: 1 - runtime.properties: | - # Caching - druid.realtime.cache.useCache=true - druid.realtime.cache.populateCache=true - druid.indexer.runner.javaOptsArray=["-server","-Duser.timezone=UTC","-Dfile.encoding=UTF-8","-XX:+ExitOnOutOfMemoryError","-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager","--add-exports=java.base/jdk.internal.ref=ALL-UNNAMED","--add-exports=java.base/jdk.internal.misc=ALL-UNNAMED","--add-opens=java.base/java.lang=ALL-UNNAMED","--add-opens=java.base/java.io=ALL-UNNAMED","--add-opens=java.base/java.nio=ALL-UNNAMED","--add-opens=java.base/jdk.internal.ref=ALL-UNNAMED","--add-opens=java.base/sun.nio.ch=ALL-UNNAMED"] - druid.indexer.task.restoreTasksOnRestart=true - historicals: - nodeType: "historical" - druid.port: 8080 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - runtime.properties: |- - druid.service=druid/historical - druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}] - druid.server.maxSize=10737418240 - overlords: - nodeType: "overlord" - druid.port: 8080 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/overlord" - replicas: 1 - runtime.properties: |- - druid.service=druid/overlord diff --git a/druid-operator/controllers/druid/testdata/volume-expansion.yaml b/druid-operator/controllers/druid/testdata/volume-expansion.yaml deleted file mode 100644 index c0d99a5e15ea..000000000000 --- a/druid-operator/controllers/druid/testdata/volume-expansion.yaml +++ /dev/null @@ -1,99 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: druid.apache.org/v1alpha1 -kind: Druid -metadata: - name: volume-expansion - namespace: default -spec: - image: apache/druid:25.0.0 - startScript: /druid.sh - rollingDeploy: false - securityContext: - fsGroup: 1000 - runAsUser: 1000 - runAsGroup: 1000 - services: - - spec: - type: ClusterIP - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Djava.io.tmpdir=/druid/data - common.runtime.properties: |- - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/druid/data/derbydb/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - - # Deep Storage - druid.storage.type=local - druid.storage.storageDirectory=/druid/deepstorage - - # Service discovery - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - nodes: - brokers: - nodeType: "broker" - kind: "Deployment" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - runtime.properties: |- - druid.service=druid/broker - additionalContainer: - - command: - - /bin/sh echo hello - containerName: node-level - image: hello-world - coordinators: - nodeType: "coordinator" - druid.port: 8080 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: |- - druid.service=druid/coordinator - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - historicals: - nodeType: "historical" - kind: "StatefulSet" - druid.port: 8080 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - runtime.properties: |- - druid.service=druid/historical - druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}] - druid.server.maxSize=10737418240 - volumeMounts: - - mountPath: /druid/data - name: data-volume - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - storageClassName: default - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10M diff --git a/druid-operator/controllers/druid/types.go b/druid-operator/controllers/druid/types.go deleted file mode 100644 index 666fae1e113f..000000000000 --- a/druid-operator/controllers/druid/types.go +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -const ( - ignoredAnnotation = "druid.apache.org/ignored" - - broker = "broker" - coordinator = "coordinator" - overlord = "overlord" - middleManager = "middleManager" - indexer = "indexer" - historical = "historical" - router = "router" -) diff --git a/druid-operator/controllers/druid/util.go b/druid-operator/controllers/druid/util.go deleted file mode 100644 index a9b4feacd14f..000000000000 --- a/druid-operator/controllers/druid/util.go +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "encoding/json" - "fmt" - "os" - "reflect" - "strconv" - "strings" - "time" -) - -func firstNonEmptyStr(s1 string, s2 string) string { - if len(s1) > 0 { - return s1 - } else { - return s2 - } -} - -// Note that all the arguments passed to this function must have zero value of Nil. -func firstNonNilValue(v1, v2 interface{}) interface{} { - if !reflect.ValueOf(v1).IsNil() { - return v1 - } else { - return v2 - } -} - -// lookup DENY_LIST, default is nil -func getDenyListEnv(key string, defaultVal string) string { - if value, exists := os.LookupEnv(key); exists { - return value - } - return defaultVal -} - -// pass slice of strings for namespaces -func getEnvAsSlice(name string, defaultVal []string, sep string) []string { - valStr := getDenyListEnv(name, "") - if valStr == "" { - return defaultVal - } - // split on "," - val := strings.Split(valStr, sep) - return val -} - -func ContainsString(slice []string, s string) bool { - for _, item := range slice { - if item == s { - return true - } - } - return false -} - -func RemoveString(slice []string, s string) (result []string) { - for _, item := range slice { - if item == s { - continue - } - result = append(result, item) - } - return -} - -// returns pointer to bool -func boolFalse() *bool { - bool := false - return &bool -} - -// to be used in max concurrent reconciles only -// defaulting to return 1 -func Str2Int(s string) int { - i, err := strconv.Atoi(s) - if err != nil { - return 1 - } - return i -} - -func IsEqualJson(s1, s2 string) (bool, error) { - var o1 interface{} - var o2 interface{} - - var err error - err = json.Unmarshal([]byte(s1), &o1) - if err != nil { - return false, fmt.Errorf("error mashalling string 1 :: %s", err.Error()) - } - err = json.Unmarshal([]byte(s2), &o2) - if err != nil { - return false, fmt.Errorf("error mashalling string 2 :: %s", err.Error()) - } - - return reflect.DeepEqual(o1, o2), nil -} - -// to find the time difference between two epoch times -func timeDifference(epochTime1, epochTime2 int64) int64 { - t1 := time.Unix(epochTime1, 0) - t2 := time.Unix(epochTime2, 0) - - diff := time.Duration(t2.Sub(t1)) - return int64(diff.Seconds()) -} - -func containsString(all []string, string string) bool { - for _, s := range all { - if s == string { - return true - } - } - - return false -} - -func hasDuplicateString(slice []string) (bool, string) { - seen := make(map[string]bool) - for _, s := range slice { - if seen[s] { - return true, s - } - seen[s] = true - } - return false, "" -} diff --git a/druid-operator/controllers/druid/util_test.go b/druid-operator/controllers/druid/util_test.go deleted file mode 100644 index 512a886679de..000000000000 --- a/druid-operator/controllers/druid/util_test.go +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "encoding/json" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - v1 "k8s.io/api/core/v1" - - druidv1alpha1 "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" -) - -// +kubebuilder:docs-gen:collapse=Imports - -/* -util test -*/ -var _ = Describe("Test util", func() { - Context("When testing util", func() { - It("should test first non nil value", func() { - var js = []byte(` - { - "image": "apache/druid:25.0.0", - "securityContext": { "fsGroup": 107, "runAsUser": 106 }, - "env": [{ "name": "k", "value": "v" }], - "nodes": - { - "brokers": { - "nodeType": "broker", - "druid.port": 8080, - "replicas": 2 - } - } - }`) - - clusterSpec := druidv1alpha1.DruidSpec{} - Expect(json.Unmarshal(js, &clusterSpec)).Should(BeNil()) - - By("By testing first non nil value of PodSecurityContext.RunAsUser") - x := firstNonNilValue(clusterSpec.Nodes["brokers"].PodSecurityContext, clusterSpec.PodSecurityContext).(*v1.PodSecurityContext) - Expect(*x.RunAsUser).Should(Equal(int64(106))) - - By("By testing first non nil value of Env.Name") - y := firstNonNilValue(clusterSpec.Nodes["brokers"].Env, clusterSpec.Env).([]v1.EnvVar) - Expect(y[0].Name).Should(Equal("k")) - }) - - It("should test first non empty string", func() { - By("By testing first non empty string 1") - Expect(firstNonEmptyStr("a", "b")).Should(Equal("a")) - - By("By testing first non empty string 2") - Expect(firstNonEmptyStr("", "b")).Should(Equal("b")) - }) - - It("should test contains string", func() { - By("By testing contains string") - Expect(ContainsString([]string{"a", "b"}, "a")).Should(BeTrue()) - }) - - It("should test removes string", func() { - By("By testing removes string") - rs := RemoveString([]string{"a", "b"}, "a") - Expect(rs).Should(Not(ConsistOf("a"))) - }) - - }) -}) diff --git a/druid-operator/controllers/druid/volume_expansion.go b/druid-operator/controllers/druid/volume_expansion.go deleted file mode 100644 index ffd519652b96..000000000000 --- a/druid-operator/controllers/druid/volume_expansion.go +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "context" - "errors" - "fmt" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - appsv1 "k8s.io/api/apps/v1" - v1 "k8s.io/api/core/v1" - storage "k8s.io/api/storage/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -func validateVolumeClaimTemplateSpec(drd *v1alpha1.Druid) error { - for _, nodeSpec := range drd.Spec.Nodes { - if nodeSpec.Kind == "StatefulSet" { - if err := validateNodeVolumeClaimTemplateSpec(&nodeSpec); err != nil { - return err - } - } - } - return nil -} - -func validateNodeVolumeClaimTemplateSpec(nodeSpec *v1alpha1.DruidNodeSpec) error { - for _, vct := range nodeSpec.VolumeClaimTemplates { - if vct.Spec.StorageClassName == nil || *vct.Spec.StorageClassName == "" { - return fmt.Errorf("node group %s has volume claim template without storage class which is not allowed: %s", - nodeSpec.NodeType, vct.Name) - } - } - return nil -} - -func expandStatefulSetVolumes(ctx context.Context, sdk client.Client, m *v1alpha1.Druid, - nodeSpec *v1alpha1.DruidNodeSpec, emitEvent EventEmitter, nodeSpecUniqueStr string) error { - - isEnabled, err := isVolumeExpansionEnabled(ctx, sdk, m, nodeSpec, emitEvent) - if err != nil { - return err - } - - if isEnabled { - err := scalePVCForSts(ctx, sdk, nodeSpec, nodeSpecUniqueStr, m, emitEvent) - if err != nil { - return err - } - } - - return nil -} - -func isVolumeExpansionEnabled(ctx context.Context, sdk client.Client, m *v1alpha1.Druid, nodeSpec *v1alpha1.DruidNodeSpec, emitEvent EventEmitter) (bool, error) { - - for _, nodeVCT := range nodeSpec.VolumeClaimTemplates { - if nodeVCT.Spec.StorageClassName == nil { - err := errors.New("StorageClassName does not exists") - logger.WithValues("NodeType", nodeSpec.NodeType, "VolumeClaimTemplate", nodeVCT.Name). - Error(err, "storageClassName does not exists in spec") - return false, err - } - sc, err := readers.Get(ctx, sdk, *nodeVCT.Spec.StorageClassName, m, func() object { return &storage.StorageClass{} }, emitEvent) - if err != nil { - return false, err - } - - if sc.(*storage.StorageClass).AllowVolumeExpansion != boolFalse() { - return true, nil - } - } - return false, nil -} - -// scalePVCForSts shall expand the StatefulSet's VolumeClaimTemplates size as well as N no of pvc supported by the sts. -func scalePVCForSts(ctx context.Context, sdk client.Client, nodeSpec *v1alpha1.DruidNodeSpec, nodeSpecUniqueStr string, drd *v1alpha1.Druid, emitEvent EventEmitter) error { - - getSTSList, err := readers.List(ctx, sdk, drd, makeLabelsForDruid(drd), emitEvent, func() objectList { return &appsv1.StatefulSetList{} }, func(listObj runtime.Object) []object { - items := listObj.(*appsv1.StatefulSetList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }) - if err != nil { - return nil - } - - // Dont proceed unless all statefulsets are up and running. - // This can cause the go routine to panic - - for _, sts := range getSTSList { - if sts.(*appsv1.StatefulSet).Status.Replicas != sts.(*appsv1.StatefulSet).Status.ReadyReplicas { - return nil - } - } - - // return nil, in case return err the program halts since sts would not be able - // we would like the operator to create sts. - sts, err := readers.Get(ctx, sdk, nodeSpecUniqueStr, drd, func() object { return &appsv1.StatefulSet{} }, emitEvent) - if err != nil { - return nil - } - - pvcLabels := map[string]string{ - "nodeSpecUniqueStr": nodeSpecUniqueStr, - } - - pvcList, err := readers.List(ctx, sdk, drd, pvcLabels, emitEvent, func() objectList { return &v1.PersistentVolumeClaimList{} }, func(listObj runtime.Object) []object { - items := listObj.(*v1.PersistentVolumeClaimList).Items - result := make([]object, len(items)) - for i := 0; i < len(items); i++ { - result[i] = &items[i] - } - return result - }) - if err != nil { - return nil - } - - desVolumeClaimTemplateSize, currVolumeClaimTemplateSize, pvcSize := getVolumeClaimTemplateSizes(sts, nodeSpec, pvcList) - - // current number of PVC can't be less than desired number of pvc - if len(pvcSize) < len(desVolumeClaimTemplateSize) { - return nil - } - - // iterate over array for matching each index in desVolumeClaimTemplateSize, currVolumeClaimTemplateSize and pvcSize - for i := range desVolumeClaimTemplateSize { - - // Validate Request, shrinking of pvc not supported - // desired size cant be less than current size - // in that case re-create sts/pvc which is a user execute manual step - - desiredSize, _ := desVolumeClaimTemplateSize[i].AsInt64() - currentSize, _ := currVolumeClaimTemplateSize[i].AsInt64() - - if desiredSize < currentSize { - e := fmt.Errorf("Request for Shrinking of sts pvc size [sts:%s] in [namespace:%s] is not Supported", sts.(*appsv1.StatefulSet).Name, sts.(*appsv1.StatefulSet).Namespace) - logger.Error(e, e.Error(), "name", drd.Name, "namespace", drd.Namespace) - emitEvent.EmitEventGeneric(drd, "DruidOperatorPvcReSizeFail", "", err) - return e - } - - // In case size dont match and dessize > currsize, delete the sts using casacde=false / propagation policy set to orphan - // The operator on next reconcile shall create the sts with latest changes - if desiredSize != currentSize { - msg := fmt.Sprintf("Detected Change in VolumeClaimTemplate Sizes for Statefuleset [%s] in Namespace [%s], desVolumeClaimTemplateSize: [%s], currVolumeClaimTemplateSize: [%s]\n, deleteing STS [%s] with casacde=false]", sts.(*appsv1.StatefulSet).Name, sts.(*appsv1.StatefulSet).Namespace, desVolumeClaimTemplateSize[i].String(), currVolumeClaimTemplateSize[i].String(), sts.(*appsv1.StatefulSet).Name) - logger.Info(msg) - emitEvent.EmitEventGeneric(drd, "DruidOperatorPvcReSizeDetected", msg, nil) - - if err := writers.Delete(ctx, sdk, drd, sts, emitEvent, client.PropagationPolicy(metav1.DeletePropagationOrphan)); err != nil { - return err - } else { - msg := fmt.Sprintf("[StatefuleSet:%s] successfully deleted with casacde=false", sts.(*appsv1.StatefulSet).Name) - logger.Info(msg, "name", drd.Name, "namespace", drd.Namespace) - emitEvent.EmitEventGeneric(drd, "DruidOperatorStsOrphaned", msg, nil) - } - - } - - // In case size dont match, patch the pvc with the desiredsize from druid CR - for p := range pvcSize { - pSize, _ := pvcSize[p].AsInt64() - if desiredSize != pSize { - // use deepcopy - patch := client.MergeFrom(pvcList[p].(*v1.PersistentVolumeClaim).DeepCopy()) - pvcList[p].(*v1.PersistentVolumeClaim).Spec.Resources.Requests[v1.ResourceStorage] = desVolumeClaimTemplateSize[i] - if err := writers.Patch(ctx, sdk, drd, pvcList[p].(*v1.PersistentVolumeClaim), false, patch, emitEvent); err != nil { - return err - } else { - msg := fmt.Sprintf("[PVC:%s] successfully Patched with [Size:%s]", pvcList[p].(*v1.PersistentVolumeClaim).Name, desVolumeClaimTemplateSize[i].String()) - logger.Info(msg, "name", drd.Name, "namespace", drd.Namespace) - } - } - } - - } - - return nil -} diff --git a/druid-operator/controllers/druid/volume_expansion_test.go b/druid-operator/controllers/druid/volume_expansion_test.go deleted file mode 100644 index 4638aea4a541..000000000000 --- a/druid-operator/controllers/druid/volume_expansion_test.go +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "time" - - druidv1alpha1 "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - "k8s.io/apimachinery/pkg/types" -) - -// +kubebuilder:docs-gen:collapse=Imports - -/* -volume_expansion_test -*/ -var _ = Describe("Test volume expansion feature", func() { - const ( - filePath = "testdata/volume-expansion.yaml" - timeout = time.Second * 45 - interval = time.Millisecond * 250 - ) - - var ( - druid = &druidv1alpha1.Druid{} - ) - - Context("When creating a druid cluster with volume expansion", func() { - It("Should create the druid object", func() { - By("Creating a new druid") - druidCR, err := readDruidClusterSpecFromFile(filePath) - Expect(err).Should(BeNil()) - Expect(k8sClient.Create(ctx, druidCR)).To(Succeed()) - - By("Getting a newly created druid") - Eventually(func() bool { - err := k8sClient.Get(ctx, types.NamespacedName{Name: druidCR.Name, Namespace: druidCR.Namespace}, druid) - return err == nil - }, timeout, interval).Should(BeTrue()) - }) - It("Should error on the CR verify stage if storage class is nil", func() { - By("Setting storage class name to nil") - druid.Spec.Nodes["historicals"].VolumeClaimTemplates[0].Spec.StorageClassName = nil - Expect(druid.Spec.Nodes["historicals"].VolumeClaimTemplates[0].Spec.StorageClassName).Should(BeNil()) - - By("Validating the created druid") - Expect(validateVolumeClaimTemplateSpec(druid)).Error() - }) - It("Should error if validate didn't worked and storageClassName does not exists", func() { - By("By getting the historicals nodeSpec") - allNodeSpecs := getNodeSpecsByOrder(druid) - - nodeSpec := &druidv1alpha1.DruidNodeSpec{} - for _, elem := range allNodeSpecs { - if elem.key == "historicals" { - nodeSpec = &elem.spec - } - } - Expect(nodeSpec).ShouldNot(BeNil()) - - By("By calling the expand volume function with storageClass nil") - Expect(isVolumeExpansionEnabled(ctx, k8sClient, druid, nodeSpec, nil)).Error() - }) - }) -}) diff --git a/druid-operator/controllers/druid/zookeeper_dep_mgmt.go b/druid-operator/controllers/druid/zookeeper_dep_mgmt.go deleted file mode 100644 index 2fdca43082dc..000000000000 --- a/druid-operator/controllers/druid/zookeeper_dep_mgmt.go +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - "encoding/json" - "fmt" - "reflect" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - "github.com/datainfrahq/druid-operator/controllers/druid/ext" -) - -var zkExtTypes = map[string]reflect.Type{} - -func init() { - zkExtTypes["default"] = reflect.TypeOf(ext.DefaultZkManager{}) -} - -// We might have to add more methods to this interface to enable extensions that completely manage -// deploy, upgrade and termination of zk cluster. -type zookeeperManager interface { - Configuration() string -} - -func createZookeeperManager(spec *v1alpha1.ZookeeperSpec) (zookeeperManager, error) { - if t, ok := zkExtTypes[spec.Type]; ok { - v := reflect.New(t).Interface() - if err := json.Unmarshal(spec.Spec, v); err != nil { - return nil, fmt.Errorf("Couldn't unmarshall zk type[%s]. Error[%s].", spec.Type, err.Error()) - } else { - return v.(zookeeperManager), nil - } - } else { - return nil, fmt.Errorf("Can't find type[%s] for Zookeeper Mgmt.", spec.Type) - } -} diff --git a/druid-operator/controllers/druid/zookeeper_dep_mgmt_test.go b/druid-operator/controllers/druid/zookeeper_dep_mgmt_test.go deleted file mode 100644 index 57e0d5d67fad..000000000000 --- a/druid-operator/controllers/druid/zookeeper_dep_mgmt_test.go +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druid - -import ( - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - - druidv1alpha1 "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" -) - -// +kubebuilder:docs-gen:collapse=Imports - -/* -zookeeper_dep_mgmt_test -*/ -var _ = Describe("Test zookeeper dep mgmt", func() { - Context("When testing zookeeper dep mgmt", func() { - It("should test zookeeper dep mgmt", func() { - v := druidv1alpha1.ZookeeperSpec{ - Type: "default", - Spec: []byte(`{ "properties": "my-zookeeper-config" }`), - } - - zm, err := createZookeeperManager(&v) - Expect(err).Should(BeNil()) - Expect(zm.Configuration()).Should(Equal("my-zookeeper-config")) - - }) - }) -}) diff --git a/druid-operator/controllers/ingestion/ingestion_controller.go b/druid-operator/controllers/ingestion/ingestion_controller.go deleted file mode 100644 index 81a70cb3fab2..000000000000 --- a/druid-operator/controllers/ingestion/ingestion_controller.go +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package ingestion - -import ( - "context" - "os" - "time" - - "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/client-go/tools/record" - - "github.com/go-logr/logr" - "k8s.io/apimachinery/pkg/runtime" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/log" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - druidv1alpha1 "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" -) - -// IngestionReconciler -type DruidIngestionReconciler struct { - client.Client - Log logr.Logger - Scheme *runtime.Scheme - // reconcile time duration, defaults to 10s - ReconcileWait time.Duration - Recorder record.EventRecorder -} - -func NewDruidIngestionReconciler(mgr ctrl.Manager) *DruidIngestionReconciler { - return &DruidIngestionReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("Ingestion"), - Scheme: mgr.GetScheme(), - Recorder: mgr.GetEventRecorderFor("druid-ingestion"), - } -} - -// +kubebuilder:rbac:groups=druid.apache.org,resources=ingestions,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=druid.apache.org,resources=ingestion/status,verbs=get;update;patch -func (r *DruidIngestionReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { - logr := log.FromContext(ctx) - - druidIngestionCR := &v1alpha1.DruidIngestion{} - err := r.Get(ctx, req.NamespacedName, druidIngestionCR) - if err != nil { - if errors.IsNotFound(err) { - return ctrl.Result{}, nil - } - return ctrl.Result{}, err - } - - if err := r.do(ctx, druidIngestionCR); err != nil { - logr.Error(err, err.Error()) - return ctrl.Result{}, err - } else { - return ctrl.Result{RequeueAfter: LookupReconcileTime()}, nil - } - -} - -func LookupReconcileTime() time.Duration { - val, exists := os.LookupEnv("RECONCILE_WAIT") - if !exists { - return time.Second * 10 - } else { - v, err := time.ParseDuration(val) - if err != nil { - // Exit Program if not valid - os.Exit(1) - } - return v - } -} - -func (r *DruidIngestionReconciler) SetupWithManager(mgr ctrl.Manager) error { - return ctrl.NewControllerManagedBy(mgr). - For(&druidv1alpha1.DruidIngestion{}). - Complete(r) -} diff --git a/druid-operator/controllers/ingestion/reconciler.go b/druid-operator/controllers/ingestion/reconciler.go deleted file mode 100644 index c7cdce0d6821..000000000000 --- a/druid-operator/controllers/ingestion/reconciler.go +++ /dev/null @@ -1,711 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package ingestion - -import ( - "context" - "encoding/json" - "errors" - "fmt" - "net/http" - "reflect" - "time" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - "github.com/datainfrahq/druid-operator/controllers/druid" - druidapi "github.com/datainfrahq/druid-operator/pkg/druidapi" - internalhttp "github.com/datainfrahq/druid-operator/pkg/http" - "github.com/datainfrahq/druid-operator/pkg/util" - "github.com/datainfrahq/operator-runtime/builder" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" -) - -const ( - DruidIngestionControllerCreateSuccess = "DruidIngestionControllerCreateSuccess" - DruidIngestionControllerCreateFail = "DruidIngestionControllerCreateFail" - DruidIngestionControllerGetSuccess = "DruidIngestionControllerGetSuccess" - DruidIngestionControllerGetFail = "DruidIngestionControllerGetFail" - DruidIngestionControllerUpdateSuccess = "DruidIngestionControllerUpdateSuccess" - DruidIngestionControllerUpdateFail = "DruidIngestionControllerUpdateFail" - DruidIngestionControllerShutDownSuccess = "DruidIngestionControllerShutDownSuccess" - DruidIngestionControllerShutDownFail = "DruidIngestionControllerShutDownFail" - DruidIngestionControllerPatchStatusSuccess = "DruidIngestionControllerPatchStatusSuccess" - DruidIngestionControllerPatchStatusFail = "DruidIngestionControllerPatchStatusFail" - DruidIngestionControllerFinalizer = "druidingestion.datainfra.io/finalizer" -) - -func (r *DruidIngestionReconciler) do(ctx context.Context, di *v1alpha1.DruidIngestion) error { - basicAuth, err := druidapi.GetAuthCreds( - ctx, - r.Client, - di.Spec.Auth, - ) - if err != nil { - return err - } - - svcName, err := druidapi.GetRouterSvcUrl(di.Namespace, di.Spec.DruidClusterName, r.Client) - if err != nil { - return err - } - - build := builder.NewBuilder( - builder.ToNewBuilderRecorder(builder.BuilderRecorder{Recorder: r.Recorder, ControllerName: "DruidIngestionController"}), - ) - - _, err = r.CreateOrUpdate(di, svcName, *build, internalhttp.Auth{BasicAuth: basicAuth}) - if err != nil { - return err - } - - if di.ObjectMeta.DeletionTimestamp.IsZero() { - // The object is not being deleted, so if it does not have our finalizer, - // then lets add the finalizer and update the object. This is equivalent - // registering our finalizer. - if !controllerutil.ContainsFinalizer(di, DruidIngestionControllerFinalizer) { - controllerutil.AddFinalizer(di, DruidIngestionControllerFinalizer) - if err := r.Update(ctx, di.DeepCopyObject().(*v1alpha1.DruidIngestion)); err != nil { - return nil - } - } - } else { - if controllerutil.ContainsFinalizer(di, DruidIngestionControllerFinalizer) { - // our finalizer is present, so lets handle any external dependency - svcName, err := druidapi.GetRouterSvcUrl(di.Namespace, di.Spec.DruidClusterName, r.Client) - if err != nil { - return err - } - - posthttp := internalhttp.NewHTTPClient( - &http.Client{}, - &internalhttp.Auth{BasicAuth: basicAuth}, - ) - - respShutDownTask, err := posthttp.Do( - http.MethodPost, - getPath(di.Spec.Ingestion.Type, svcName, http.MethodPost, di.Status.TaskId, true), - []byte{}, - ) - if err != nil { - return err - } - if respShutDownTask.StatusCode != 200 { - build.Recorder.GenericEvent( - di, - v1.EventTypeWarning, - fmt.Sprintf("Resp [%s], StatusCode [%d]", string(respShutDownTask.ResponseBody), respShutDownTask.StatusCode), - DruidIngestionControllerShutDownFail, - ) - } else { - build.Recorder.GenericEvent( - di, - v1.EventTypeNormal, - fmt.Sprintf("Resp [%s], StatusCode [%d]", string(respShutDownTask.ResponseBody), respShutDownTask.StatusCode), - DruidIngestionControllerShutDownSuccess, - ) - } - - // remove our finalizer from the list and update it. - controllerutil.RemoveFinalizer(di, DruidIngestionControllerFinalizer) - if err := r.Update(ctx, di.DeepCopyObject().(*v1alpha1.DruidIngestion)); err != nil { - return nil - } - } - } - - return nil -} - -// getSpec extracts the current ingestion spec from the DruidIngestion object. -// It first attempts to extract the nativeSpec, and if that is not available, it falls back to the Spec. -func getSpec(di *v1alpha1.DruidIngestion) (map[string]interface{}, error) { - if di.Spec.Ingestion.NativeSpec.Size() > 0 { - var nativeSpecMap map[string]interface{} - if err := json.Unmarshal(di.Spec.Ingestion.NativeSpec.Raw, &nativeSpecMap); err != nil { - return nil, fmt.Errorf("error unmarshalling nativeSpec: %v", err) - } - return nativeSpecMap, nil - } else if di.Spec.Ingestion.Spec != "" { - // Attempt to unmarshal the JSON Spec if nativeSpec is not available - var spec map[string]interface{} - err := json.Unmarshal([]byte(di.Spec.Ingestion.Spec), &spec) - if err != nil { - return nil, fmt.Errorf("error unmarshalling Spec: %v", err) - } - return spec, nil - } else { - // Return an error if neither nativeSpec nor Spec is valid - return nil, fmt.Errorf("no valid ingestion spec provided") - } -} - -// getSpecJson extracts the current ingestion spec from the DruidIngestion object and returns it as a string. -func getSpecJson(di *v1alpha1.DruidIngestion) (string, error) { - specData, err := getSpec(di) - if err != nil { - return "", err - } - return util.ToJsonString(specData) -} - -// getRules extracts the rules from the DruidIngestion object and returns them as a slice of maps. -// Each map represents a single rule. -func getRules(di *v1alpha1.DruidIngestion) ([]map[string]interface{}, error) { - if len(di.Spec.Ingestion.Rules) == 0 { - return nil, nil - } - - rules := make([]map[string]interface{}, 0, len(di.Spec.Ingestion.Rules)) // Initialize with capacity - for _, rule := range di.Spec.Ingestion.Rules { - var ruleMap map[string]interface{} - if err := json.Unmarshal(rule.Raw, &ruleMap); err != nil { - return nil, fmt.Errorf("error unmarshalling rule: %v", err) - } - rules = append(rules, ruleMap) - } - return rules, nil -} - -// getRulesJson extracts the rules from the DruidIngestion object and returns them as a JSON string. -func getRulesJson(di *v1alpha1.DruidIngestion) (string, error) { - rules, err := getRules(di) - if err != nil { - return "", err - } - return util.ToJsonString(rules) -} - -// extractDataSourceFromSpec extracts the dataSource from the spec map -func getDataSource(di *v1alpha1.DruidIngestion) (string, error) { - // Get the current ingestion spec - spec, err := getSpec(di) - if err != nil { - return "", err - } - - // Navigate through the nested structure to find dataSource - if specSection, ok := spec["spec"].(map[string]interface{}); ok { - if dataSchema, ok := specSection["dataSchema"].(map[string]interface{}); ok { - if dataSource, ok := dataSchema["dataSource"].(string); ok { - return dataSource, nil - } - } - } - return "", fmt.Errorf("dataSource not found in spec") -} - -func getCompaction(di *v1alpha1.DruidIngestion) (map[string]interface{}, error) { - compaction := di.Spec.Ingestion.Compaction - - compactionMap := make(map[string]interface{}) - if len(compaction.Raw) == 0 { - return compactionMap, nil - } - - if err := json.Unmarshal(compaction.Raw, &compactionMap); err != nil { - return nil, fmt.Errorf("error unmarshalling compaction: %v", err) - } - - dataSource, err := getDataSource(di) - if err != nil { - return nil, fmt.Errorf("error getting dataSource: %v", err) - } - - // Add dataSource to the map - compactionMap["dataSource"] = dataSource - - return compactionMap, nil -} - -func getCompactionJson(di *v1alpha1.DruidIngestion) (string, error) { - compaction, err := getCompaction(di) - if err != nil { - return "", err - } - return util.ToJsonString(compaction) -} - -// UpdateCompaction updates the compaction settings for a Druid data source. -func (r *DruidIngestionReconciler) UpdateCompaction( - di *v1alpha1.DruidIngestion, - svcName string, - auth internalhttp.Auth, -) (bool, error) { - // If there are no compaction settings, return false - if di.Spec.Ingestion.Compaction.Size() == 0 { - return false, nil - } - - httpClient := internalhttp.NewHTTPClient( - &http.Client{}, - &auth, - ) - - dataSource, err := getDataSource(di) - if err != nil { - return false, err - } - - // Get current compaction settings - currentResp, err := httpClient.Do( - http.MethodGet, - druidapi.MakePath(svcName, "coordinator", "config", "compaction", dataSource), - nil, - ) - if err != nil { - return false, err - } - - var currentCompactionJson string - if currentResp.StatusCode == http.StatusOK { - currentCompactionJson = string(currentResp.ResponseBody) - } else if currentResp.StatusCode == http.StatusNotFound { - // Assume no compaction settings are currently set - currentCompactionJson = "{}" - } else { - return false, fmt.Errorf("failed to retrieve current compaction settings, status code: %d", currentResp.StatusCode) - } - - desiredCompactionJson, err := getCompactionJson(di) - if err != nil { - return false, err - } - - // Compare current and desired compaction settings - if areEqual, err := util.IncludesJson(currentCompactionJson, desiredCompactionJson); err != nil { - return false, err - } else if areEqual { - // Compaction settings are already up-to-date - return false, nil - } - - // Update compaction settings - respUpdateCompaction, err := httpClient.Do( - http.MethodPost, - druidapi.MakePath(svcName, "coordinator", "config", "compaction"), - []byte(desiredCompactionJson), - ) - if err != nil { - return false, err - } - - if respUpdateCompaction.StatusCode == 200 { - return true, nil - } - - return false, fmt.Errorf( - "failed to update compaction, status code: %d, response body: %s", - respUpdateCompaction.StatusCode, respUpdateCompaction.ResponseBody) -} - -// UpdateRules updates the rules for a Druid data source. -func (r *DruidIngestionReconciler) UpdateRules( - di *v1alpha1.DruidIngestion, - svcName string, - auth internalhttp.Auth, -) (bool, error) { - // If there are no rules, return true - if len(di.Spec.Ingestion.Rules) == 0 { - return true, nil - } - - rulesData, err := getRulesJson(di) - if err != nil { - return false, err - } - postHttp := internalhttp.NewHTTPClient( - &http.Client{}, - &auth, - ) - - dataSource, err := getDataSource(di) - if err != nil { - return false, err - } - - // Update rules - respUpdateRules, err := postHttp.Do( - http.MethodPost, - druidapi.MakePath(svcName, "coordinator", "rules", dataSource), - []byte(rulesData), - ) - - if err != nil { - return false, err - } - - if respUpdateRules.StatusCode == 200 { - return true, nil - } - - return false, fmt.Errorf("failed to update rules, status code: %d, response body: %s", respUpdateRules.StatusCode, respUpdateRules.ResponseBody) -} - -func (r *DruidIngestionReconciler) CreateOrUpdate( - di *v1alpha1.DruidIngestion, - svcName string, - build builder.Builder, - auth internalhttp.Auth, -) (controllerutil.OperationResult, error) { - - // Marshal the current spec to JSON - specJson, err := getSpecJson(di) - if err != nil { - return controllerutil.OperationResultNone, err - } - - // check if task id does not exist in status - if di.Status.TaskId == "" && di.Status.CurrentIngestionSpec == "" { - // if does not exist create task - postHttp := internalhttp.NewHTTPClient( - &http.Client{}, - &auth, - ) - - // Create ingestion task - respCreateTask, err := postHttp.Do( - http.MethodPost, - getPath(di.Spec.Ingestion.Type, svcName, http.MethodPost, "", false), - []byte(specJson), - ) - - if err != nil { - return controllerutil.OperationResultNone, err - } - - compactionOk, err := r.UpdateCompaction(di, svcName, auth) - if err != nil { - return controllerutil.OperationResultNone, err - } - - rulesOk, err := r.UpdateRules(di, svcName, auth) - if err != nil { - return controllerutil.OperationResultNone, err - } - - // If the task creation was successful, patch the status with the new task ID. - if respCreateTask.StatusCode == 200 && compactionOk && rulesOk { - taskId, err := getTaskIdFromResponse(respCreateTask.ResponseBody) - if err != nil { - return controllerutil.OperationResultNone, err - } - result, err := r.makePatchDruidIngestionStatus( - di, - taskId, - DruidIngestionControllerCreateSuccess, - string(respCreateTask.ResponseBody), - v1.ConditionTrue, - DruidIngestionControllerCreateSuccess, - ) - if err != nil { - return controllerutil.OperationResultNone, err - } - build.Recorder.GenericEvent( - di, - v1.EventTypeNormal, - fmt.Sprintf("Resp [%s]", string(respCreateTask.ResponseBody)), - DruidIngestionControllerCreateSuccess, - ) - build.Recorder.GenericEvent( - di, - v1.EventTypeNormal, - fmt.Sprintf("Resp [%s], Result [%s]", string(respCreateTask.ResponseBody), result), - DruidIngestionControllerPatchStatusSuccess) - return controllerutil.OperationResultCreated, nil - } else { - // If task creation failed, patch the status to reflect the failure. - taskId, err := getTaskIdFromResponse(respCreateTask.ResponseBody) - if err != nil { - return controllerutil.OperationResultNone, err - } - _, err = r.makePatchDruidIngestionStatus( - di, - taskId, - DruidIngestionControllerCreateFail, - string(respCreateTask.ResponseBody), - v1.ConditionTrue, - DruidIngestionControllerCreateFail, - ) - if err != nil { - return controllerutil.OperationResultNone, err - } - build.Recorder.GenericEvent( - di, - v1.EventTypeWarning, - fmt.Sprintf("Resp [%s], Status", string(respCreateTask.ResponseBody)), - DruidIngestionControllerCreateFail, - ) - return controllerutil.OperationResultCreated, nil - } - } else { - - currentIngestionSpec, err := getSpecJson(di) - if err != nil { - return controllerutil.OperationResultNone, err - } - - ok, err := druid.IsEqualJson(di.Status.CurrentIngestionSpec, currentIngestionSpec) - if err != nil { - return controllerutil.OperationResultNone, err - } - - if !ok { - postHttp := internalhttp.NewHTTPClient( - &http.Client{}, - &auth, - ) - - respUpdateSpec, err := postHttp.Do( - http.MethodPost, - getPath(di.Spec.Ingestion.Type, svcName, http.MethodPost, "", false), - []byte(specJson), - ) - if err != nil { - return controllerutil.OperationResultNone, err - } - - if respUpdateSpec.StatusCode == 200 { - // patch status to store the current valid ingestion spec json - taskId, err := getTaskIdFromResponse(respUpdateSpec.ResponseBody) - if err != nil { - return controllerutil.OperationResultNone, err - } - result, err := r.makePatchDruidIngestionStatus( - di, - taskId, - DruidIngestionControllerUpdateSuccess, - string(respUpdateSpec.ResponseBody), - v1.ConditionTrue, - DruidIngestionControllerUpdateSuccess, - ) - if err != nil { - return controllerutil.OperationResultNone, err - } - build.Recorder.GenericEvent( - di, - v1.EventTypeNormal, - fmt.Sprintf("Resp [%s]", string(respUpdateSpec.ResponseBody)), - DruidIngestionControllerUpdateSuccess, - ) - build.Recorder.GenericEvent( - di, - v1.EventTypeNormal, - fmt.Sprintf("Resp [%s], Result [%s]", string(respUpdateSpec.ResponseBody), result), - DruidIngestionControllerPatchStatusSuccess) - } - - } - - compactionOk, err := r.UpdateCompaction(di, svcName, auth) - if err != nil { - return controllerutil.OperationResultNone, err - } - - if compactionOk { - // patch status to store the current compaction json - _, err := r.makePatchDruidIngestionStatus( - di, - di.Status.TaskId, - DruidIngestionControllerUpdateSuccess, - "compaction updated", - v1.ConditionTrue, - DruidIngestionControllerUpdateSuccess, - ) - if err != nil { - return controllerutil.OperationResultNone, err - } - build.Recorder.GenericEvent( - di, - v1.EventTypeNormal, - "compaction updated", - DruidIngestionControllerUpdateSuccess, - ) - } - - // compare the rules state - rulesEqual := reflect.DeepEqual(di.Status.CurrentRules, di.Spec.Ingestion.Rules) - - if !rulesEqual { - rulesOk, err := r.UpdateRules(di, svcName, auth) - if err != nil { - return controllerutil.OperationResultNone, err - } - - if rulesOk { - // patch status to store the current valid rules json - _, err := r.makePatchDruidIngestionStatus( - di, - di.Status.TaskId, - DruidIngestionControllerUpdateSuccess, - "rules updated", - v1.ConditionTrue, - DruidIngestionControllerUpdateSuccess, - ) - if err != nil { - return controllerutil.OperationResultNone, err - } - build.Recorder.GenericEvent( - di, - v1.EventTypeNormal, - "rules updated", - DruidIngestionControllerUpdateSuccess, - ) - } - } - - return controllerutil.OperationResultUpdated, nil - - } -} - -func (r *DruidIngestionReconciler) makePatchDruidIngestionStatus( - di *v1alpha1.DruidIngestion, - taskId string, - msg string, - reason string, - status v1.ConditionStatus, - diConditionType string, - -) (controllerutil.OperationResult, error) { - - // Get the current ingestion spec, stored in either nativeSpec or Spec - ingestionSpec, specErr := getSpecJson(di) - if specErr != nil { - return controllerutil.OperationResultNone, specErr - } - - if _, _, err := patchStatus(context.Background(), r.Client, di, func(obj client.Object) client.Object { - - in := obj.(*v1alpha1.DruidIngestion) - in.Status.CurrentIngestionSpec = ingestionSpec - in.Status.CurrentRules = di.Spec.Ingestion.Rules - in.Status.TaskId = taskId - in.Status.LastUpdateTime = metav1.Time{Time: time.Now()} - in.Status.Message = msg - in.Status.Reason = reason - in.Status.Status = status - in.Status.Type = diConditionType - return in - }); err != nil { - return controllerutil.OperationResultNone, err - } - - return controllerutil.OperationResultUpdatedStatusOnly, nil -} - -func getPath( - ingestionType v1alpha1.DruidIngestionMethod, - svcName, httpMethod, taskId string, - shutDownTask bool) string { - - switch ingestionType { - case v1alpha1.NativeBatchIndexParallel: - if httpMethod == http.MethodGet { - // get task - return druidapi.MakePath(svcName, "indexer", "task", taskId) - } else if httpMethod == http.MethodPost && !shutDownTask { - // create or update task - return druidapi.MakePath(svcName, "indexer", "task") - } else if shutDownTask { - // shutdown task - return druidapi.MakePath(svcName, "indexer", "task", taskId, "shutdown") - } - case v1alpha1.HadoopIndexHadoop: - case v1alpha1.Kafka: - if httpMethod == http.MethodGet { - // get supervisor task - return druidapi.MakePath(svcName, "indexer", "supervisor", taskId) - } else if httpMethod == http.MethodPost && !shutDownTask { - // create or update supervisor task - return druidapi.MakePath(svcName, "indexer", "supervisor") - } else if shutDownTask { - // shut down supervisor - return druidapi.MakePath(svcName, "indexer", "supervisor", taskId, "shutdown") - } - case v1alpha1.Kinesis: - case v1alpha1.QueryControllerSQL: - default: - return "" - } - - return "" -} - -type taskHolder struct { - Task string `json:"task"` // tasks - ID string `json:"id"` // supervisor -} - -func getTaskIdFromResponse(resp string) (string, error) { - var task taskHolder - if err := json.Unmarshal([]byte(resp), &task); err != nil { - return "", err - } - - // check both fields and return the appropriate value - // tasks use different field names than supervisors - if task.Task != "" { - return task.Task, nil - } - if task.ID != "" { - return task.ID, nil - } - - return "", errors.New("task id not found") -} - -type VerbType string - -type ( - TransformStatusFunc func(obj client.Object) client.Object -) - -const ( - VerbPatched VerbType = "Patched" - VerbUnchanged VerbType = "Unchanged" -) - -func patchStatus(ctx context.Context, c client.Client, obj client.Object, transform TransformStatusFunc, opts ...client.SubResourcePatchOption) (client.Object, VerbType, error) { - key := types.NamespacedName{ - Namespace: obj.GetNamespace(), - Name: obj.GetName(), - } - err := c.Get(ctx, key, obj) - if err != nil { - return nil, VerbUnchanged, err - } - - // The body of the request was in an unknown format - - // accepted media types include: - // - application/json-patch+json, - // - application/merge-patch+json, - // - application/apply-patch+yaml - patch := client.MergeFrom(obj) - obj = transform(obj.DeepCopyObject().(client.Object)) - err = c.Status().Patch(ctx, obj, patch, opts...) - if err != nil { - return nil, VerbUnchanged, err - } - return obj, VerbPatched, nil -} diff --git a/druid-operator/controllers/ingestion/reconciler_test.go b/druid-operator/controllers/ingestion/reconciler_test.go deleted file mode 100644 index 4c806cd7701a..000000000000 --- a/druid-operator/controllers/ingestion/reconciler_test.go +++ /dev/null @@ -1,633 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package ingestion - -import ( - "net/http" - "net/http/httptest" - "testing" - - "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - - internalhttp "github.com/datainfrahq/druid-operator/pkg/http" - - "github.com/stretchr/testify/assert" - "k8s.io/apimachinery/pkg/runtime" -) - -func TestGetRules(t *testing.T) { - tests := []struct { - name string - druidIngestion *v1alpha1.DruidIngestion - expectedRules []map[string]interface{} - expectError bool - }{ - { - name: "No rules", - druidIngestion: &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - Rules: []runtime.RawExtension{}, - }, - }, - }, - expectedRules: nil, - expectError: false, - }, - { - name: "Valid rules", - druidIngestion: &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - Rules: []runtime.RawExtension{ - {Raw: []byte(`{"type": "load", "tieredReplicants": {"hot": 2}}`)}, - {Raw: []byte(`{"type": "drop", "interval": "2012-01-01/2013-01-01"}`)}, - }, - }, - }, - }, - expectedRules: []map[string]interface{}{ - {"type": "load", "tieredReplicants": map[string]interface{}{"hot": float64(2)}}, - {"type": "drop", "interval": "2012-01-01/2013-01-01"}, - }, - expectError: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - rules, err := getRules(tt.druidIngestion) - - if tt.expectError { - assert.Error(t, err, "expected an error but got none") - } else { - assert.NoError(t, err, "unexpected error") - assert.Equal(t, tt.expectedRules, rules, "rules do not match expected") - } - }) - } -} - -func TestGetRulesJson(t *testing.T) { - tests := []struct { - name string - druidIngestion *v1alpha1.DruidIngestion - expectedJson string - expectError bool - }{ - { - name: "No rules", - druidIngestion: &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - Rules: []runtime.RawExtension{}, - }, - }, - }, - expectedJson: "null", - expectError: false, - }, - { - name: "Valid rules", - druidIngestion: &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - Rules: []runtime.RawExtension{ - {Raw: []byte(`{"type": "load", "tieredReplicants": {"hot": 2}}`)}, - {Raw: []byte(`{"type": "drop", "interval": "2012-01-01/2013-01-01"}`)}, - }, - }, - }, - }, - expectedJson: `[{"type":"load","tieredReplicants":{"hot":2}},{"type":"drop","interval":"2012-01-01/2013-01-01"}]`, - expectError: false, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - actualJson, err := getRulesJson(tt.druidIngestion) - - if tt.expectError { - assert.Error(t, err, "expected an error but got none") - } else { - assert.NoError(t, err, "unexpected error") - assert.JSONEq(t, tt.expectedJson, actualJson, "JSON output does not match expected") - } - }) - } -} - -func TestUpdateCompaction_Success(t *testing.T) { - // Mock DruidIngestion data - di := &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - Spec: `{ - "spec": { - "dataSchema": { - "dataSource": "testDataSource" - } - } - }`, - Compaction: runtime.RawExtension{ - Raw: []byte(`{"metricsSpec": "testMetric"}`), - }, - }, - }, - } - - // Mock HTTP server - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method == http.MethodGet { - // Return current compaction settings - w.Header().Set("Content-Type", "application/json") - w.WriteHeader(http.StatusOK) - _, _ = w.Write([]byte(`{"metricsSpec": "currentMetric"}`)) - } else if r.Method == http.MethodPost { - // Simulate successful update - w.WriteHeader(http.StatusOK) - } - })) - defer server.Close() - - // Mock Auth - auth := internalhttp.Auth{ - BasicAuth: internalhttp.BasicAuth{ - UserName: "user", - Password: "pass", - }, - } - - // Mock DruidIngestionReconciler - r := &DruidIngestionReconciler{} - - // Call UpdateCompaction - success, err := r.UpdateCompaction(di, server.URL, auth) - - if err != nil { - t.Fatalf("expected no error, got %v", err) - } - if !success { - t.Fatalf("expected success, got failure") - } -} - -func TestUpdateCompaction_Failure(t *testing.T) { - // Mock DruidIngestion data - di := &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - Spec: `{ - "spec": { - "dataSchema": { - "dataSource": "testDataSource" - } - } - }`, - Compaction: runtime.RawExtension{ - Raw: []byte(`{"metricsSpec": "testMetric"}`), - }, - }, - }, - } - - // Mock HTTP server - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(http.StatusInternalServerError) - })) - defer server.Close() - - // Mock Auth - auth := internalhttp.Auth{ - BasicAuth: internalhttp.BasicAuth{ - UserName: "user", - Password: "pass", - }, - } - - // Mock DruidIngestionReconciler - r := &DruidIngestionReconciler{} - - // Call UpdateCompaction - success, err := r.UpdateCompaction(di, server.URL, auth) - - if err == nil { - t.Fatalf("expected error, got nil") - } - - if success { - t.Fatalf("expected failure, got success") - } -} - -func TestGetCompaction(t *testing.T) { - compactionMap := make(map[string]interface{}) - tests := []struct { - name string - compactionRaw string - specRaw string - expectedMap map[string]interface{} - expectingErr bool - }{ - { - name: "Valid compaction settings with dataSource", - compactionRaw: `{ - "metricsSpec": "testMetric", - "tuningConfig": {"maxRowsInMemory": 10000} - }`, - specRaw: `{ - "spec": { - "dataSchema": { - "dataSource": "testDataSource" - } - } - }`, - expectedMap: map[string]interface{}{ - "metricsSpec": "testMetric", - "tuningConfig": map[string]interface{}{ - "maxRowsInMemory": float64(10000), - }, - "dataSource": "testDataSource", - }, - expectingErr: false, - }, - { - name: "No compaction settings", - compactionRaw: ``, - specRaw: `{ - "spec": { - "dataSchema": { - "dataSource": "testDataSource" - } - } - }`, - expectedMap: compactionMap, - expectingErr: false, - }, - { - name: "Missing dataSource", - compactionRaw: `{ - "metricsSpec": "testMetric", - "tuningConfig": {"maxRowsInMemory": 10000} - }`, - specRaw: `{ - "spec": { - "dataSchema": {} - } - }`, - expectedMap: nil, - expectingErr: true, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - di := &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - Compaction: runtime.RawExtension{ - Raw: []byte(tt.compactionRaw), - }, - Spec: string(tt.specRaw), - }, - }, - } - - compactionMap, err := getCompaction(di) - if tt.expectingErr { - assert.Error(t, err, "Expected an error but got none") - } else { - assert.NoError(t, err, "Unexpected error") - assert.Equal(t, tt.expectedMap, compactionMap, "Compaction map does not match expected value") - } - }) - } -} - -func TestGetCompactionJson(t *testing.T) { - tests := []struct { - name string - compactionRaw string - specRaw string - expectedJson string - expectingErr bool - }{ - { - name: "Valid compaction settings with dataSource", - compactionRaw: `{ - "metricsSpec": "testMetric", - "tuningConfig": {"maxRowsInMemory": 10000} - }`, - specRaw: `{ - "spec": { - "dataSchema": { - "dataSource": "testDataSource" - } - } - }`, - expectedJson: `{"metricsSpec":"testMetric","tuningConfig":{"maxRowsInMemory":10000},"dataSource":"testDataSource"}`, - expectingErr: false, - }, - { - name: "No compaction settings", - compactionRaw: ``, - specRaw: `{ - "spec": { - "dataSchema": { - "dataSource": "testDataSource" - } - } - }`, - expectedJson: "{}", - expectingErr: false, - }, - { - name: "Missing dataSource", - compactionRaw: `{ - "metricsSpec": "testMetric", - "tuningConfig": {"maxRowsInMemory": 10000} - }`, - specRaw: `{ - "spec": { - "dataSchema": {} - } - }`, - expectedJson: "", - expectingErr: true, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - di := &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - Compaction: runtime.RawExtension{ - Raw: []byte(tt.compactionRaw), - }, - Spec: string(tt.specRaw), - }, - }, - } - - compactionJson, err := getCompactionJson(di) - if tt.expectingErr { - assert.Error(t, err, "Expected an error but got none") - } else { - assert.NoError(t, err, "Unexpected error") - assert.JSONEq(t, tt.expectedJson, compactionJson, "Compaction JSON does not match expected value") - } - }) - } -} - -func TestGetPath(t *testing.T) { - tests := []struct { - name string - ingestionType v1alpha1.DruidIngestionMethod - svcName string - httpMethod string - taskId string - shutDownTask bool - expected string - }{ - { - name: "NativeBatchGetTask", - ingestionType: v1alpha1.NativeBatchIndexParallel, - svcName: "http://example-druid-service", - httpMethod: http.MethodGet, - taskId: "task1", - expected: "http://example-druid-service/druid/indexer/v1/task/task1", - }, - { - name: "NativeBatchCreateUpdateTask", - ingestionType: v1alpha1.NativeBatchIndexParallel, - svcName: "http://example-druid-service", - httpMethod: http.MethodPost, - shutDownTask: false, - expected: "http://example-druid-service/druid/indexer/v1/task", - }, - { - name: "NativeBatchShutdownTask", - ingestionType: v1alpha1.NativeBatchIndexParallel, - svcName: "http://example-druid-service", - httpMethod: http.MethodPost, - taskId: "task1", - shutDownTask: true, - expected: "http://example-druid-service/druid/indexer/v1/task/task1/shutdown", - }, - { - name: "KafkaGetSupervisorTask", - ingestionType: v1alpha1.Kafka, - svcName: "http://example-druid-service", - httpMethod: http.MethodGet, - taskId: "supervisor1", - expected: "http://example-druid-service/druid/indexer/v1/supervisor/supervisor1", - }, - { - name: "KafkaCreateUpdateSupervisorTask", - ingestionType: v1alpha1.Kafka, - svcName: "http://example-druid-service", - httpMethod: http.MethodPost, - shutDownTask: false, - expected: "http://example-druid-service/druid/indexer/v1/supervisor", - }, - { - name: "KafkaShutdownSupervisor", - ingestionType: v1alpha1.Kafka, - svcName: "http://example-druid-service", - httpMethod: http.MethodPost, - taskId: "supervisor1", - shutDownTask: true, - expected: "http://example-druid-service/druid/indexer/v1/supervisor/supervisor1/shutdown", - }, - { - name: "UnsupportedIngestionType", - ingestionType: v1alpha1.Kinesis, - svcName: "http://example-druid-service", - httpMethod: http.MethodGet, - expected: "", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - actual := getPath(tt.ingestionType, tt.svcName, tt.httpMethod, tt.taskId, tt.shutDownTask) - if actual != tt.expected { - t.Errorf("getPath() = %v, expected %v", actual, tt.expected) - } - }) - } -} - -func TestGetSpec(t *testing.T) { - tests := []struct { - name string - di *v1alpha1.DruidIngestion - expectedSpec map[string]interface{} - expectingError bool - }{ - { - name: "NativeSpec is used", - di: &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - NativeSpec: runtime.RawExtension{ - Raw: []byte(`{"key": "value"}`), - }, - }, - }, - }, - expectedSpec: map[string]interface{}{ - "key": "value", - }, - expectingError: false, - }, - { - name: "Spec is used when NativeSpec is empty", - di: &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - Spec: `{"key": "value"}`, - }, - }, - }, - expectedSpec: map[string]interface{}{ - "key": "value", - }, - expectingError: false, - }, - { - name: "Error when both NativeSpec and Spec are empty", - di: &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - NativeSpec: runtime.RawExtension{}, - Spec: "", - }, - }, - }, - expectedSpec: nil, - expectingError: true, - }, - { - name: "Error when Spec is invalid JSON", - di: &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - Spec: `{"key": "value"`, // Invalid JSON - }, - }, - }, - expectedSpec: nil, - expectingError: true, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - spec, err := getSpec(tt.di) - if tt.expectingError { - assert.Error(t, err) - } else { - assert.NoError(t, err) - assert.Equal(t, tt.expectedSpec, spec) - } - }) - } -} - -func TestGetDataSource(t *testing.T) { - tests := []struct { - name string - specJSON string - expected string - expectingErr bool - }{ - { - name: "Valid dataSource extraction", - specJSON: ` - { - "spec": { - "dataSchema": { - "dataSource": "wikipedia-2" - } - } - }`, - expected: "wikipedia-2", - expectingErr: false, - }, - { - name: "Missing dataSource", - specJSON: ` - { - "spec": { - "dataSchema": {} - } - }`, - expected: "", - expectingErr: true, - }, - { - name: "Incorrect dataSource type", - specJSON: ` - { - "spec": { - "dataSchema": { - "dataSource": 123 - } - } - }`, - expected: "", - expectingErr: true, - }, - { - name: "Missing spec section", - specJSON: ` - { - "otherField": {} - }`, - expected: "", - expectingErr: true, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - // Prepare the DruidIngestion object with the test JSON - di := &v1alpha1.DruidIngestion{ - Spec: v1alpha1.DruidIngestionSpec{ - Ingestion: v1alpha1.IngestionSpec{ - Spec: (tt.specJSON), - }, - }, - } - - dataSource, err := getDataSource(di) - if tt.expectingErr { - assert.Error(t, err, "Expected an error but got none") - } else { - assert.NoError(t, err, "Unexpected error") - assert.Equal(t, tt.expected, dataSource, "DataSource does not match expected value") - } - }) - } -} diff --git a/druid-operator/docs/README.md b/druid-operator/docs/README.md deleted file mode 100644 index ea9584ffe572..000000000000 --- a/druid-operator/docs/README.md +++ /dev/null @@ -1,60 +0,0 @@ - - -# Overview - -Druid Operator is a Kubernetes controller that manages the lifecycle of [Apache Druid](https://druid.apache.org/) clusters. -The operator simplifies the management of Druid clusters with its custom logic that is configurable via custom API -(Kubernetes CRD). - -## Druid Operator Documentation - -* [Getting Started](./getting_started.md) -* API Specifications - * [Druid API](./api_specifications/druid.md) -* [Supported Features](./features.md) -* [Example Specs](./examples.md) -* [Developer Documentation](./dev_doc.md) -* [Migration To Kubebuilder V3 in the Upcoming Version](./kubebuilder_v3_migration.md) - ---- - -:warning: You won't find any documentation about druid itself in this repository. -If you need details about how to architecture your druid cluster you can consult theses documentations: - -* [Druid introduction]() -* [Druid architecture](https://druid.apache.org/docs/latest/design/architecture.html) -* [Druid configuration reference](https://druid.apache.org/docs/latest/configuration/index.html) - ---- - -[German company iunera has published their druid cluster spec](https://www.iunera.com/) in github which is used in the context of a software project by the German Ministry for Digital and Transport. The spec have the following features: - -* Kubernetes-native Druid - * K8S jobs instead of Middlemanager with separated [pod-templates](https://github.com/iunera/druid-cluster-config/blob/main/kubernetes/druid/druidcluster/podTemplates/default-task-template.yaml) - * [Service Discovery by Kubernetes](https://github.com/iunera/druid-cluster-config/blob/main/kubernetes/druid/druidcluster/iuneradruid-cluster.yaml#L172) aka. no zookeeper - * [HPA for historical nodes](https://github.com/iunera/druid-cluster-config/blob/main/kubernetes/druid/druidcluster/hpa.yaml) / extended [Metrics Exporter](https://github.com/iunera/druid-cluster-config/blob/main/kubernetes/druid/metrics/druid-exporter.helm.yaml) -* Multiple [Authenticator/Authorizer](https://github.com/iunera/druid-cluster-config/blob/main/kubernetes/druid/druidcluster/iuneradruid-cluster.yaml#L88) (Basic Auth and Azure AD Authentication with pac4j) -* [Examples](https://github.com/iunera/druid-cluster-config/tree/main/_authentication-and-authorization-druid) for authorization and authentication -* Based on druid-operator and [flux-cd](https://fluxcd.io/flux/) -* Secrets managed by [SOPS](https://fluxcd.io/flux/guides/mozilla-sops/) and [ingested as Environment Variables](https://github.com/iunera/druid-cluster-config/blob/main/kubernetes/druid/druidcluster/iuneradruid-cluster.yaml#L245) -* Postgres as Metadata Store (incl. [Helmchart Config](https://github.com/iunera/druid-cluster-config/blob/main/kubernetes/druid/postgres/postgres.helm.yaml)) -* All endpoints TLS encrypted incl. [Howto](https://github.com/iunera/druid-cluster-config/blob/main/README.md#cluster-internal-tls-encryption) - -Link to the complete config file: https://github.com/iunera/druid-cluster-config diff --git a/druid-operator/docs/api_specifications/druid.md b/druid-operator/docs/api_specifications/druid.md deleted file mode 100644 index 572ee04f1f2c..000000000000 --- a/druid-operator/docs/api_specifications/druid.md +++ /dev/null @@ -1,2942 +0,0 @@ - - -

Druid API reference

-

Packages:

- -

druid.apache.org/v1alpha1

-Resource Types: -
    -

    AdditionalContainer -

    -

    -(Appears on: -DruidNodeSpec, -DruidSpec) -

    -

    AdditionalContainer defines additional sidecar containers to be deployed with the Druid pods. -(will be part of Kubernetes native in the future: -https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/753-sidecar-containers/README.md#summary).

    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -runAsInit
    - -bool - -    		 -(Optional) -

    RunAsInit indicate whether this should be an init container.

    -
    -image
    - -string - -    		 -

    Image Image of the additional container.

    -
    -containerName
    - -string - -    		 -

    ContainerName name of the additional container.

    -
    -command
    - -[]string - -    		 -

    Command command for the additional container.

    -
    -imagePullPolicy
    - - -Kubernetes core/v1.PullPolicy - - -    		 -(Optional) -

    ImagePullPolicy If not present, will be taken from top level spec.

    -
    -args
    - -[]string - -    		 -(Optional) -

    Args Arguments to call the command.

    -
    -securityContext
    - - -Kubernetes core/v1.SecurityContext - - -    		 -(Optional) -

    ContainerSecurityContext If not present, will be taken from top level pod.

    -
    -resources
    - - -Kubernetes core/v1.ResourceRequirements - - -    		 -(Optional) -

    Resources Kubernetes Native resources specification.

    -
    -volumeMounts
    - - -[]Kubernetes core/v1.VolumeMount - - -    		 -(Optional) -

    VolumeMounts Kubernetes Native VolumeMount specification.

    -
    -env
    - - -[]Kubernetes core/v1.EnvVar - - -    		 -(Optional) -

    Env Environment variables for the additional container.

    -
    -envFrom
    - - -[]Kubernetes core/v1.EnvFromSource - - -    		 -(Optional) -

    EnvFrom Extra environment variables from remote source (ConfigMaps, Secrets…).

    -
    -
    -
    -

    DeepStorageSpec -

    -

    -(Appears on: -DruidSpec) -

    -

    DeepStorageSpec IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator.

    -
    -
    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -type
    - -string - -    		 -
    -spec
    - -encoding/json.RawMessage - -    		 -
    -
    - -
    -
    -
    -
    -

    Druid -

    -

    Druid is the Schema for the druids API.

    -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -metadata
    - - -Kubernetes meta/v1.ObjectMeta - - -    		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
    -spec
    - - -DruidSpec - - -    		 -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    -ignored
    - -bool - -    		 -(Optional) -

    Ignored is now deprecated API. In order to avoid reconciliation of objects use the -druid.apache.org/ignored: "true" annotation.

    -
    -common.runtime.properties
    - -string - -    		 -

    CommonRuntimeProperties Content fo the common.runtime.properties configuration file.

    -
    -extraCommonConfig
    - - -[]*k8s.io/api/core/v1.ObjectReference - - -    		 -(Optional) -

    ExtraCommonConfig References to ConfigMaps holding more configuration files to mount to the -common configuration path.

    -
    -forceDeleteStsPodOnError
    - -bool - -    		 -(Optional) -

    ForceDeleteStsPodOnError Delete the StatefulSet’s pods if the StatefulSet is set to ordered ready. -issue: https://github.com/kubernetes/kubernetes/issues/67250 -doc: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#forced-rollback

    -
    -scalePvcSts
    - -bool - -    		 -(Optional) -

    ScalePvcSts When enabled, operator will allow volume expansion of StatefulSet’s PVCs.

    -
    -commonConfigMountPath
    - -string - -    		 -(Optional) -

    CommonConfigMountPath In-container directory to mount the Druid common configuration

    -
    -disablePVCDeletionFinalizer
    - -bool - -    		 -(Optional) -

    DisablePVCDeletionFinalizer Whether PVCs shall be deleted on the deletion of the Druid cluster.

    -
    -deleteOrphanPvc
    - -bool - -    		 -(Optional) -

    DeleteOrphanPvc Orphaned (unmounted PVCs) shall be cleaned up by the operator.

    -
    -startScript
    - -string - -    		 -(Optional) -

    StartScript Path to Druid’s start script to be run on start.

    -
    -image
    - -string - -    		 -(Optional) -

    Image Required here or at the NodeSpec level.

    -
    -serviceAccount
    - -string - -    		 -(Optional) -

    ServiceAccount

    -
    -imagePullSecrets
    - - -[]Kubernetes core/v1.LocalObjectReference - - -    		 -(Optional) -

    ImagePullSecrets

    -
    -imagePullPolicy
    - - -Kubernetes core/v1.PullPolicy - - -    		 -(Optional) -

    ImagePullPolicy

    -
    -env
    - - -[]Kubernetes core/v1.EnvVar - - -    		 -(Optional) -

    Env Environment variables for druid containers.

    -
    -envFrom
    - - -[]Kubernetes core/v1.EnvFromSource - - -    		 -(Optional) -

    EnvFrom Extra environment variables from remote source (ConfigMaps, Secrets…).

    -
    -jvm.options
    - -string - -    		 -(Optional) -

    JvmOptions Contents of the shared jvm.options configuration file for druid JVM processes.

    -
    -log4j.config
    - -string - -    		 -(Optional) -

    Log4jConfig contents log4j.config configuration file.

    -
    -securityContext
    - - -Kubernetes core/v1.PodSecurityContext - - -    		 -(Optional) -

    PodSecurityContext

    -
    -containerSecurityContext
    - - -Kubernetes core/v1.SecurityContext - - -    		 -(Optional) -

    ContainerSecurityContext

    -
    -volumeClaimTemplates
    - - -[]Kubernetes core/v1.PersistentVolumeClaim - - -    		 -(Optional) -

    VolumeClaimTemplates Kubernetes Native VolumeClaimTemplate specification.

    -
    -volumeMounts
    - - -[]Kubernetes core/v1.VolumeMount - - -    		 -(Optional) -

    VolumeMounts Kubernetes Native VolumeMount specification.

    -
    -volumes
    - - -[]Kubernetes core/v1.Volume - - -    		 -(Optional) -

    Volumes Kubernetes Native Volumes specification.

    -
    -podAnnotations
    - -map[string]string - -    		 -(Optional) -

    PodAnnotations Custom annotations to be populated in Druid pods.

    -
    -workloadAnnotations
    - -map[string]string - -    		 -(Optional) -

    WorkloadAnnotations annotations to be populated in StatefulSet or Deployment spec. -if the same key is specified at both the DruidNodeSpec level and DruidSpec level, the DruidNodeSpec WorkloadAnnotations will take precedence.

    -
    -podManagementPolicy
    - - -Kubernetes apps/v1.PodManagementPolicyType - - -    		 -(Optional) -

    PodManagementPolicy

    -
    -podLabels
    - -map[string]string - -    		 -(Optional) -

    PodLabels Custom labels to be populated in Druid pods.

    -
    -priorityClassName
    - -string - -    		 -(Optional) -

    PriorityClassName Kubernetes native priorityClassName specification.

    -
    -updateStrategy
    - - -Kubernetes apps/v1.StatefulSetUpdateStrategy - - -    		 -(Optional) -

    UpdateStrategy

    -
    -livenessProbe
    - - -Kubernetes core/v1.Probe - - -    		 -(Optional) -

    LivenessProbe -Port is set to druid.port if not specified with httpGet handler.

    -
    -readinessProbe
    - - -Kubernetes core/v1.Probe - - -    		 -(Optional) -

    ReadinessProbe -Port is set to druid.port if not specified with httpGet handler.

    -
    -startUpProbe
    - - -Kubernetes core/v1.Probe - - -    		 -(Optional) -

    StartUpProbe

    -
    -services
    - - -[]Kubernetes core/v1.Service - - -    		 -(Optional) -

    Services Kubernetes services to be created for each workload.

    -
    -nodeSelector
    - -map[string]string - -    		 -(Optional) -

    NodeSelector Kubernetes native nodeSelector specification.

    -
    -tolerations
    - - -[]Kubernetes core/v1.Toleration - - -    		 -(Optional) -

    Tolerations Kubernetes native tolerations specification.

    -
    -affinity
    - - -Kubernetes core/v1.Affinity - - -    		 -(Optional) -

    Affinity Kubernetes native affinity specification.

    -
    -nodes
    - - -map[string]./apis/druid/v1alpha1.DruidNodeSpec - - -    		 -

    Nodes a list of Druid Node types and their configurations. -DruidSpec is used to create Kubernetes workload specs. Many of the fields above can be overridden at the specific -NodeSpec level.

    -
    -additionalContainer
    - - -[]AdditionalContainer - - -    		 -(Optional) -

    AdditionalContainer defines additional sidecar containers to be deployed with the Druid pods.

    -
    -rollingDeploy
    - -bool - -    		 -(Optional) -

    RollingDeploy Whether to deploy the components in a rolling update as described in the documentation: -https://druid.apache.org/docs/latest/operations/rolling-updates.html -If set to true then operator checks the rollout status of previous version workloads before updating the next. -This will be done only for update actions.

    -
    -defaultProbes
    - -bool - -    		 -(Optional) -

    DefaultProbes If set to true this will add default probes (liveness / readiness / startup) for all druid components -but it won’t override existing probes

    -
    -zookeeper
    - - -ZookeeperSpec - - -    		 -(Optional) -

    Zookeeper IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator.

    -
    -metadataStore
    - - -MetadataStoreSpec - - -    		 -(Optional) -

    MetadataStore IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator.

    -
    -deepStorage
    - - -DeepStorageSpec - - -    		 -(Optional) -

    DeepStorage IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator.

    -
    -metricDimensions.json
    - -string - -    		 -(Optional) -

    DimensionsMapPath Custom Dimension Map Path for statsd emitter. -stastd documentation is described in the following documentation: -https://druid.apache.org/docs/latest/development/extensions-contrib/statsd.html

    -
    -hdfs-site.xml
    - -string - -    		 -(Optional) -

    HdfsSite Contents of hdfs-site.xml.

    -
    -core-site.xml
    - -string - -    		 -(Optional) -

    CoreSite Contents of core-site.xml.

    -
    -dynamicConfig
    - -k8s.io/apimachinery/pkg/runtime.RawExtension - -    		 -(Optional) -

    Dynamic Configurations for Druid. Applied through the dynamic configuration API.

    -
    -auth
    - -github.com/datainfrahq/druid-operator/pkg/druidapi.Auth - -    		 -(Optional) -
    -dnsPolicy
    - - -Kubernetes core/v1.DNSPolicy - - -    		 -(Optional) -

    See v1.DNSPolicy for more details.

    -
    -dnsConfig
    - - -Kubernetes core/v1.PodDNSConfig - - -    		 -(Optional) -

    See v1.PodDNSConfig for more details.

    -
    -
    -status
    - - -DruidClusterStatus - - -    		 -
    -
    -
    -

    DruidClusterStatus -

    -

    -(Appears on: -Druid) -

    -

    DruidClusterStatus Defines the observed state of Druid.

    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -druidNodeStatus
    - - -DruidNodeTypeStatus - - -    		 -

    INSERT ADDITIONAL STATUS FIELD - define observed state of cluster -Important: Run “make” to regenerate code after modifying this file

    -
    -statefulSets
    - -[]string - -    		 -
    -deployments
    - -[]string - -    		 -
    -services
    - -[]string - -    		 -
    -configMaps
    - -[]string - -    		 -
    -podDisruptionBudgets
    - -[]string - -    		 -
    -ingress
    - -[]string - -    		 -
    -hpAutoscalers
    - -[]string - -    		 -
    -pods
    - -[]string - -    		 -
    -persistentVolumeClaims
    - -[]string - -    		 -
    -
    -
    -

    DruidIngestion -

    -

    Ingestion is the Schema for the Ingestion API

    -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -metadata
    - - -Kubernetes meta/v1.ObjectMeta - - -    		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
    -spec
    - - -DruidIngestionSpec - - -    		 -
    -
    - - - - - - - - - - - - - - - - - -
    -suspend
    - -bool - -    		 -(Optional) -
    -druidCluster
    - -string - -    		 -
    -ingestion
    - - -IngestionSpec - - -    		 -
    -auth
    - -github.com/datainfrahq/druid-operator/pkg/druidapi.Auth - -    		 -(Optional) -
    -
    -status
    - - -DruidIngestionStatus - - -    		 -
    -
    -
    -

    DruidIngestionMethod -(string alias)

    -

    -(Appears on: -IngestionSpec) -

    -

    DruidIngestionSpec -

    -

    -(Appears on: -DruidIngestion) -

    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -suspend
    - -bool - -    		 -(Optional) -
    -druidCluster
    - -string - -    		 -
    -ingestion
    - - -IngestionSpec - - -    		 -
    -auth
    - -github.com/datainfrahq/druid-operator/pkg/druidapi.Auth - -    		 -(Optional) -
    -
    -
    -

    DruidIngestionStatus -

    -

    -(Appears on: -DruidIngestion) -

    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -taskId
    - -string - -    		 -
    -type
    - -string - -    		 -
    -status
    - - -Kubernetes core/v1.ConditionStatus - - -    		 -
    -reason
    - -string - -    		 -
    -message
    - -string - -    		 -
    -lastUpdateTime
    - - -Kubernetes meta/v1.Time - - -    		 -
    -currentIngestionSpec.json
    - -string - -    		 -

    CurrentIngestionSpec is a string instead of RawExtension to maintain compatibility with existing -IngestionSpecs that are stored as JSON strings.

    -
    -rules
    - -[]k8s.io/apimachinery/pkg/runtime.RawExtension - -    		 -
    -
    -
    -

    DruidNodeConditionType -(string alias)

    -

    -(Appears on: -DruidNodeTypeStatus) -

    -

    DruidNodeSpec -

    -

    -(Appears on: -DruidSpec) -

    -

    DruidNodeSpec Specification of Druid Node type and its configurations. -The key in following map can be arbitrary string that helps you identify resources for a specific nodeSpec. -It is used in the Kubernetes resources’ names, so it must be compliant with restrictions -placed on Kubernetes resource names: -https://kubernetes.io/docs/concepts/overview/working-with-objects/names/

    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -nodeType
    - -string - -    		 -

    NodeDruid Druid node type.

    -
    -druid.port
    - -int32 - -    		 -

    DruidPort Used by the Druid process.

    -
    -kind
    - -string - -    		 -(Optional) -

    Kind Can be StatefulSet or Deployment. -Note: volumeClaimTemplates are ignored when kind=Deployment

    -
    -replicas
    - -int32 - -    		 -(Optional) -

    Replicas replica of the workload

    -
    -podLabels
    - -map[string]string - -    		 -(Optional) -

    PodLabels Custom labels to be populated in the workload’s pods.

    -
    -podDisruptionBudgetSpec
    - - -Kubernetes policy/v1.PodDisruptionBudgetSpec - - -    		 -(Optional) -

    PodDisruptionBudgetSpec Kubernetes native podDisruptionBudget specification.

    -
    -priorityClassName
    - -string - -    		 -(Optional) -

    PriorityClassName Kubernetes native priorityClassName specification.

    -
    -runtime.properties
    - -string - -    		 -

    RuntimeProperties Additional runtime configuration for the specific workload.

    -
    -jvm.options
    - -string - -    		 -(Optional) -

    JvmOptions overrides JvmOptions at top level.

    -
    -extra.jvm.options
    - -string - -    		 -(Optional) -

    ExtraJvmOptions Appends extra jvm options to the JvmOptions field.

    -
    -log4j.config
    - -string - -    		 -(Optional) -

    Log4jConfig Overrides Log4jConfig at top level.

    -
    -nodeConfigMountPath
    - -string - -    		 -

    NodeConfigMountPath in-container directory to mount with runtime.properties, jvm.config, log4j2.xml files.

    -
    -services
    - - -[]Kubernetes core/v1.Service - - -    		 -(Optional) -

    Services Overrides services at top level.

    -
    -tolerations
    - - -[]Kubernetes core/v1.Toleration - - -    		 -(Optional) -

    Tolerations Kubernetes native tolerations specification.

    -
    -affinity
    - - -Kubernetes core/v1.Affinity - - -    		 -(Optional) -

    Affinity Kubernetes native affinity specification.

    -
    -nodeSelector
    - -map[string]string - -    		 -(Optional) -

    NodeSelector Kubernetes native nodeSelector specification.

    -
    -terminationGracePeriodSeconds
    - -int64 - -    		 -(Optional) -

    TerminationGracePeriodSeconds

    -
    -ports
    - - -[]Kubernetes core/v1.ContainerPort - - -    		 -(Optional) -

    Ports Extra ports to be added to pod spec.

    -
    -image
    - -string - -    		 -(Optional) -

    Image Overrides image from top level, Required if no image specified at top level.

    -
    -imagePullSecrets
    - - -[]Kubernetes core/v1.LocalObjectReference - - -    		 -(Optional) -

    ImagePullSecrets Overrides imagePullSecrets from top level.

    -
    -imagePullPolicy
    - - -Kubernetes core/v1.PullPolicy - - -    		 -(Optional) -

    ImagePullPolicy Overrides imagePullPolicy from top level.

    -
    -env
    - - -[]Kubernetes core/v1.EnvVar - - -    		 -(Optional) -

    Env Environment variables for druid containers.

    -
    -envFrom
    - - -[]Kubernetes core/v1.EnvFromSource - - -    		 -(Optional) -

    EnvFrom Extra environment variables from remote source (ConfigMaps, Secrets…).

    -
    -resources
    - - -Kubernetes core/v1.ResourceRequirements - - -    		 -(Optional) -

    Resources Kubernetes Native resources specification.

    -
    -securityContext
    - - -Kubernetes core/v1.PodSecurityContext - - -    		 -(Optional) -

    PodSecurityContext Overrides securityContext at top level.

    -
    -containerSecurityContext
    - - -Kubernetes core/v1.SecurityContext - - -    		 -(Optional) -

    ContainerSecurityContext

    -
    -podAnnotations
    - -map[string]string - -    		 -(Optional) -

    PodAnnotations Custom annotation to be populated in the workload’s pods.

    -
    -podManagementPolicy
    - - -Kubernetes apps/v1.PodManagementPolicyType - - -    		 -(Optional) -

    PodManagementPolicy

    -
    -maxSurge
    - -int32 - -    		 -(Optional) -

    MaxSurge For Deployment object only. -Set to 25% by default.

    -
    -maxUnavailable
    - -int32 - -    		 -(Optional) -

    MaxUnavailable For deployment object only. -Set to 25% by default

    -
    -updateStrategy
    - - -Kubernetes apps/v1.StatefulSetUpdateStrategy - - -    		 -(Optional) -

    UpdateStrategy

    -
    -livenessProbe
    - - -Kubernetes core/v1.Probe - - -    		 -(Optional) -

    LivenessProbe -Port is set to druid.port if not specified with httpGet handler.

    -
    -readinessProbe
    - - -Kubernetes core/v1.Probe - - -    		 -(Optional) -

    ReadinessProbe -Port is set to druid.port if not specified with httpGet handler.

    -
    -startUpProbe
    - - -Kubernetes core/v1.Probe - - -    		 -(Optional) -

    StartUpProbe

    -
    -ingressAnnotations
    - -map[string]string - -    		 -(Optional) -

    IngressAnnotations Ingress annotations to be populated in ingress spec.

    -
    -workloadAnnotations
    - -map[string]string - -    		 -(Optional) -

    WorkloadAnnotations annotations to be populated in StatefulSet or Deployment spec.

    -
    -ingress
    - - -Kubernetes networking/v1.IngressSpec - - -    		 -(Optional) -

    Ingress Kubernetes Native Ingress specification.

    -
    -persistentVolumeClaim
    - - -[]Kubernetes core/v1.PersistentVolumeClaim - - -    		 -(Optional) -

    VolumeClaimTemplates Kubernetes Native VolumeClaimTemplate specification.

    -
    -lifecycle
    - - -Kubernetes core/v1.Lifecycle - - -    		 -(Optional) -

    Lifecycle

    -
    -hpAutoscaler
    - - -Kubernetes autoscaling/v2.HorizontalPodAutoscalerSpec - - -    		 -(Optional) -

    HPAutoScaler Kubernetes Native HorizontalPodAutoscaler specification.

    -
    -topologySpreadConstraints
    - - -[]Kubernetes core/v1.TopologySpreadConstraint - - -    		 -(Optional) -

    TopologySpreadConstraints Kubernetes Native topologySpreadConstraints specification.

    -
    -volumeClaimTemplates
    - - -[]Kubernetes core/v1.PersistentVolumeClaim - - -    		 -(Optional) -

    VolumeClaimTemplates Kubernetes Native volumeClaimTemplates specification.

    -
    -volumeMounts
    - - -[]Kubernetes core/v1.VolumeMount - - -    		 -(Optional) -

    VolumeMounts Kubernetes Native volumeMounts specification.

    -
    -volumes
    - - -[]Kubernetes core/v1.Volume - - -    		 -(Optional) -

    Volumes Kubernetes Native volumes specification.

    -
    -additionalContainer
    - - -[]AdditionalContainer - - -    		 -(Optional) -

    Operator deploys the sidecar container based on these properties.

    -
    -serviceAccountName
    - -string - -    		 -(Optional) -

    ServiceAccountName Kubernetes native serviceAccountName specification.

    -
    -dynamicConfig
    - -k8s.io/apimachinery/pkg/runtime.RawExtension - -    		 -(Optional) -

    Dynamic Configurations for Druid. Applied through the dynamic configuration API.

    -
    -dnsPolicy
    - - -Kubernetes core/v1.DNSPolicy - - -    		 -(Optional) -

    See v1.DNSPolicy for more details.

    -
    -dnsConfig
    - - -Kubernetes core/v1.PodDNSConfig - - -    		 -(Optional) -

    See v1.PodDNSConfig for more details.

    -
    -
    -
    -

    DruidNodeTypeStatus -

    -

    -(Appears on: -DruidClusterStatus) -

    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -druidNode
    - -string - -    		 -
    -druidNodeConditionStatus
    - - -Kubernetes core/v1.ConditionStatus - - -    		 -
    -druidNodeConditionType
    - - -DruidNodeConditionType - - -    		 -
    -reason
    - -string - -    		 -
    -
    -
    -

    DruidSpec -

    -

    -(Appears on: -Druid) -

    -

    DruidSpec defines the desired state of the Druid cluster.

    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -ignored
    - -bool - -    		 -(Optional) -

    Ignored is now deprecated API. In order to avoid reconciliation of objects use the -druid.apache.org/ignored: "true" annotation.

    -
    -common.runtime.properties
    - -string - -    		 -

    CommonRuntimeProperties Content fo the common.runtime.properties configuration file.

    -
    -extraCommonConfig
    - - -[]*k8s.io/api/core/v1.ObjectReference - - -    		 -(Optional) -

    ExtraCommonConfig References to ConfigMaps holding more configuration files to mount to the -common configuration path.

    -
    -forceDeleteStsPodOnError
    - -bool - -    		 -(Optional) -

    ForceDeleteStsPodOnError Delete the StatefulSet’s pods if the StatefulSet is set to ordered ready. -issue: https://github.com/kubernetes/kubernetes/issues/67250 -doc: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#forced-rollback

    -
    -scalePvcSts
    - -bool - -    		 -(Optional) -

    ScalePvcSts When enabled, operator will allow volume expansion of StatefulSet’s PVCs.

    -
    -commonConfigMountPath
    - -string - -    		 -(Optional) -

    CommonConfigMountPath In-container directory to mount the Druid common configuration

    -
    -disablePVCDeletionFinalizer
    - -bool - -    		 -(Optional) -

    DisablePVCDeletionFinalizer Whether PVCs shall be deleted on the deletion of the Druid cluster.

    -
    -deleteOrphanPvc
    - -bool - -    		 -(Optional) -

    DeleteOrphanPvc Orphaned (unmounted PVCs) shall be cleaned up by the operator.

    -
    -startScript
    - -string - -    		 -(Optional) -

    StartScript Path to Druid’s start script to be run on start.

    -
    -image
    - -string - -    		 -(Optional) -

    Image Required here or at the NodeSpec level.

    -
    -serviceAccount
    - -string - -    		 -(Optional) -

    ServiceAccount

    -
    -imagePullSecrets
    - - -[]Kubernetes core/v1.LocalObjectReference - - -    		 -(Optional) -

    ImagePullSecrets

    -
    -imagePullPolicy
    - - -Kubernetes core/v1.PullPolicy - - -    		 -(Optional) -

    ImagePullPolicy

    -
    -env
    - - -[]Kubernetes core/v1.EnvVar - - -    		 -(Optional) -

    Env Environment variables for druid containers.

    -
    -envFrom
    - - -[]Kubernetes core/v1.EnvFromSource - - -    		 -(Optional) -

    EnvFrom Extra environment variables from remote source (ConfigMaps, Secrets…).

    -
    -jvm.options
    - -string - -    		 -(Optional) -

    JvmOptions Contents of the shared jvm.options configuration file for druid JVM processes.

    -
    -log4j.config
    - -string - -    		 -(Optional) -

    Log4jConfig contents log4j.config configuration file.

    -
    -securityContext
    - - -Kubernetes core/v1.PodSecurityContext - - -    		 -(Optional) -

    PodSecurityContext

    -
    -containerSecurityContext
    - - -Kubernetes core/v1.SecurityContext - - -    		 -(Optional) -

    ContainerSecurityContext

    -
    -volumeClaimTemplates
    - - -[]Kubernetes core/v1.PersistentVolumeClaim - - -    		 -(Optional) -

    VolumeClaimTemplates Kubernetes Native VolumeClaimTemplate specification.

    -
    -volumeMounts
    - - -[]Kubernetes core/v1.VolumeMount - - -    		 -(Optional) -

    VolumeMounts Kubernetes Native VolumeMount specification.

    -
    -volumes
    - - -[]Kubernetes core/v1.Volume - - -    		 -(Optional) -

    Volumes Kubernetes Native Volumes specification.

    -
    -podAnnotations
    - -map[string]string - -    		 -(Optional) -

    PodAnnotations Custom annotations to be populated in Druid pods.

    -
    -workloadAnnotations
    - -map[string]string - -    		 -(Optional) -

    WorkloadAnnotations annotations to be populated in StatefulSet or Deployment spec. -if the same key is specified at both the DruidNodeSpec level and DruidSpec level, the DruidNodeSpec WorkloadAnnotations will take precedence.

    -
    -podManagementPolicy
    - - -Kubernetes apps/v1.PodManagementPolicyType - - -    		 -(Optional) -

    PodManagementPolicy

    -
    -podLabels
    - -map[string]string - -    		 -(Optional) -

    PodLabels Custom labels to be populated in Druid pods.

    -
    -priorityClassName
    - -string - -    		 -(Optional) -

    PriorityClassName Kubernetes native priorityClassName specification.

    -
    -updateStrategy
    - - -Kubernetes apps/v1.StatefulSetUpdateStrategy - - -    		 -(Optional) -

    UpdateStrategy

    -
    -livenessProbe
    - - -Kubernetes core/v1.Probe - - -    		 -(Optional) -

    LivenessProbe -Port is set to druid.port if not specified with httpGet handler.

    -
    -readinessProbe
    - - -Kubernetes core/v1.Probe - - -    		 -(Optional) -

    ReadinessProbe -Port is set to druid.port if not specified with httpGet handler.

    -
    -startUpProbe
    - - -Kubernetes core/v1.Probe - - -    		 -(Optional) -

    StartUpProbe

    -
    -services
    - - -[]Kubernetes core/v1.Service - - -    		 -(Optional) -

    Services Kubernetes services to be created for each workload.

    -
    -nodeSelector
    - -map[string]string - -    		 -(Optional) -

    NodeSelector Kubernetes native nodeSelector specification.

    -
    -tolerations
    - - -[]Kubernetes core/v1.Toleration - - -    		 -(Optional) -

    Tolerations Kubernetes native tolerations specification.

    -
    -affinity
    - - -Kubernetes core/v1.Affinity - - -    		 -(Optional) -

    Affinity Kubernetes native affinity specification.

    -
    -nodes
    - - -map[string]./apis/druid/v1alpha1.DruidNodeSpec - - -    		 -

    Nodes a list of Druid Node types and their configurations. -DruidSpec is used to create Kubernetes workload specs. Many of the fields above can be overridden at the specific -NodeSpec level.

    -
    -additionalContainer
    - - -[]AdditionalContainer - - -    		 -(Optional) -

    AdditionalContainer defines additional sidecar containers to be deployed with the Druid pods.

    -
    -rollingDeploy
    - -bool - -    		 -(Optional) -

    RollingDeploy Whether to deploy the components in a rolling update as described in the documentation: -https://druid.apache.org/docs/latest/operations/rolling-updates.html -If set to true then operator checks the rollout status of previous version workloads before updating the next. -This will be done only for update actions.

    -
    -defaultProbes
    - -bool - -    		 -(Optional) -

    DefaultProbes If set to true this will add default probes (liveness / readiness / startup) for all druid components -but it won’t override existing probes

    -
    -zookeeper
    - - -ZookeeperSpec - - -    		 -(Optional) -

    Zookeeper IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator.

    -
    -metadataStore
    - - -MetadataStoreSpec - - -    		 -(Optional) -

    MetadataStore IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator.

    -
    -deepStorage
    - - -DeepStorageSpec - - -    		 -(Optional) -

    DeepStorage IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator.

    -
    -metricDimensions.json
    - -string - -    		 -(Optional) -

    DimensionsMapPath Custom Dimension Map Path for statsd emitter. -stastd documentation is described in the following documentation: -https://druid.apache.org/docs/latest/development/extensions-contrib/statsd.html

    -
    -hdfs-site.xml
    - -string - -    		 -(Optional) -

    HdfsSite Contents of hdfs-site.xml.

    -
    -core-site.xml
    - -string - -    		 -(Optional) -

    CoreSite Contents of core-site.xml.

    -
    -dynamicConfig
    - -k8s.io/apimachinery/pkg/runtime.RawExtension - -    		 -(Optional) -

    Dynamic Configurations for Druid. Applied through the dynamic configuration API.

    -
    -auth
    - -github.com/datainfrahq/druid-operator/pkg/druidapi.Auth - -    		 -(Optional) -
    -dnsPolicy
    - - -Kubernetes core/v1.DNSPolicy - - -    		 -(Optional) -

    See v1.DNSPolicy for more details.

    -
    -dnsConfig
    - - -Kubernetes core/v1.PodDNSConfig - - -    		 -(Optional) -

    See v1.PodDNSConfig for more details.

    -
    -
    -
    -

    IngestionSpec -

    -

    -(Appears on: -DruidIngestionSpec) -

    -
    -
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -type
    - - -DruidIngestionMethod - - -    		 -
    -spec
    - -string - -    		 -(Optional) -

    Spec should be passed in as a JSON string. -Note: This field is planned for deprecation in favor of nativeSpec.

    -
    -
    - -
    -
    -nativeSpec
    - -k8s.io/apimachinery/pkg/runtime.RawExtension - -    		 -(Optional) -

    nativeSpec allows the ingestion specification to be defined in a native Kubernetes format. -This is particularly useful for environment-specific configurations and will eventually -replace the JSON-based Spec field. -Note: Spec will be ignored if nativeSpec is provided.

    -
    -compaction
    - -k8s.io/apimachinery/pkg/runtime.RawExtension - -    		 -(Optional) -
    -rules
    - -[]k8s.io/apimachinery/pkg/runtime.RawExtension - -    		 -(Optional) -
    -
    -
    -

    MetadataStoreSpec -

    -

    -(Appears on: -DruidSpec) -

    -

    MetadataStoreSpec IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator.

    -
    -
    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -type
    - -string - -    		 -
    -spec
    - -encoding/json.RawMessage - -    		 -
    -
    - -
    -
    -
    -
    -

    ZookeeperSpec -

    -

    -(Appears on: -DruidSpec) -

    -

    ZookeeperSpec IGNORED (Future API): In order to make Druid dependency setup extensible from within Druid operator.

    -
    -
    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -type
    - -string - -    		 -
    -spec
    - -encoding/json.RawMessage - -    		 -
    -
    - -
    -
    -
    -
    -
    -

    This page was automatically generated with gen-crd-api-reference-docs

    -
    diff --git a/druid-operator/docs/dev_doc.md b/druid-operator/docs/dev_doc.md deleted file mode 100644 index 444ad475e6d7..000000000000 --- a/druid-operator/docs/dev_doc.md +++ /dev/null @@ -1,80 +0,0 @@ - - -## Dev Dependencies - -- Golang 1.20+ -- Kubebuilder v3 -- It is recommended to install kind since the project's e2e tests are using it. - -## Running Operator Locally -We're using Kubebuilder so we are working with its `Makefile` and extra custom commands: -```shell -# If needed, create a kubernetes cluster (requires kind) -make kind - -# Install the CRDs -make install - -# Run the operator locally -make run -``` - -## Watch a namespace -```shell -# Watch all namespaces -export WATCH_NAMESPACE="" - -# Watch a single namespace -export WATCH_NAMESPACE="mynamespace" - -# Watch all namespaces except: kube-system, default -export DENY_LIST="kube-system,default" -``` - -## Building The Operator Docker Image -```shell -make docker-build - -# In case you want to build it with a custom image: -make docker-build IMG=custom-name:custom-tag -``` - -## Testing -Before submitting a PR, make sure the tests are running successfully. -```shell -# Run unit tests -make test - -# Run E2E tests (requires kind) -make e2e -``` - -## Documentation -If you changed the CRD API, please make sure the documentation is also updated: -```shell -make api-docs -``` - -## Help -The `Makefile` should contain all commands with explanations. You can also run: -```shell -# For help -make help -``` diff --git a/druid-operator/docs/druid_cr.md b/druid-operator/docs/druid_cr.md deleted file mode 100644 index 8700b963526d..000000000000 --- a/druid-operator/docs/druid_cr.md +++ /dev/null @@ -1,136 +0,0 @@ - - -## Druid CR Spec - -- Druid CR has a ```clusterSpec``` which is common for all the druid nodes deployed and a ```nodeSpec``` which is specific to druid nodes. -- Some key values are ```Required```, ie they must be present in the spec to get the cluster deployed. Other's are optional. -- For full details on spec refer to ```pkg/apis/druid/v1alpha1/druid_types.go``` -- The operator supports both deployments and statefulsets for druid Nodes. ```kind``` can be specified in the druid NodeSpec's to ```Deployment``` / ```StatefulSet```. -- ```NOTE: The default behavior shall provision all the nodes as statefulsets.``` -- The following are cluster scoped and common to all the druid nodes. - -```yaml -spec: - # Enable rolling deploy for druid, not required but suggested for production setup - # more information in features.md and in druid documentation - # http://druid.io/docs/latest/operations/rolling-updates.html - rollingDeploy: true - # Image for druid, Required Key - image: apache/druid:25.0.0 - .... - # Optionally specify image for all nodes. Can be specify on nodes also - # imagePullSecrets: - # - name: tutu - .... - # Entrypoint for druid cluster, Required Key - startScript: /druid.sh - ... - # Labels populated by pods - podLabels: - .... - # Pod Security Context - securityContext: - ... - # Service Spec created for all nodes - services: - ... - # Mount Path to mount the common runtime,jvm and log4xml configs inside druid pods. Required Key - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - ... - # JVM Options common for all druid nodes - jvm.options: |- - ... - # log4j.config common for all druid nodes - - log4j.config: |- - # common runtime properties for all druid nodes - common.runtime.properties: | - ``` - -- The following are specific to a node. - - ```yaml - nodes: - # String value, can be anything to define a node name. - brokers: - # nodeType can be broker, historical, middleManager, indexer, router, coordinator and overlord. - # Required Key - nodeType: "broker" - # Optionally specify for broker nodes - # imagePullSecrets: - # - name: tutu - # Port for the node - druid.port: 8088 - # MountPath where are the all node properties get mounted as configMap - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - # replica count, required must be greater than > 0. - replicas: 1 - # Runtime Properties for the node - # Required Key - runtime.properties: | - ... -``` - -## Authentication Setup - -Authentication can be configured to secure communication with the cluster API using credentials stored in Kubernetes secrets. - -Currently this is used for compaction, rules, dynamic configs, and ingestion configurations. - -This not only applies to the `Druid` CR but also to the `DruidIngestion` CR. - -### Configuring Basic Authentication - -To use basic authentication, you need to create a Kubernetes secret containing the username and password. This secret is then referenced in the Druid CR. - -Steps to Configure Basic Authentication: - -1. **Create a Kubernetes Secret:** Store your username and password in a Kubernetes secret. Below is an example of how to define the secret in a YAML file: - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: mycluster-admin-operator - namespace: druid -type: Opaque -data: - OperatorUserName: - OperatorPassword: -``` - -Replace and with the base64-encoded values of your desired username and password. - -2. Define Authentication in the Druid CRD: Reference the secret in your Druid custom resource. Here is an example `Druid`: - -```yaml -apiVersion: druid.apache.org/v1alpha1 -kind: Druid -metadata: - name: agent -spec: - auth: - secretRef: - name: mycluster-admin-operator - namespace: druid - type: basic-auth -``` - -This configuration specifies that the Druid cluster should use basic authentication with credentials retrieved from the mycluster-admin-operator secret. diff --git a/druid-operator/docs/examples.md b/druid-operator/docs/examples.md deleted file mode 100644 index 1f8f4b6d326d..000000000000 --- a/druid-operator/docs/examples.md +++ /dev/null @@ -1,285 +0,0 @@ - - -## Configure Hot/Cold for Historical Pods -```yaml -... - nodes: - hot: - druid.port: 8083 - env: - - name: DRUID_XMS - value: 2g - - name: DRUID_XMX - value: 2g - - name: DRUID_MAXDIRECTMEMORYSIZE - value: 2g - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status/health - port: 8083 - initialDelaySeconds: 1800 - periodSeconds: 5 - nodeConfigMountPath: /opt/druid/conf/druid/cluster/data/historical - nodeType: historical - podDisruptionBudgetSpec: - maxUnavailable: 1 - readinessProbe: - failureThreshold: 18 - httpGet: - path: /druid/historical/v1/readiness - port: 8083 - periodSeconds: 10 - replicas: 1 - resources: - limits: - cpu: 3 - memory: 6Gi - requests: - cpu: 1 - memory: 1Gi - runtime.properties: - druid.plaintextPort=8083 - druid.service=druid/historical/hot - cold: - druid.port: 8083 - env: - - name: DRUID_XMS - value: 1500m - - name: DRUID_XMX - value: 1500m - - name: DRUID_MAXDIRECTMEMORYSIZE - value: 2g - livenessProbe: - failureThreshold: 3 - httpGet: - path: /status/health - port: 8083 - initialDelaySeconds: 1800 - periodSeconds: 5 - nodeConfigMountPath: /opt/druid/conf/druid/cluster/data/historical - nodeType: historical - podDisruptionBudgetSpec: - maxUnavailable: 1 - readinessProbe: - failureThreshold: 18 - httpGet: - path: /druid/historical/v1/readiness - port: 8083 - periodSeconds: 10 - replicas: 1 - resources: - limits: - cpu: 4 - memory: 3.5Gi - requests: - cpu: 1 - memory: 1Gi - runtime.properties: - druid.plaintextPort=8083 - druid.service=druid/historical/cold -... -``` - -## Override default Probes -```yaml -... - nodes: - brokers: - kind: Deployment - nodeType: "broker" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 2 - podDisruptionBudgetSpec: - maxUnavailable: 1 - selector: - matchLabels: - app: druid - component: broker - livenessProbe: - httpGet: - path: /status/health - port: 8088 - failureThreshold: 10 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - readinessProbe: - httpGet: - path: /status/health - port: 8088 - failureThreshold: 10 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - resources: - limits: - cpu: "4" - memory: "8Gi" - requests: - cpu: "2" - memory: "4Gi" -... -``` - -## Configure Ingress -```yaml -... - nodes: - brokers: - nodeType: "broker" - druid.port: 8080 - ingressAnnotations: - "nginx.ingress.kubernetes.io/rewrite-target": "/" - ingress: - ingressClassName: nginx # specific to ingress controllers. - rules: - - host: broker.myhostname.com - http: - paths: - - backend: - service: - name: broker_svc - port: - name: http - path: / - pathType: ImplementationSpecific - tls: - - hosts: - - broker.myhostname.com - secretName: tls-broker-druid-cluster -... -``` - -## Configure Additional Containers -```yaml -apiVersion: druid.apache.org/v1alpha1 -kind: Druid -metadata: - name: additional-containers -spec: - additionalContainer: - - command: - - /bin/sh echo hello - containerName: cluster-level - image: hello-world - nodes: - brokers: - additionalContainer: - - command: - - /bin/sh echo hello - containerName: node-level - image: hello-world -``` - -## Add additional configuration file into _common directory -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: hadoop-mapred-site.xml -data: - mapred-site.xml: | - - - - - dfs.nameservices - ... - - ---- -apiVersion: druid.apache.org/v1alpha1 -kind: Druid -metadata: - name: druid -spec: - extraCommonConfig: - - name: hadoop-mapred-site.xml - namespace: druid -... -``` - -## Install hadoop-dependencies With Init Container -```yaml -spec: - volumeMounts: - - mountPath: /opt/druid/hadoop-dependencies - name: hadoop-dependencies - volumes: - - emptyDir: - sizeLimit: 500Mi - name: hadoop-dependencies - additionalContainer: - - command: - - java - - -cp - - lib/* - - -Ddruid.extensions.hadoopDependenciesDir=/hadoop-dependencies - - org.apache.druid.cli.Main - - tools - - pull-deps - - -h - - org.apache.hadoop:hadoop-client:3.3.0 - - --no-default-hadoop - containerName: hadoop-dependencies - image: apache/druid:25.0.0 - runAsInit: true - volumeMounts: - - mountPath: /hadoop-dependencies - name: hadoop-dependencies -``` - -## Secure Metadata Storage password - -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: metadata-storage-password - namespace: -type: Opaque -data: - METADATA_STORAGE_PASSWORD: ---- -apiVersion: druid.apache.org/v1alpha1 -kind: Druid -metadata: - name: druid -spec: - envFrom: - - secretRef: - name: metadata-storage-password - nodes: - master: - runtime.properties: | - # General - druid.service=druid/coordinator - - # Metadata Storage - druid.metadata.storage.type= - druid.metadata.storage.connector.connectURI= - druid.metadata.storage.connector.user= - druid.metadata.storage.connector.password={ "type": "environment", "variable": "METADATA_STORAGE_PASSWORD" } -... -``` diff --git a/druid-operator/docs/features.md b/druid-operator/docs/features.md deleted file mode 100644 index 161cc502f526..000000000000 --- a/druid-operator/docs/features.md +++ /dev/null @@ -1,459 +0,0 @@ - - -# Features - -- [Deny List in Operator](#deny-list-in-operator) -- [Reconcile Time in Operator](#reconcile-time-in-operator) -- [Finalizer in Druid CR](#finalizer-in-druid-cr) -- [Deletion of Orphan PVCs](#deletion-of-orphan-pvcs) -- [Rolling Deploy](#rolling-deploy) -- [Force Delete of Sts Pods](#force-delete-of-sts-pods) -- [Horizontal Scaling of Druid Pods](#horizontal-scaling-of-druid-pods) -- [Volume Expansion of Druid Pods Running As StatefulSets](#volume-expansion-of-druid-pods-running-as-statefulsets) -- [Add Additional Containers to Druid Pods](#add-additional-containers-to-druid-pods) -- [Default Yet Configurable Probes](#default-yet-configurable-probes) - - -## Deny List in Operator -There may be use cases where we want the operator to watch all namespaces except a few -(might be due to security, testing flexibility, etc. reasons). -Druid operator supports such cases - in the chart, edit `env.DENY_LIST` to be a comma-seperated list. -For example: "default,kube-system" - -## Reconcile Time in Operator -As per operator pattern, *the druid operator reconciles every 10s* (default reconciliation time) to make sure -the desired state (in that case, the druid CR's spec) is in sync with the current state. -The reconciliation time can be adjusted - in the chart, add `env.RECONCILE_WAIT` to be a duration -in seconds. -Examples: "10s", "30s", "120s" - -## Finalizer in Druid CR -The Druid operator supports provisioning of StatefulSets and Deployments. When a StatefulSet is created, -a PVC is created along. When the Druid CR is deleted, the StatefulSet controller does not delete the PVC's -associated with it. -In case the PVC data is important and you wish to reclaim it, you can enable: `DisablePVCDeletionFinalizer: true` -in the Druid CR. -The default behavior is to trigger finalizers and pre-delete hooks that will be executed. They will first clean up the -StatefulSet and then the PVCs referenced to it. That means that after a -deletion of a Druid CR, any PVCs provisioned by a StatefulSet will be deleted. - -## Deletion of Orphan PVCs -There are some use-cases (the most popular is horizontal auto-scaling) where a StatefulSet scales down. In that case, -the statefulSet will terminate its owned pods but nit their attached PVCs which left orphaned and unused. -The operator support the ability to auto delete these PVCs. This can be enabled by setting `deleteOrphanPvc: true`. -⚠️ This feature is enabled by default. - -## Rolling Deploy -The operator supports Apache Druid's recommended rolling updates. It will do incremental updates in the order -specified in Druid's [documentation](https://druid.apache.org/docs/latest/operations/rolling-updates.html). -In case any of the node goes in pending/crashing state during an update, the operator halts the update and does -not continue with the update - this will require a manual intervention. -Default updates are done in parallel. Since cluster creation does not require a rolling update, they will be done -in parallel anyway. To enable this feature, set `rollingDeploy: true` in the Druid CR. -⚠️ This feature is enabled by default. - -## Force Delete of Sts Pods -During upgradeS, if THE StatefulSet is set to `OrderedReady` - the StatefulSet controller will not recover from -crash-loopback state. The issues is referenced [here](https://github.com/kubernetes/kubernetes/issues/67250). -Documentation reference: [doc](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#forced-rollback) -The operator solves this by using the `forceDeleteStsPodOnError` key, the operator will delete the sts pod if its in -crash-loopback state. -Example scenario: During upgrade, user rolls out a faulty configuration causing the historical pod going in crashing -state. Then, the user rolls out a valid configuration - the new configuration will not be applied unless user manually -delete the pods. To solve this scenario, the operator will delete the pod automatically without user intervention. - -``` -NOTE: User must be aware of this feature, there might be cases where crash-loopback might be caused due probe failure, -fault image etc, the operator will keep on deleting on each re-concile loop. Default Behavior is True. -``` - -## Horizontal Scaling of Druid Pods -The operator supports the `HPA autosaling/v2` specification in the `nodeSpec` for druid nodes. In case an HPA deployed, -the HPA controller maintains the replica count/state for the particular workload referenced. -Refer to `examples.md` for HPA configuration. - -``` -NOTE: This option in currently prefered to scale only brokers using HPA. In order to scale Middle Managers with HPA, -its recommended not to use HPA. Refer to these discussions which have adderessed the issues in details: -``` -1. -2. - -## Volume Expansion of Druid Pods Running As StatefulSets -``` -NOTE: This feature has been tested only on cloud environments and storage classes which have supported volume expansion. -This feature uses cascade=orphan strategy to make sure that only the StatefulSet is deleted and recreated and pods -are not deleted. -``` -Druid Nodes (specifically historical nodes) run as StatefulSets. Each StatefulSet replica has a PVC attached. The -`NodeSpec` in Druid CR has the key `volumeClaimTemplates` where users can define the PVC's storage class as well -as size. Currently, in Kubernetes, in case a user wants to increase the size in the node, the StatefulSets cannot -be directly updated. The Druid operator can perform a seamless update of the StatefulSet, and patch the -PVCs with the desired size defined in the druid CR. Behind the scenes, the operator performs a cascade deletion of the -StatefulSet, and patches the PVC. Cascade deletion has no affect to the pods running (queries are served and no -downtime is experienced). -While enabling this feature, the operator will check if volume expansion is supported in the storage class mentioned -in the druid CR, only then will it perform expansion. -This feature is disabled by default. To enable it set `scalePvcSts: true` in the Druid CR. -By default, this feature is disabled. -``` -IMPORTANT: Shrinkage of pvc's isnt supported - desiredSize cannot be less than currentSize as well as counts. -``` - -## Add Additional Containers to Druid Pods -The operator supports adding additional containers to run along with the druid pods. This helps support co-located, -co-managed helper processes for the primary druid application. This can be used for init containers, sidecars, -proxies etc. -To enable this features users just need to add new containers to the `AdditionalContainers` in the Druid spec API. -There are two scopes you can add additional container: - - Cluster scope: Under `spec.additionalContainer` which means that additional containers will be common to all the nodes. - - Node scope: Under `spec.nodes[NODE_TYPE].additionalContainer` which means that additional containers will be common to all the pods whithin a specific node group. - -## Default Yet Configurable Probes -The operator create the Deployments and StatefulSets with a default set of probes for each druid components. -These probes can be overriden by adding one of the probes in the `DruidSpec` (global) or under the -`NodeSpec` (component-scope). - -This feature is enabled by default. - -:warning: Disable this feature by settings : `defaultProbes: false` if you have the `kubernetes-overlord-extensions` enabled also named [middle manager less druid in k8s](https://druid.apache.org/docs/latest/development/extensions-contrib/k8s-jobs/) -more details are described here: https://github.com/datainfrahq/druid-operator/issues/97#issuecomment-1687048907 - -All the probes definitions are documented bellow: - -
    - -Coordinator, Overlord, MiddleManager, Router and Indexer probes - -```yaml - livenessProbe: - failureThreshold: 10 - httpGet: - path: /status/health - port: $druid.port - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 10 - httpGet: - path: /status/health - port: $druid.port - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 10 - httpGet: - path: /status/health - port: $druid.port - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 -``` - -
    - -
    - -Broker probes - - ```yaml - livenessProbe: - failureThreshold: 10 - httpGet: - path: /status/health - port: $druid.port - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 20 - httpGet: - path: /druid/broker/v1/readiness - port: $druid.port - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 20 - httpGet: - path: /druid/broker/v1/readiness - port: $druid.port - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - ``` -
    - -
    - -Historical probes - -```yaml - livenessProbe: - failureThreshold: 10 - httpGet: - path: /status/health - port: $druid.port - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/readiness - port: $druid.port - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - startUpProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/readiness - port: $druid.port - initialDelaySeconds: 180 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 -``` - -
    - -## Dynamic Configurations - -The Druid operator now supports specifying dynamic configurations directly within the Druid manifest. This feature allows for fine-tuned control over Druid's behavior at runtime by adjusting configurations dynamically. - - -### Overlord Dynamic Configurations - -Usage: Add overlord dynamic configurations under the middlemanagers section within the nodes element of the Druid manifest. - -
    - -Overlord Dynamic Configurations - -```yaml -spec: - nodes: - middlemanagers: - dynamicConfig: - type: default - selectStrategy: - type: fillCapacityWithCategorySpec - workerCategorySpec: - categoryMap: {} - strong: true - autoScaler: null -``` - -
    - -### Coordinator Dynamic Configurations - -Adjust coordinator settings to optimize data balancing and segment management. - -Usage: Include coordinator dynamic configurations in the coordinator section within the nodes element of the Druid manifest. - -Ensure all parameters are supported for the operator to properly configure dynamic configurations. - -
    - -Overlord Dynamic Configurations - -```yaml -spec: - nodes: - coordinators: - dynamicConfig: - millisToWaitBeforeDeleting: 900000 - mergeBytesLimit: 524288000 - mergeSegmentsLimit: 100 - maxSegmentsToMove: 5 - replicantLifetime: 15 - replicationThrottleLimit: 10 - balancerComputeThreads: 1 - killDataSourceWhitelist: [] - killPendingSegmentsSkipList: [] - maxSegmentsInNodeLoadingQueue: 100 - decommissioningNodes: [] - pauseCoordination: false - replicateAfterLoadTimeout: false - useRoundRobinSegmentAssignment: true -``` - -
    - -## nativeSpec Ingestion Configuration - -The `nativeSpec` feature in the Druid Ingestion Operator provides a flexible and robust way to define ingestion specifications directly within Kubernetes manifests using YAML format. This enhancement allows users to leverage Kubernetes-native formats, facilitating easier integration with Kubernetes tooling and practices while offering a more readable and maintainable configuration structure. - -### Key Benefits - -* **Kubernetes-Native Integration:** By using YAML, the `nativeSpec` aligns with Kubernetes standards, enabling seamless integration with Kubernetes-native tools and processes, such as kubectl, Helm, and GitOps workflows. -* **Improved Readability and Maintainability:** YAML's human-readable format makes it easier for operators and developers to understand and modify ingestion configurations without deep JSON knowledge or tools. -* **Enhanced Configuration Management:** Leveraging YAML facilitates the use of environment-specific configurations and overrides, making it easier to manage configurations across different stages of deployment (e.g., development, staging, production). - -### Usage - -Specifying nativeSpec in Kubernetes Manifests - -To use `nativeSpec`, define your ingestion specifications in YAML format under the `nativeSpec` field in the Druid Ingestion Custom Resource Definition (CRD). This field supercedes the traditional JSON `spec` field, providing a more integrated approach to configuration management. - -
    - -nativeSpec Example - -```yaml -apiVersion: druid.apache.org/v1alpha1 -kind: DruidIngestion -metadata: - labels: - app.kubernetes.io/name: druidingestion - app.kubernetes.io/instance: druidingestion-sample - name: kafka-1 -spec: - suspend: false - druidCluster: example-cluster - ingestion: - type: kafka - nativeSpec: - type: kafka - spec: - dataSchema: - dataSource: metrics-kafka-1 - timestampSpec: - column: timestamp - format: auto - dimensionsSpec: - dimensions: [] - dimensionExclusions: - - timestamp - - value - metricsSpec: - - name: count - type: count - - name: value_sum - fieldName: value - type: doubleSum - - name: value_min - fieldName: value - type: doubleMin - - name: value_max - fieldName: value - type: doubleMax - granularitySpec: - type: uniform - segmentGranularity: HOUR - queryGranularity: NONE - ioConfig: - topic: metrics - inputFormat: - type: json - consumerProperties: - bootstrap.servers: localhost:9092 - taskCount: 1 - replicas: 1 - taskDuration: PT1H - tuningConfig: - type: kafka - maxRowsPerSegment: 5000000 - -``` - -
    - -## Set Rules and Compaction in DruidIngestion - -### Rules - -Rules in Druid define automated behaviors such as data retention, load balancing, or replication. They can be configured in the Rules section of the `DruidIngestion` CRD. - -
    - -Rules Example - -```yaml -apiVersion: druid.apache.org/v1alpha1 -kind: DruidIngestion -metadata: - name: example-druid-ingestion -spec: - ingestion: - type: native-batch - rules: - - type: "loadForever" - tieredReplicants: - _default_tier: 2 - - type: "dropByPeriod" - period: "P7D" -``` - -
    - -### Compaction - -Compaction in Druid helps optimize data storage and query performance by merging smaller data segments into larger ones. The compaction configuration can be specified in the Compaction section of the DruidIngestion CRD. - -The Druid Operator ensures accurate application of compaction settings by: - -1. Retrieving Current Settings: It performs a GET request on the Druid API to fetch existing compaction settings. - -2. Comparing and Updating: If there is a discrepancy between current and desired settings specified in the Kubernetes CRD manifest, the operator updates Druid with the desired configuration. - -3. Ensuring Accuracy: This method ensures settings are correctly applied, addressing cases where Druid might return a 200 HTTP status code without saving the changes. - -
    - -Compaction Example - -```yaml -apiVersion: druid.apache.org/v1alpha1 -kind: DruidIngestion -metadata: - name: example-druid-ingestion -spec: - ingestion: - type: native-batch - compaction: - ioConfig: - type: "index_parallel" - inputSpec: - type: "dataSource" - dataSource: "my-data-source" - tuningConfig: - maxNumConcurrentSubTasks: 4 - granularitySpec: - segmentGranularity: "day" - queryGranularity: "none" - rollup: false - taskPriority: "high" - taskContext: '{"priority": 75}' -``` - -
    diff --git a/druid-operator/docs/getting_started.md b/druid-operator/docs/getting_started.md deleted file mode 100644 index 3e471baadbc3..000000000000 --- a/druid-operator/docs/getting_started.md +++ /dev/null @@ -1,101 +0,0 @@ - - -# Installation - -The Helm chart is available at the [DataInfra chart repository](https://charts.datainfra.io). - -The operator can be deployed in one of the following modes: -- namespace scope (default) -- cluster scope - -### Add the Helm repository -```shell -helm repo add datainfra https://charts.datainfra.io -helm repo update -``` - -### Cluster Scope Installation -`NOTE:` the default installation restrics the reconciliation on the default and kube-system namespaces -```bash -# Install Druid operator using Helm -helm -n druid-operator-system upgrade -i --create-namespace cluster-druid-operator datainfra/druid-operator - -# ... or generate manifest.yaml to install using other means: -helm -n druid-operator-system template --create-namespace cluster-druid-operator datainfra/druid-operator > manifest.yaml -``` - -### Custom Namespaces Installation -```bash -# Install Druid operator using Helm -kubectl create ns mynamespace -helm -n druid-operator-system upgrade -i --create-namespace --set env.WATCH_NAMESPACE="mynamespace" namespaced-druid-operator datainfra/druid-operator - -# Override the default namespace DENY_LIST -helm -n druid-operator-system upgrade -i --create-namespace --set env.DENY_LIST="kube-system" namespaced-druid-operator datainfra/druid-operator - -# ... or generate manifest.yaml to install using other means: -helm -n druid-operator-system template --set env.WATCH_NAMESPACE="" namespaced-druid-operator datainfra/druid-operator --create-namespace > manifest.yaml -``` - -### Uninstall -```bash -# To avoid destroying existing clusters, helm will not uninstall its CRD. For -# complete cleanup annotation needs to be removed first: -kubectl annotate crd druids.druid.apache.org helm.sh/resource-policy- - -# This will uninstall operator -helm -n druid-operator-system uninstall cluster-druid-operator -``` - -## Deploy a sample Druid cluster -Bellow is an example spec to deploy a tiny Druid cluster. -For full details on spec please see [Druid CRD API reference](api_specifications/druid.md) -or the [Druid API code](../apis/druid/v1alpha1/druid_types.go). - -```bash -# Deploy single node zookeeper -kubectl apply -f examples/tiny-cluster-zk.yaml - -# Deploy druid cluster spec -# NOTE: add a namespace when applying the cluster if you installed the operator with the default DENY_LIST -kubectl apply -f examples/tiny-cluster.yaml -``` - -`NOTE:` the above tiny-cluster only works on a single node kubernetes cluster (e.g. typical k8s cluster setup for dev -using kind or minikube) as it uses local disk as "deep storage". Other example specs in the `examples/` directory use distributed "deep storage" and therefore expect to be deployed into a k8s cluster with s3-compatible storage. To bootstrap your k8s cluster with s3-compatible storage, you can run `make helm-minio-install`. See the [Makefile](../Makefile) for more details. - - -## Debugging Problems - -```bash -# get druid-operator pod name -kubectl get po | grep druid-operator - -# check druid-operator pod logs -kubectl logs - -# check the druid spec -kubectl describe druids tiny-cluster - -# check if druid cluster is deployed -kubectl get svc | grep tiny -kubectl get cm | grep tiny -kubectl get sts | grep tiny -``` diff --git a/druid-operator/docs/images/druid-operator.png b/druid-operator/docs/images/druid-operator.png deleted file mode 100644 index 801fdd5d1e85..000000000000 Binary files a/druid-operator/docs/images/druid-operator.png and /dev/null differ diff --git a/druid-operator/docs/kubebuilder_v3_migration.md b/druid-operator/docs/kubebuilder_v3_migration.md deleted file mode 100644 index bfde6f0bfa46..000000000000 --- a/druid-operator/docs/kubebuilder_v3_migration.md +++ /dev/null @@ -1,166 +0,0 @@ - - -# Kubebuilder V3 Migration - -Druid Operator project has started the move from operator SDK to Kubebuilder v2 framework.
    -In order to finish the project migration and to avoid the upgrade of Kubebuilder v3 in different time, -the project combines both in the following version. - -There are now more components that are being deployed: -- permissions for controller leader election -- metrics -- proxy sidecar to the controller - -These components are part of the standard Kubebuilder deployment and are being added in order -to stand with the best practices of Kubernetes and Kubebuilder. - -This guide will help you go through the migration to Kubebuilder V3.
    -Note: These guides assumes that the current operator is running in the `druid-operator` namespace. - -## For Helm Managed Druid - -Current Helm deployment is missing a `labelSelector` + `podSpec label` value: `control-plane: controller-manager`. -These fields cannot be updated in place on existing `Deployment`.
    -This section helps you to first add these fields to the `Deployment` and then will guide you -through the upgrade stage. - -1. Get Druid Operator's deployment object -```bash -kubectl get deployments.apps -n druid-operator druid-operator -o yaml > druid-deployment-temp.yaml -``` -2. Make the following changes: -- Add new label to `labelSelector` and to `labels` -- Change the deployment name to `druid-operator-temp` -- Remove the `kubectl.kubernetes.io/last-applied-configuration` annotation -```yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - ... - name: druid-operator-temp # Name change -spec: - ... - selector: - matchLabels: - app.kubernetes.io/instance: druid-operator - app.kubernetes.io/name: druid-operator - control-plane: controller-manager # New label - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/instance: druid-operator - app.kubernetes.io/name: druid-operator - control-plane: controller-manager # New label - ... -``` - -3. Apply a second deployment -```shell -kubectl apply -f druid-deployment-temp -``` - -4. Delete original deployment -```shell -kubectl delete deployment -n druid-operator druid-operator -``` - -5. Edit `druid-deployment-temp.yaml` deployment's name back to original name: -```yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - ... - name: druid-operator # Back to original name -spec: - ... - selector: - matchLabels: - app.kubernetes.io/instance: druid-operator - app.kubernetes.io/name: druid-operator - control-plane: controller-manager # New label - template: - metadata: - creationTimestamp: null - labels: - app.kubernetes.io/instance: druid-operator - app.kubernetes.io/name: druid-operator - control-plane: controller-manager # New label - ... -``` - -6. Apply the updated original deployment -```shell -kubectl apply -f druid-deployment-temp -``` - -7. Delete temp deployment -```shell -kubectl delete deployment -n druid-operator druid-operator-temp -``` - -NOTE: You should now have the original deployment with the new `labelSelector` and you are ready for moving into new deployment -8. Apply the new helm chart with the same name and same namespace. - - -## For YAMLs Managed Druid -Kubebuilder is responsible for generating the deployment YAMLs. By default, the generated namespace is -`druid-operator-system`. The new deployment name of the operator is also changed to: -`druid-operator-controller-manager`.
    -Either way, you should look at the deployment YAMLs before you are deploying them. -Service account, role and role binding that will replace the current ones - all should be in the same name.
    - -There are two ways you can choose to deploy the new YAMLs: -### In Kubebuilder default namespace -1. Apply the new controller in the `druid-operator-system` namespace. -NOTE: Make sure this is a different namespace that the existing operator -```shell -# Set the tag you want for the controller -cd config/manager -kustomize edit set image controller=datainfrahq/druid-operator:${IMG_TAG} -# Back to root and apply -cd ../../ -kustomize build config/default | kubectl apply -f - -``` -2. Remove the old namespace. -```shell -kubectl delete ns druid-operator -``` - -### In the current namespace -1. Edit Kustomize YAMLs -```shell -# Set the namespace you want for the controller -cd config/default -kustomize edit set namespace druid-operator -cd ../../ -# Set the tag you want for the controller -cd config/manager -kustomize edit set image controller=datainfrahq/druid-operator:${IMG_TAG} -cd ../../ -``` -2. Apply the YAMLs -```shell -kustomize build config/default | kubectl apply -f - -``` -3. Delete the old deployment -```shell -kubectl delete deployment -n druid-operator druid-operator -``` \ No newline at end of file diff --git a/druid-operator/e2e/Dockerfile-testpod b/druid-operator/e2e/Dockerfile-testpod deleted file mode 100644 index af6932a3a21f..000000000000 --- a/druid-operator/e2e/Dockerfile-testpod +++ /dev/null @@ -1,23 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- - -FROM alpine:3.17.2 -RUN apk add --update-cache \ - curl jq\ - && rm -rf /var/cache/apk/* - -ADD e2e/wikipedia-test.sh . -ADD e2e/druid-ingestion-test.sh . diff --git a/druid-operator/e2e/configs/druid-cr.yaml b/druid-operator/e2e/configs/druid-cr.yaml deleted file mode 100644 index d8af0bb4b29a..000000000000 --- a/druid-operator/e2e/configs/druid-cr.yaml +++ /dev/null @@ -1,319 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: "druid.apache.org/v1alpha1" -kind: "Druid" -metadata: - name: tiny-cluster -spec: - image: apache/druid:25.0.0 - # Optionally specify image for all nodes. Can be specify on nodes also - # imagePullSecrets: - # - name: tutu - startScript: /druid.sh - podLabels: - environment: stage - release: alpha - podAnnotations: - dummy: k8s_extn_needs_atleast_one_annotation - workloadAnnotations: - kubernetes.io/cluster-scoped-annotation: "cluster" - readinessProbe: - httpGet: - path: /status/health - port: 8088 - additionalContainer: - - containerName: mysqlconnector - runAsInit: true - image: apache/druid:25.0.0 - command: - - "sh" - - "-c" - - "wget -O /tmp/mysql-connector-j-8.0.32.tar.gz https://downloads.mysql.com/archives/get/p/3/file/mysql-connector-j-8.0.32.tar.gz && cd /tmp && tar -xf /tmp/mysql-connector-j-8.0.32.tar.gz && cp /tmp/mysql-connector-j-8.0.32/mysql-connector-j-8.0.32.jar /opt/druid/extensions/mysql-connector/mysql-connector-java.jar" - volumeMounts: - - name: mysqlconnector - mountPath: "/opt/druid/extensions/mysql-connector" - volumes: - - name: mysqlconnector - emptyDir: {} - volumeMounts: - - name: mysqlconnector - mountPath: "/opt/druid/extensions/mysql-connector" - securityContext: - fsGroup: 0 - runAsUser: 0 - runAsGroup: 0 - containerSecurityContext: - privileged: true - services: - - spec: - type: ClusterIP - clusterIP: None - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - log4j.config: |- - - - - - - - - - - - - - - - - - - common.runtime.properties: | - # - # Zookeeper-less Druid Cluster - # - druid.zk.service.enabled=false - druid.discovery.type=k8s - druid.discovery.k8s.clusterIdentifier=druid-it - druid.serverview.type=http - druid.coordinator.loadqueuepeon.type=http - druid.indexer.runner.type=httpRemote - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/var/druid/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - # Deep Storage - druid.storage.type=s3 - druid.storage.bucket=druid - druid.storage.baseKey=druid/segments - druid.s3.accessKey=minio - druid.s3.secretKey=minio123 - druid.s3.protocol=http - druid.s3.enabePathStyleAccess=true - druid.s3.endpoint.signingRegion=us-east-1 - druid.s3.enablePathStyleAccess=true - druid.s3.endpoint.url=http://myminio-hl.druid.svc.cluster.local:9000/ - # - # Extensions - # - druid.extensions.loadList=["druid-avro-extensions", "druid-s3-extensions", "druid-hdfs-storage", "druid-kafka-indexing-service", "druid-datasketches", "druid-kubernetes-extensions"] - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - druid.indexer.logs.type=s3 - druid.indexer.logs.s3Bucket=druid - druid.indexer.logs.s3Prefix=druid/indexing-logs - druid.lookup.enableLookupSyncOnStartup=false - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - dnsPolicy: ClusterFirst - dnsConfig: - nameservers: - - 10.0.0.53 - searches: - - example.local - nodes: - brokers: - # Optionally specify for running broker as Deployment - # kind: Deployment - nodeType: "broker" - # Optionally specify for broker nodes - # imagePullSecrets: - # - name: tutu - priorityClassName: system-cluster-critical - workloadAnnotations: - kubernetes.io/node-scoped-annotation: "broker" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: standard - runtime.properties: | - druid.service=druid/broker - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=40 - # Processing threads and buffers - druid.processing.buffer.sizeBytes=25000000 - druid.sql.enable=true - extra.jvm.options: |- - -Xmx512m - -Xms512m - - coordinators: - # Optionally specify for running coordinator as Deployment - # kind: Deployment - nodeType: "coordinator" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: | - druid.service=druid/coordinator - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - # Configure this coordinator to also run as Overlord - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - druid.indexer.queue.startDelay=PT30S - extra.jvm.options: |- - -Xmx800m - -Xms800m - dynamicConfig: - millisToWaitBeforeDeleting: 900000 - mergeBytesLimit: 524288000 - mergeSegmentsLimit: 100 - maxSegmentsToMove: 5 - replicantLifetime: 15 - replicationThrottleLimit: 10 - balancerComputeThreads: 1 - killDataSourceWhitelist: [] - killPendingSegmentsSkipList: [] - maxSegmentsInNodeLoadingQueue: 100 - decommissioningNodes: [] - pauseCoordination: false - replicateAfterLoadTimeout: false - useRoundRobinSegmentAssignment: true - - historicals: - nodeType: "historical" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - runtime.properties: | - druid.service=druid/historical - druid.processing.buffer.sizeBytes=25000000 - druid.processing.numThreads=2 - # Segment storage - druid.segmentCache.locations=[{"path":"/druid/data/segments","maxSize":10737418240}] - druid.server.maxSize=10737418240 - extra.jvm.options: |- - -Xmx512m - -Xms512m - - routers: - nodeType: "router" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/router" - replicas: 1 - runtime.properties: | - druid.service=druid/router - # HTTP proxy - druid.router.http.numConnections=50 - druid.router.http.readTimeout=PT5M - druid.router.http.numMaxThreads=100 - druid.server.http.numThreads=100 - # Service discovery - druid.router.defaultBrokerServiceName=druid/broker - druid.router.coordinatorServiceName=druid/coordinator - # Management proxy to coordinator / overlord: required for unified web console. - druid.router.managementProxy.enabled=true - - middlemanagers: - nodeType: "middleManager" - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/middleManager" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - replicas: 1 - extra.jvm.options: |- - -Xmx512m - -Xms512m - runtime.properties: | - druid.service=druid/middleManager - druid.worker.capacity=1 - druid.indexer.runner.javaOpts=-server -Xms128m -Xmx128m -XX:MaxDirectMemorySize=256m -Duser.timezone=UTC -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/druid/data/tmp -XX:+ExitOnOutOfMemoryError -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - druid.indexer.task.baseTaskDir=/druid/data/baseTaskDir - druid.server.http.numThreads=1 - druid.indexer.fork.property.druid.processing.buffer.sizeBytes=25000000 - druid.indexer.fork.property.druid.processing.numMergeBuffers=2 - druid.indexer.fork.property.druid.processing.numThreads=1 - dynamicConfig: - type: default - selectStrategy: - type: fillCapacityWithCategorySpec - workerCategorySpec: - categoryMap: {} - strong: true - autoScaler: null ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: druid-cluster -rules: -- apiGroups: - - "" - resources: - - pods - - configmaps - verbs: - - '*' ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: druid-cluster -subjects: -- kind: ServiceAccount - name: default -roleRef: - kind: Role - name: druid-cluster - apiGroup: rbac.authorization.k8s.io diff --git a/druid-operator/e2e/configs/druid-ingestion-cr.yaml b/druid-operator/e2e/configs/druid-ingestion-cr.yaml deleted file mode 100644 index 51f794c45805..000000000000 --- a/druid-operator/e2e/configs/druid-ingestion-cr.yaml +++ /dev/null @@ -1,88 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: druid.apache.org/v1alpha1 -kind: DruidIngestion -metadata: - labels: - app.kubernetes.io/name: druidingestion - app.kubernetes.io/instance: druidingestion-sample - name: wikipedia-ingestion -spec: - suspend: false - druidCluster: tiny-cluster - ingestion: - type: native-batch - spec: |- - { - "type" : "index_parallel", - "spec" : { - "dataSchema" : { - "dataSource" : "wikipedia-2", - "timestampSpec": { - "column": "time", - "format": "iso" - }, - "dimensionsSpec" : { - "dimensions" : [ - "channel", - "cityName", - "comment", - "countryIsoCode", - "countryName", - "isAnonymous", - "isMinor", - "isNew", - "isRobot", - "isUnpatrolled", - "metroCode", - "namespace", - "page", - "regionIsoCode", - "regionName", - "user", - { "name": "added", "type": "long" }, - { "name": "deleted", "type": "long" }, - { "name": "delta", "type": "long" } - ] - }, - "metricsSpec" : [], - "granularitySpec" : { - "type" : "uniform", - "segmentGranularity" : "day", - "queryGranularity" : "none", - "intervals" : ["2015-09-12/2015-09-13"], - "rollup" : false - } - }, - "ioConfig" : { - "type" : "index_parallel", - "inputSource" : { - "type" : "local", - "baseDir" : "quickstart/tutorial/", - "filter" : "wikiticker-2015-09-12-sampled.json.gz" - }, - "inputFormat" : { - "type" : "json" - }, - "appendToExisting" : false - }, - "tuningConfig" : { - "type" : "index_parallel", - "maxRowsPerSegment" : 5000000, - "maxRowsInMemory" : 25000 - } - } - } diff --git a/druid-operator/e2e/configs/druid-mmless.yaml b/druid-operator/e2e/configs/druid-mmless.yaml deleted file mode 100644 index ff5b3706326e..000000000000 --- a/druid-operator/e2e/configs/druid-mmless.yaml +++ /dev/null @@ -1,377 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: "druid.apache.org/v1alpha1" -kind: "Druid" -metadata: - name: tiny-cluster -spec: - image: apache/druid:28.0.0 - # Optionally specify image for all nodes. Can be specify on nodes also - # imagePullSecrets: - # - name: tutu - startScript: /druid.sh - scalePvcSts: true - rollingDeploy: true - defaultProbes: false - podLabels: - environment: stage - release: alpha - podAnnotations: - dummy: k8s_extn_needs_atleast_one_annotation - additionalContainer: - - containerName: mysqlconnector - runAsInit: true - image: apache/druid:27.0.0 - command: - - "sh" - - "-c" - - "wget -O /tmp/mysql-connector-j-8.0.32.tar.gz https://downloads.mysql.com/archives/get/p/3/file/mysql-connector-j-8.0.32.tar.gz && cd /tmp && tar -xf /tmp/mysql-connector-j-8.0.32.tar.gz && cp /tmp/mysql-connector-j-8.0.32/mysql-connector-j-8.0.32.jar /opt/druid/extensions/mysql-connector/mysql-connector-java.jar" - volumeMounts: - - name: mysqlconnector - mountPath: "/opt/druid/extensions/mysql-connector" - volumes: - - name: mysqlconnector - emptyDir: {} - volumeMounts: - - name: mysqlconnector - mountPath: "/opt/druid/extensions/mysql-connector" - securityContext: - fsGroup: 0 - runAsUser: 0 - runAsGroup: 0 - containerSecurityContext: - privileged: true - services: - - spec: - type: ClusterIP - clusterIP: None - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - log4j.config: |- - - - - - - - - - - - - - - - - - - common.runtime.properties: | - # - # Zookeeper-less Druid Cluster - # - druid.zk.service.enabled=false - druid.discovery.type=k8s - druid.discovery.k8s.clusterIdentifier=druid-it - druid.serverview.type=http - druid.coordinator.loadqueuepeon.type=http - druid.indexer.runner.type=httpRemote - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/var/druid/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - # Deep Storage - druid.storage.type=s3 - druid.storage.bucket=druid - druid.storage.baseKey=druid/segments - druid.s3.accessKey=minio - druid.s3.secretKey=minio123 - druid.s3.protocol=http - druid.s3.enabePathStyleAccess=true - druid.s3.endpoint.signingRegion=us-east-1 - druid.s3.enablePathStyleAccess=true - druid.s3.endpoint.url=http://myminio-hl.druid.svc.cluster.local:9000/ - # - # Extensions - # - druid.extensions.loadList=["druid-kubernetes-overlord-extensions", "druid-avro-extensions", "druid-s3-extensions", "druid-hdfs-storage", "druid-kafka-indexing-service", "druid-datasketches", "druid-kubernetes-extensions"] - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - druid.indexer.logs.type=s3 - druid.indexer.logs.s3Bucket=druid - druid.indexer.logs.s3Prefix=druid/indexing-logs - druid.lookup.enableLookupSyncOnStartup=false - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - nodes: - brokers: - # Optionally specify for running broker as Deployment - kind: Deployment - nodeType: "broker" - # Optionally specify for broker nodes - # imagePullSecrets: - # - name: tutu - priorityClassName: system-cluster-critical - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - runtime.properties: | - druid.service=druid/broker - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=40 - # Processing threads and buffers - druid.processing.buffer.sizeBytes=25000000 - druid.sql.enable=true - extra.jvm.options: |- - -Xmx512m - -Xms512m - - coordinators: - # Optionally specify for running coordinator as Deployment - kind: Deployment - nodeType: "coordinator" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: | - druid.service=druid/coordinator - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - # Configure this coordinator to also run as Overlord - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - druid.indexer.queue.startDelay=PT30S - druid.indexer.runner.capacity: 2 - druid.indexer.runner.namespace: druid - druid.indexer.runner.type: k8s - druid.indexer.task.encapsulatedTask: true - extra.jvm.options: |- - -Xmx800m - -Xms800m - - hot: - nodeType: "historical" - druid.port: 8088 - resources: - requests: - memory: "1.5Mi" - cpu: "1" - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - livenessProbe: - failureThreshold: 10 - httpGet: - path: /status/health - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - startUpProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - volumeMounts: - - mountPath: /druid/data/segments - name: hot-volume - volumeClaimTemplates: - - metadata: - name: hot-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: standard - runtime.properties: | - druid.service=druid/hot - druid.server.tier=hot - druid.server.priority=1 - druid.processing.buffer.sizeBytes=25000000 - druid.processing.numThreads=2 - # Segment storage - druid.segmentCache.locations=[{"path":"/druid/data/segments","maxSize":1000000000}] - druid.server.maxSize=1000000000 - extra.jvm.options: |- - -Xmx512m - -Xms512m - - cold: - nodeType: "historical" - druid.port: 8088 - resources: - requests: - memory: "0.5Mi" - cpu: "0.5" - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - livenessProbe: - failureThreshold: 10 - httpGet: - path: /status/health - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - startUpProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - volumeMounts: - - mountPath: /druid/data/segments - name: cold-volume - volumeClaimTemplates: - - metadata: - name: cold-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: standard - runtime.properties: | - druid.service=druid/cold - druid.server.tier=cold - druid.server.priority=0 - druid.processing.buffer.sizeBytes=25000000 - druid.processing.numThreads=2 - # Segment storage - druid.segmentCache.locations=[{"path":"/druid/data/segments","maxSize":2000000000}] - druid.server.maxSize=2000000000 - extra.jvm.options: |- - -Xmx512m - -Xms512m - - routers: - nodeType: "router" - druid.port: 8088 - kind: Deployment - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/router" - replicas: 1 - runtime.properties: | - druid.service=druid/router - # HTTP proxy - druid.router.http.numConnections=50 - druid.router.http.readTimeout=PT5M - druid.router.http.numMaxThreads=100 - druid.server.http.numThreads=100 - # Service discovery - druid.router.defaultBrokerServiceName=druid/broker - druid.router.coordinatorServiceName=druid/coordinator - # Management proxy to coordinator / overlord: required for unified web console. - druid.router.managementProxy.enabled=true ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: druid-cluster -rules: -- apiGroups: - - "" - resources: - - pods - - configmaps - verbs: - - '*' -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["get", "watch", "list", "delete", "create"] -- apiGroups: [""] - resources: ["pods", "pods/log"] - verbs: ["get", "watch", "list", "delete", "create"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: druid-cluster -subjects: -- kind: ServiceAccount - name: default -roleRef: - kind: Role - name: druid-cluster - apiGroup: rbac.authorization.k8s.io diff --git a/druid-operator/e2e/configs/extra-common-config.yaml b/druid-operator/e2e/configs/extra-common-config.yaml deleted file mode 100644 index 4c460bdcf543..000000000000 --- a/druid-operator/e2e/configs/extra-common-config.yaml +++ /dev/null @@ -1,299 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: v1 -kind: ConfigMap -metadata: - name: my-extra -data: - test.txt: |- - This Is Test - test.yaml: |- - YAML ---- -apiVersion: "druid.apache.org/v1alpha1" -kind: "Druid" -metadata: - name: tiny-cluster -spec: - image: apache/druid:25.0.0 - # Optionally specify image for all nodes. Can be specify on nodes also - # imagePullSecrets: - # - name: tutu - startScript: /druid.sh - extraCommonConfig: - - name: my-extra - namespace: CM_NAMESPACE - podLabels: - environment: stage - release: alpha - podAnnotations: - dummy: k8s_extn_needs_atleast_one_annotation - readinessProbe: - httpGet: - path: /status/health - port: 8088 - additionalContainer: - - containerName: mysqlconnector - runAsInit: true - image: apache/druid:25.0.0 - command: - - "sh" - - "-c" - - "wget -O /tmp/mysql-connector-j-8.0.32.tar.gz https://downloads.mysql.com/archives/get/p/3/file/mysql-connector-j-8.0.32.tar.gz && cd /tmp && tar -xf /tmp/mysql-connector-j-8.0.32.tar.gz && cp /tmp/mysql-connector-j-8.0.32/mysql-connector-j-8.0.32.jar /opt/druid/extensions/mysql-connector/mysql-connector-java.jar" - volumeMounts: - - name: mysqlconnector - mountPath: "/opt/druid/extensions/mysql-connector" - volumes: - - name: mysqlconnector - emptyDir: {} - volumeMounts: - - name: mysqlconnector - mountPath: "/opt/druid/extensions/mysql-connector" - securityContext: - fsGroup: 0 - runAsUser: 0 - runAsGroup: 0 - containerSecurityContext: - privileged: true - services: - - spec: - type: ClusterIP - clusterIP: None - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - log4j.config: |- - - - - - - - - - - - - - - - - - - common.runtime.properties: | - # - # Zookeeper-less Druid Cluster - # - druid.zk.service.enabled=false - druid.discovery.type=k8s - druid.discovery.k8s.clusterIdentifier=druid-it - druid.serverview.type=http - druid.coordinator.loadqueuepeon.type=http - druid.indexer.runner.type=httpRemote - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/var/druid/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - # Deep Storage - druid.storage.type=s3 - druid.storage.bucket=druid - druid.storage.baseKey=druid/segments - druid.s3.accessKey=minio - druid.s3.secretKey=minio123 - druid.s3.protocol=http - druid.s3.enabePathStyleAccess=true - druid.s3.endpoint.signingRegion=us-east-1 - druid.s3.enablePathStyleAccess=true - druid.s3.endpoint.url=http://myminio-hl.druid.svc.cluster.local:9000/ - # - # Extensions - # - druid.extensions.loadList=["druid-avro-extensions", "druid-s3-extensions", "druid-hdfs-storage", "druid-kafka-indexing-service", "druid-datasketches", "druid-kubernetes-extensions"] - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - druid.indexer.logs.type=s3 - druid.indexer.logs.s3Bucket=druid - druid.indexer.logs.s3Prefix=druid/indexing-logs - druid.lookup.enableLookupSyncOnStartup=false - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - nodes: - brokers: - # Optionally specify for running broker as Deployment - # kind: Deployment - nodeType: "broker" - # Optionally specify for broker nodes - # imagePullSecrets: - # - name: tutu - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: standard - runtime.properties: | - druid.service=druid/broker - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=40 - # Processing threads and buffers - druid.processing.buffer.sizeBytes=25000000 - druid.sql.enable=true - extra.jvm.options: |- - -Xmx512m - -Xms512m - - coordinators: - # Optionally specify for running coordinator as Deployment - # kind: Deployment - nodeType: "coordinator" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: | - druid.service=druid/coordinator - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - # Configure this coordinator to also run as Overlord - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - druid.indexer.queue.startDelay=PT30S - extra.jvm.options: |- - -Xmx800m - -Xms800m - - historicals: - nodeType: "historical" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - runtime.properties: | - druid.service=druid/historical - druid.processing.buffer.sizeBytes=25000000 - druid.processing.numThreads=2 - # Segment storage - druid.segmentCache.locations=[{"path":"/druid/data/segments","maxSize":10737418240}] - druid.server.maxSize=10737418240 - extra.jvm.options: |- - -Xmx512m - -Xms512m - - routers: - nodeType: "router" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/router" - replicas: 1 - runtime.properties: | - druid.service=druid/router - # HTTP proxy - druid.router.http.numConnections=50 - druid.router.http.readTimeout=PT5M - druid.router.http.numMaxThreads=100 - druid.server.http.numThreads=100 - # Service discovery - druid.router.defaultBrokerServiceName=druid/broker - druid.router.coordinatorServiceName=druid/coordinator - # Management proxy to coordinator / overlord: required for unified web console. - druid.router.managementProxy.enabled=true - - middlemanagers: - nodeType: "middleManager" - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/middleManager" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - replicas: 1 - extra.jvm.options: |- - -Xmx512m - -Xms512m - runtime.properties: | - druid.service=druid/middleManager - druid.worker.capacity=1 - druid.indexer.runner.javaOpts=-server -Xms128m -Xmx128m -XX:MaxDirectMemorySize=256m -Duser.timezone=UTC -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/druid/data/tmp -XX:+ExitOnOutOfMemoryError -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - druid.indexer.task.baseTaskDir=/druid/data/baseTaskDir - druid.server.http.numThreads=1 - druid.indexer.fork.property.druid.processing.buffer.sizeBytes=25000000 - druid.indexer.fork.property.druid.processing.numMergeBuffers=2 - druid.indexer.fork.property.druid.processing.numThreads=1 ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: druid-cluster -rules: - - apiGroups: - - "" - resources: - - pods - - configmaps - verbs: - - '*' ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: druid-cluster -subjects: - - kind: ServiceAccount - name: default -roleRef: - kind: Role - name: druid-cluster - apiGroup: rbac.authorization.k8s.io diff --git a/druid-operator/e2e/configs/kafka-ingestion-native.yaml b/druid-operator/e2e/configs/kafka-ingestion-native.yaml deleted file mode 100644 index 61d4b86b97b3..000000000000 --- a/druid-operator/e2e/configs/kafka-ingestion-native.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: druid.apache.org/v1alpha1 -kind: DruidIngestion -metadata: - labels: - app.kubernetes.io/name: druidingestion - app.kubernetes.io/instance: druidingestion-sample - name: kafka-2 -spec: - suspend: false - druidCluster: tiny-cluster - ingestion: - type: kafka - compaction: - tuningConfig: - type: "kafka" - partitionsSpec: - type: "dynamic" - skipOffsetFromLatest: "PT0S" - granularitySpec: - segmentGranularity: "DAY" - rules: - - type: dropByPeriod - period: P1M - includeFuture: true - - type: broadcastByPeriod - period: P1M - includeFuture: true - nativeSpec: - type: kafka - spec: - dataSchema: - dataSource: metrics-kafka-2 - timestampSpec: - column: timestamp - format: auto - dimensionsSpec: - dimensions: [] - dimensionExclusions: - - timestamp - - value - metricsSpec: - - name: count - type: count - - name: value_sum - fieldName: value - type: doubleSum - - name: value_min - fieldName: value - type: doubleMin - - name: value_max - fieldName: value - type: doubleMax - granularitySpec: - type: uniform - segmentGranularity: HOUR - queryGranularity: NONE - ioConfig: - topic: metrics - inputFormat: - type: json - consumerProperties: - bootstrap.servers: localhost:9092 - taskCount: 1 - replicas: 1 - taskDuration: PT1H - tuningConfig: - type: kafka - maxRowsPerSegment: 5000000 diff --git a/druid-operator/e2e/configs/kafka-ingestion.yaml b/druid-operator/e2e/configs/kafka-ingestion.yaml deleted file mode 100644 index e588fdd57e0d..000000000000 --- a/druid-operator/e2e/configs/kafka-ingestion.yaml +++ /dev/null @@ -1,104 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: druid.apache.org/v1alpha1 -kind: DruidIngestion -metadata: - labels: - app.kubernetes.io/name: druidingestion - app.kubernetes.io/instance: druidingestion-sample - name: kafka-1 -spec: - suspend: false - druidCluster: tiny-cluster - ingestion: - type: kafka - compaction: - tuningConfig: - type: "kafka" - partitionsSpec: - type: "dynamic" - skipOffsetFromLatest: "PT0S" - granularitySpec: - segmentGranularity: "DAY" - rules: - - type: dropByPeriod - period: P1M - includeFuture: true - - type: broadcastByPeriod - period: P1M - includeFuture: true - spec: |- - { - "type": "kafka", - "spec": { - "dataSchema": { - "dataSource": "metrics-kafka", - "timestampSpec": { - "column": "timestamp", - "format": "auto" - }, - "dimensionsSpec": { - "dimensions": [], - "dimensionExclusions": [ - "timestamp", - "value" - ] - }, - "metricsSpec": [ - { - "name": "count", - "type": "count" - }, - { - "name": "value_sum", - "fieldName": "value", - "type": "doubleSum" - }, - { - "name": "value_min", - "fieldName": "value", - "type": "doubleMin" - }, - { - "name": "value_max", - "fieldName": "value", - "type": "doubleMax" - } - ], - "granularitySpec": { - "type": "uniform", - "segmentGranularity": "HOUR", - "queryGranularity": "NONE" - } - }, - "ioConfig": { - "topic": "metrics", - "inputFormat": { - "type": "json" - }, - "consumerProperties": { - "bootstrap.servers": "localhost:9092" - }, - "taskCount": 1, - "replicas": 1, - "taskDuration": "PT1H" - }, - "tuningConfig": { - "type": "kafka", - "maxRowsPerSegment": 5000000 - } - } - } diff --git a/druid-operator/e2e/configs/minio-operator-override.yaml b/druid-operator/e2e/configs/minio-operator-override.yaml deleted file mode 100644 index 1f779d4829ee..000000000000 --- a/druid-operator/e2e/configs/minio-operator-override.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -operator: - replicaCount: 1 - env: - - name: MINIO_OPERATOR_TLS_ENABLE - value: "off" - - name: MINIO_CONSOLE_TLS_ENABLE - value: "off" diff --git a/druid-operator/e2e/configs/minio-tenant-override.yaml b/druid-operator/e2e/configs/minio-tenant-override.yaml deleted file mode 100644 index f60cb3780d34..000000000000 --- a/druid-operator/e2e/configs/minio-tenant-override.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -tenant: - pools: - - name: "minio" - servers: 1 - volumesPerServer: 1 - certificate: - requestAutoCert: false - buckets: - - name: "druid" diff --git a/druid-operator/e2e/druid-ingestion-test.sh b/druid-operator/e2e/druid-ingestion-test.sh deleted file mode 100644 index 62a1652f7b6d..000000000000 --- a/druid-operator/e2e/druid-ingestion-test.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- - -set -e - -TASK_ID=$1 - -echo "Checking Status for task $TASK_ID..." -STATUS=$(curl -s http://druid-tiny-cluster-coordinators.druid.svc:8088/druid/indexer/v1/task/${TASK_ID}/status | jq '.status.status' -r); -while [ $STATUS == "RUNNING" ] -do - sleep 8; - echo "TASK is "$STATUS "..." - STATUS=$(curl -s http://druid-tiny-cluster-coordinators.druid.svc:8088/druid/indexer/v1/task/${TASK_ID}/status | jq '.status.status' -r) -done - -if [ $STATUS == "SUCCESS" ] -then - echo "TASK $TASK_ID COMPLETED SUCCESSFULLY" - sleep 60 # need time for the segments to become queryable -else - echo "TASK $TASK_ID FAILED !!!!" - exit 1 -fi - -echo "Querying Data ... " -echo "Running query SELECT COUNT(*) AS \"Count\" FROM \"wikipedia-2\" WHERE isMinor = 'false'" - -cat > query.json </dev/null || true)" != 'true' ]; then - docker run \ - -d --restart=always -p "127.0.0.1:${reg_port}:5000" --name "${reg_name}" \ - registry:2 -fi - -if [ $(kind get clusters | grep ^kind$) ] -then - echo "Kind cluster Cluster exists skipping creation ..." - echo "Switching context to kind ..." - kubectl config use-context kind-kind -else - -# create a cluster with the local registry enabled in containerd -cat <" ] - then - echo "Seems to be in progress ..." - elif [ $STAT == 1 ] - then - echo "Job completed Successfully !!!" - break - fi - if [ $i == 9 ] - then - echo "================" - echo "Task Timeout ..." - echo "FAILED EXITING !!!" - echo "================" - exit 1 - fi -done diff --git a/druid-operator/e2e/test-extra-common-config.sh b/druid-operator/e2e/test-extra-common-config.sh deleted file mode 100644 index 878b24e60888..000000000000 --- a/druid-operator/e2e/test-extra-common-config.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- - -echo "Test: ExtraCommonConfig" -sed -e "s/CM_NAMESPACE/${NAMESPACE}/g" e2e/configs/extra-common-config.yaml | kubectl apply -n "${NAMESPACE}" -f - -sleep 10 -# Wait for Druid -for d in $(kubectl get pods -n "${NAMESPACE}" -l app=druid -l druid_cr=tiny-cluster -o name) -do - kubectl wait -n "${NAMESPACE}" "$d" --for=condition=Ready --timeout=5m -done -# wait for druid pods -for s in $(kubectl get sts -n "${NAMESPACE}" -l app="${NAMESPACE}" -l druid_cr=tiny-cluster -o name) -do - kubectl rollout status "$s" -n "${NAMESPACE}" --timeout=5m -done - -extraDataTXT=$(kubectl get configmap -n "${NAMESPACE}" tiny-cluster-druid-common-config -o 'jsonpath={.data.test\.txt}') -if [[ "${extraDataTXT}" != "This Is Test" ]] -then - echo "Bad value for key: test.txt" - echo "Test: ExtraCommonConfig => FAILED\!" -fi - -extraDataYAML=$(kubectl get configmap -n "${NAMESPACE}" tiny-cluster-druid-common-config -o 'jsonpath={.data.test\.yaml}') -if [[ "${extraDataYAML}" != "YAML" ]] -then - echo "Bad value for key: test.yaml" - echo "Test: ExtraCommonConfig => FAILED\!" -fi - -kubectl delete -f e2e/configs/extra-common-config.yaml -n "${NAMESPACE}" -for d in $(kubectl get pods -n "${NAMESPACE}" -l app=druid -l druid_cr=tiny-cluster -o name) -do - kubectl wait -n "${NAMESPACE}" "$d" --for=delete --timeout=5m -done - -echo "Test: ExtraCommonConfig => SUCCESS\!" \ No newline at end of file diff --git a/druid-operator/e2e/wikipedia-test.sh b/druid-operator/e2e/wikipedia-test.sh deleted file mode 100644 index a0f934a380e4..000000000000 --- a/druid-operator/e2e/wikipedia-test.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- - -echo "Downloading Index" -wget -q https://raw.githubusercontent.com/apache/druid/master/examples/quickstart/tutorial/wikipedia-index.json - -echo "Creating Task" -task_id=$(curl -s -X 'POST' -H 'Content-Type:application/json' -d @wikipedia-index.json http://druid-tiny-cluster-coordinators.druid.svc:8088/druid/indexer/v1/task | jq '.task' -r) -if [ $? == 0 ] -then - echo "Task created with ID $task_id" -fi - -echo "Checking Status for task ..." -STATUS=$(curl -s http://druid-tiny-cluster-coordinators.druid.svc:8088/druid/indexer/v1/task/$task_id/status | jq '.status.status' -r); -while [ $STATUS == "RUNNING" ] -do - sleep 8; - echo "TASK is "$STATUS "..." - STATUS=$(curl -s http://druid-tiny-cluster-coordinators.druid.svc:8088/druid/indexer/v1/task/$task_id/status | jq '.status.status' -r) -done - -if [ $STATUS == "SUCCESS" ] -then - echo "TASK $task_id COMPLETED SUCCESSFULLY" - sleep 60 # need time for the segments to become queryable -else - echo "TASK $task_id FAILED !!!!" -fi - -echo "Querying Data ... " -echo "Running query SELECT COUNT(*) AS \"Count\" FROM \"wikipedia\" WHERE isMinor = 'false'" - -cat > query.json < - - - - - - - - - - - - - common.runtime.properties: | - # - # Zookeeper-less Druid Cluster - # - druid.zk.service.enabled=false - druid.discovery.type=k8s - druid.discovery.k8s.clusterIdentifier=druid-it - druid.serverview.type=http - druid.coordinator.loadqueuepeon.type=http - druid.indexer.runner.type=httpRemote - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/var/druid/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - # Deep Storage - druid.storage.type=s3 - druid.storage.bucket=druid - druid.storage.baseKey=druid/segments - druid.s3.accessKey=minio - druid.s3.secretKey=minio123 - druid.s3.protocol=http - druid.s3.enabePathStyleAccess=true - druid.s3.endpoint.signingRegion=us-east-1 - druid.s3.enablePathStyleAccess=true - druid.s3.endpoint.url=http://myminio-hl.druid.svc.cluster.local:9000/ - # - # Extensions - # - druid.extensions.loadList=["druid-avro-extensions", "druid-s3-extensions", "druid-hdfs-storage", "druid-kafka-indexing-service", "druid-datasketches", "druid-kubernetes-extensions"] - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - druid.indexer.logs.type=s3 - druid.indexer.logs.s3Bucket=druid - druid.indexer.logs.s3Prefix=druid/indexing-logs - druid.lookup.enableLookupSyncOnStartup=false - - metricDimensions.json: |- - { - "query/time" : { "dimensions" : ["dataSource", "type"], "type" : "timer"}, - "query/bytes" : { "dimensions" : ["dataSource", "type"], "type" : "count"}, - "query/node/time" : { "dimensions" : ["server"], "type" : "timer"}, - "query/node/ttfb" : { "dimensions" : ["server"], "type" : "timer"}, - "query/node/bytes" : { "dimensions" : ["server"], "type" : "count"}, - "query/node/backpressure": { "dimensions" : ["server"], "type" : "timer"}, - "query/intervalChunk/time" : { "dimensions" : [], "type" : "timer"}, - - "query/segment/time" : { "dimensions" : [], "type" : "timer"}, - "query/wait/time" : { "dimensions" : [], "type" : "timer"}, - "segment/scan/pending" : { "dimensions" : [], "type" : "gauge"}, - "query/segmentAndCache/time" : { "dimensions" : [], "type" : "timer" }, - "query/cpu/time" : { "dimensions" : ["dataSource", "type"], "type" : "timer" }, - - "query/count" : { "dimensions" : [], "type" : "count" }, - "query/success/count" : { "dimensions" : [], "type" : "count" }, - "query/failed/count" : { "dimensions" : [], "type" : "count" }, - "query/interrupted/count" : { "dimensions" : [], "type" : "count" }, - "query/timeout/count" : { "dimensions" : [], "type" : "count" }, - - "query/cache/delta/numEntries" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/sizeBytes" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/hits" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/misses" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/evictions" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/hitRate" : { "dimensions" : [], "type" : "count", "convertRange" : true }, - "query/cache/delta/averageBytes" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/timeouts" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/errors" : { "dimensions" : [], "type" : "count" }, - - "query/cache/total/numEntries" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/sizeBytes" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/hits" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/misses" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/evictions" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/hitRate" : { "dimensions" : [], "type" : "gauge", "convertRange" : true }, - "query/cache/total/averageBytes" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/timeouts" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/errors" : { "dimensions" : [], "type" : "gauge" }, - - "ingest/events/thrownAway" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/events/unparseable" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/events/duplicate" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/events/processed" : { "dimensions" : ["dataSource", "taskType", "taskId"], "type" : "count" }, - "ingest/events/messageGap" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "ingest/rows/output" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/persists/count" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/persists/time" : { "dimensions" : ["dataSource"], "type" : "timer" }, - "ingest/persists/cpu" : { "dimensions" : ["dataSource"], "type" : "timer" }, - "ingest/persists/backPressure" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "ingest/persists/failed" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/handoff/failed" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/merge/time" : { "dimensions" : ["dataSource"], "type" : "timer" }, - "ingest/merge/cpu" : { "dimensions" : ["dataSource"], "type" : "timer" }, - - "ingest/kafka/lag" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "ingest/kafka/maxLag" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "ingest/kafka/avgLag" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - - "task/success/count" : { "dimensions" : ["dataSource"], "type" : "count" }, - "task/failed/count" : { "dimensions" : ["dataSource"], "type" : "count" }, - "task/running/count" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "task/pending/count" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "task/waiting/count" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - - "taskSlot/total/count" : { "dimensions" : [], "type" : "gauge" }, - "taskSlot/idle/count" : { "dimensions" : [], "type" : "gauge" }, - "taskSlot/busy/count" : { "dimensions" : [], "type" : "gauge" }, - "taskSlot/lazy/count" : { "dimensions" : [], "type" : "gauge" }, - "taskSlot/blacklisted/count" : { "dimensions" : [], "type" : "gauge" }, - - "task/run/time" : { "dimensions" : ["dataSource", "taskType"], "type" : "timer" }, - "segment/added/bytes" : { "dimensions" : ["dataSource", "taskType"], "type" : "count" }, - "segment/moved/bytes" : { "dimensions" : ["dataSource", "taskType"], "type" : "count" }, - "segment/nuked/bytes" : { "dimensions" : ["dataSource", "taskType"], "type" : "count" }, - - "segment/assigned/count" : { "dimensions" : ["tier"], "type" : "count" }, - "segment/moved/count" : { "dimensions" : ["tier"], "type" : "count" }, - "segment/dropped/count" : { "dimensions" : ["tier"], "type" : "count" }, - "segment/deleted/count" : { "dimensions" : ["tier"], "type" : "count" }, - "segment/unneeded/count" : { "dimensions" : ["tier"], "type" : "count" }, - "segment/unavailable/count" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "segment/underReplicated/count" : { "dimensions" : ["dataSource", "tier"], "type" : "gauge" }, - "segment/loadQueue/size" : { "dimensions" : ["server"], "type" : "gauge" }, - "segment/loadQueue/failed" : { "dimensions" : ["server"], "type" : "gauge" }, - "segment/loadQueue/count" : { "dimensions" : ["server"], "type" : "gauge" }, - "segment/dropQueue/count" : { "dimensions" : ["server"], "type" : "gauge" }, - "segment/size" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "segment/overShadowed/count" : { "dimensions" : [], "type" : "gauge" }, - - "segment/max" : { "dimensions" : [], "type" : "gauge"}, - "segment/used" : { "dimensions" : ["dataSource", "tier", "priority"], "type" : "gauge" }, - "segment/usedPercent" : { "dimensions" : ["dataSource", "tier", "priority"], "type" : "gauge", "convertRange" : true }, - "segment/pendingDelete" : { "dimensions" : [], "type" : "gauge"}, - - "jvm/pool/committed" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" }, - "jvm/pool/init" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" }, - "jvm/pool/max" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" }, - "jvm/pool/used" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" }, - "jvm/bufferpool/count" : { "dimensions" : ["bufferpoolName"], "type" : "gauge" }, - "jvm/bufferpool/used" : { "dimensions" : ["bufferpoolName"], "type" : "gauge" }, - "jvm/bufferpool/capacity" : { "dimensions" : ["bufferpoolName"], "type" : "gauge" }, - "jvm/mem/init" : { "dimensions" : ["memKind"], "type" : "gauge" }, - "jvm/mem/max" : { "dimensions" : ["memKind"], "type" : "gauge" }, - "jvm/mem/used" : { "dimensions" : ["memKind"], "type" : "gauge" }, - "jvm/mem/committed" : { "dimensions" : ["memKind"], "type" : "gauge" }, - "jvm/gc/count" : { "dimensions" : ["gcName", "gcGen"], "type" : "count" }, - "jvm/gc/cpu" : { "dimensions" : ["gcName", "gcGen"], "type" : "count" }, - - "ingest/events/buffered" : { "dimensions" : ["serviceName", "bufferCapacity"], "type" : "gauge"}, - - "sys/swap/free" : { "dimensions" : [], "type" : "gauge"}, - "sys/swap/max" : { "dimensions" : [], "type" : "gauge"}, - "sys/swap/pageIn" : { "dimensions" : [], "type" : "gauge"}, - "sys/swap/pageOut" : { "dimensions" : [], "type" : "gauge"}, - "sys/disk/write/count" : { "dimensions" : ["fsDevName"], "type" : "count"}, - "sys/disk/read/count" : { "dimensions" : ["fsDevName"], "type" : "count"}, - "sys/disk/write/size" : { "dimensions" : ["fsDevName"], "type" : "count"}, - "sys/disk/read/size" : { "dimensions" : ["fsDevName"], "type" : "count"}, - "sys/net/write/size" : { "dimensions" : [], "type" : "count"}, - "sys/net/read/size" : { "dimensions" : [], "type" : "count"}, - "sys/fs/used" : { "dimensions" : ["fsDevName", "fsDirName", "fsTypeName", "fsSysTypeName", "fsOptions"], "type" : "gauge"}, - "sys/fs/max" : { "dimensions" : ["fsDevName", "fsDirName", "fsTypeName", "fsSysTypeName", "fsOptions"], "type" : "gauge"}, - "sys/mem/used" : { "dimensions" : [], "type" : "gauge"}, - "sys/mem/max" : { "dimensions" : [], "type" : "gauge"}, - "sys/storage/used" : { "dimensions" : ["fsDirName"], "type" : "gauge"}, - "sys/cpu" : { "dimensions" : ["cpuName", "cpuTime"], "type" : "gauge"}, - - "coordinator-segment/count" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "historical-segment/count" : { "dimensions" : ["dataSource", "tier", "priority"], "type" : "gauge" }, - - "jetty/numOpenConnections" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/caffeine/total/requests" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/caffeine/total/loadTime" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/caffeine/total/evictionBytes" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/memcached/total" : { "dimensions" : ["[MEM] Reconnecting Nodes (ReconnectQueue)", - "[MEM] Request Rate: All", - "[MEM] Average Bytes written to OS per write", - "[MEM] Average Bytes read from OS per read", - "[MEM] Response Rate: All (Failure + Success + Retry)", - "[MEM] Response Rate: Retry", - "[MEM] Response Rate: Failure", - "[MEM] Response Rate: Success"], - "type" : "gauge" }, - "query/cache/caffeine/delta/requests" : { "dimensions" : [], "type" : "count" }, - "query/cache/caffeine/delta/loadTime" : { "dimensions" : [], "type" : "count" }, - "query/cache/caffeine/delta/evictionBytes" : { "dimensions" : [], "type" : "count" }, - "query/cache/memcached/delta" : { "dimensions" : ["[MEM] Reconnecting Nodes (ReconnectQueue)", - "[MEM] Request Rate: All", - "[MEM] Average Bytes written to OS per write", - "[MEM] Average Bytes read from OS per read", - "[MEM] Response Rate: All (Failure + Success + Retry)", - "[MEM] Response Rate: Retry", - "[MEM] Response Rate: Failure", - "[MEM] Response Rate: Success"], - "type" : "count" } - } - volumeMounts: - - mountPath: /druid/data - name: data-volume - - mountPath: /druid/deepstorage - name: deepstorage-volume - volumes: - - name: data-volume - emptyDir: {} - - name: deepstorage-volume - hostPath: - path: /tmp/druid/deepstorage - type: DirectoryOrCreate - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - nodes: - brokers: - # Optionally specify for running broker as Deployment - # kind: Deployment - nodeType: "broker" - # Optionally specify for broker nodes - # imagePullSecrets: - # - name: tutu - priorityClassName: system-cluster-critical - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - runtime.properties: | - druid.service=druid/broker - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=40 - # Processing threads and buffers - druid.processing.buffer.sizeBytes=25000000 - druid.sql.enable=true - extra.jvm.options: |- - -Xmx512m - -Xms512m - - coordinators: - # Optionally specify for running coordinator as Deployment - # kind: Deployment - nodeType: "coordinator" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: | - druid.service=druid/coordinator - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - # Configure this coordinator to also run as Overlord - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - druid.indexer.queue.startDelay=PT30S - extra.jvm.options: |- - -Xmx800m - -Xms800m - - historicals: - nodeType: "historical" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - runtime.properties: | - druid.service=druid/historical - druid.processing.buffer.sizeBytes=25000000 - druid.processing.numThreads=2 - # Segment storage - druid.segmentCache.locations=[{"path":"/druid/data/segments","maxSize":10737418240}] - druid.server.maxSize=10737418240 - extra.jvm.options: |- - -Xmx512m - -Xms512m - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: gp2 - - routers: - nodeType: "router" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/router" - replicas: 1 - runtime.properties: | - druid.service=druid/router - # HTTP proxy - druid.router.http.numConnections=50 - druid.router.http.readTimeout=PT5M - druid.router.http.numMaxThreads=100 - druid.server.http.numThreads=100 - # Service discovery - druid.router.defaultBrokerServiceName=druid/broker - druid.router.coordinatorServiceName=druid/coordinator - # Management proxy to coordinator / overlord: required for unified web console. - druid.router.managementProxy.enabled=true - - middlemanagers: - nodeType: "middleManager" - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/middleManager" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - replicas: 1 - extra.jvm.options: |- - -Xmx512m - -Xms512m - runtime.properties: | - druid.service=druid/middleManager - druid.worker.capacity=1 - druid.indexer.runner.javaOpts=-server -Xms128m -Xmx128m -XX:MaxDirectMemorySize=256m -Duser.timezone=UTC -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/druid/data/tmp -XX:+ExitOnOutOfMemoryError -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - druid.indexer.task.baseTaskDir=/druid/data/baseTaskDir - druid.server.http.numThreads=1 - druid.indexer.fork.property.druid.processing.buffer.sizeBytes=25000000 - druid.indexer.fork.property.druid.processing.numMergeBuffers=2 - druid.indexer.fork.property.druid.processing.numThreads=1 ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: druid-cluster -rules: - - apiGroups: - - "" - resources: - - pods - - configmaps - verbs: - - "*" ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: druid-cluster -subjects: - - kind: ServiceAccount - name: default -roleRef: - kind: Role - name: druid-cluster - apiGroup: rbac.authorization.k8s.io diff --git a/druid-operator/examples/ingestion.yaml b/druid-operator/examples/ingestion.yaml deleted file mode 100644 index 03d3aa9ec043..000000000000 --- a/druid-operator/examples/ingestion.yaml +++ /dev/null @@ -1,90 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: druid.apache.org/v1alpha1 -kind: DruidIngestion -metadata: - labels: - app.kubernetes.io/name: druidingestion - app.kubernetes.io/instance: druidingestion-sample - name: wikipedia-10 -spec: - suspend: false - druidCluster: tiny-cluster - ingestion: - type: native-batch - spec: |- - { - "type" : "index_parallel", - "spec" : { - "dataSchema" : { - "dataSource" : "wikipedia-11", - "dimensionsSpec" : { - "dimensions" : [ - "channel", - "cityName", - "comment", - "countryIsoCode", - "countryName", - "isAnonymous", - "isMinor", - "isNew", - "isRobot", - "isUnpatrolled", - "metroCode", - "namespace", - "page", - "regionIsoCode", - "regionName", - "user", - { "name": "added", "type": "long" }, - { "name": "deleted", "type": "long" }, - { "name": "delta", "type": "long" } - ] - }, - "timestampSpec": { - "column": "time", - "format": "iso" - }, - "metricsSpec" : [], - "granularitySpec" : { - "type" : "uniform", - "segmentGranularity" : "day", - "queryGranularity" : "none", - "intervals" : ["2015-09-12/2015-09-13"], - "rollup" : false - } - }, - "ioConfig" : { - "type" : "index_parallel", - "inputSource" : { - "type" : "local", - "baseDir" : "quickstart/tutorial/", - "filter" : "wikiticker-2015-09-12-sampled.json.gz" - }, - "inputFormat" : { - "type": "json" - }, - "appendToExisting" : false - }, - "tuningConfig" : { - "type" : "index_parallel", - "partitionsSpec": { - "type": "dynamic" - }, - "maxRowsInMemory" : 2500 - } - } - } diff --git a/druid-operator/examples/kafka-ingestion-native.yaml b/druid-operator/examples/kafka-ingestion-native.yaml deleted file mode 100644 index 61d4b86b97b3..000000000000 --- a/druid-operator/examples/kafka-ingestion-native.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: druid.apache.org/v1alpha1 -kind: DruidIngestion -metadata: - labels: - app.kubernetes.io/name: druidingestion - app.kubernetes.io/instance: druidingestion-sample - name: kafka-2 -spec: - suspend: false - druidCluster: tiny-cluster - ingestion: - type: kafka - compaction: - tuningConfig: - type: "kafka" - partitionsSpec: - type: "dynamic" - skipOffsetFromLatest: "PT0S" - granularitySpec: - segmentGranularity: "DAY" - rules: - - type: dropByPeriod - period: P1M - includeFuture: true - - type: broadcastByPeriod - period: P1M - includeFuture: true - nativeSpec: - type: kafka - spec: - dataSchema: - dataSource: metrics-kafka-2 - timestampSpec: - column: timestamp - format: auto - dimensionsSpec: - dimensions: [] - dimensionExclusions: - - timestamp - - value - metricsSpec: - - name: count - type: count - - name: value_sum - fieldName: value - type: doubleSum - - name: value_min - fieldName: value - type: doubleMin - - name: value_max - fieldName: value - type: doubleMax - granularitySpec: - type: uniform - segmentGranularity: HOUR - queryGranularity: NONE - ioConfig: - topic: metrics - inputFormat: - type: json - consumerProperties: - bootstrap.servers: localhost:9092 - taskCount: 1 - replicas: 1 - taskDuration: PT1H - tuningConfig: - type: kafka - maxRowsPerSegment: 5000000 diff --git a/druid-operator/examples/kafka-ingestion.yaml b/druid-operator/examples/kafka-ingestion.yaml deleted file mode 100644 index e588fdd57e0d..000000000000 --- a/druid-operator/examples/kafka-ingestion.yaml +++ /dev/null @@ -1,104 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: druid.apache.org/v1alpha1 -kind: DruidIngestion -metadata: - labels: - app.kubernetes.io/name: druidingestion - app.kubernetes.io/instance: druidingestion-sample - name: kafka-1 -spec: - suspend: false - druidCluster: tiny-cluster - ingestion: - type: kafka - compaction: - tuningConfig: - type: "kafka" - partitionsSpec: - type: "dynamic" - skipOffsetFromLatest: "PT0S" - granularitySpec: - segmentGranularity: "DAY" - rules: - - type: dropByPeriod - period: P1M - includeFuture: true - - type: broadcastByPeriod - period: P1M - includeFuture: true - spec: |- - { - "type": "kafka", - "spec": { - "dataSchema": { - "dataSource": "metrics-kafka", - "timestampSpec": { - "column": "timestamp", - "format": "auto" - }, - "dimensionsSpec": { - "dimensions": [], - "dimensionExclusions": [ - "timestamp", - "value" - ] - }, - "metricsSpec": [ - { - "name": "count", - "type": "count" - }, - { - "name": "value_sum", - "fieldName": "value", - "type": "doubleSum" - }, - { - "name": "value_min", - "fieldName": "value", - "type": "doubleMin" - }, - { - "name": "value_max", - "fieldName": "value", - "type": "doubleMax" - } - ], - "granularitySpec": { - "type": "uniform", - "segmentGranularity": "HOUR", - "queryGranularity": "NONE" - } - }, - "ioConfig": { - "topic": "metrics", - "inputFormat": { - "type": "json" - }, - "consumerProperties": { - "bootstrap.servers": "localhost:9092" - }, - "taskCount": 1, - "replicas": 1, - "taskDuration": "PT1H" - }, - "tuningConfig": { - "type": "kafka", - "maxRowsPerSegment": 5000000 - } - } - } diff --git a/druid-operator/examples/tiny-cluster-hpa.yaml b/druid-operator/examples/tiny-cluster-hpa.yaml deleted file mode 100644 index f294681460aa..000000000000 --- a/druid-operator/examples/tiny-cluster-hpa.yaml +++ /dev/null @@ -1,227 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# This spec only works on a single node kubernetes cluster(e.g. typical k8s cluster setup for dev using kind/minikube or single node AWS EKS cluster etc) -# as it uses local disk as "deep storage". -# -apiVersion: "druid.apache.org/v1alpha1" -kind: "Druid" -metadata: - name: tiny-cluster -spec: - image: apache/druid:25.0.0 - # Optionally specify image for all nodes. Can be specify on nodes also - # imagePullSecrets: - # - name: tutu - startScript: /druid.sh - podLabels: - environment: stage - release: alpha - podAnnotations: - dummykey: dummyval - readinessProbe: - httpGet: - path: /status/health - port: 8088 - securityContext: - fsGroup: 1000 - runAsUser: 1000 - runAsGroup: 1000 - services: - - spec: - type: ClusterIP - clusterIP: None - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - -Djava.io.tmpdir=/druid/data - log4j.config: |- - - - - - - - - - - - - - - common.runtime.properties: | - - # Zookeeper - druid.zk.service.host=tiny-cluster-zk-0.tiny-cluster-zk - druid.zk.paths.base=/druid - druid.zk.service.compress=false - - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/druid/data/derbydb/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - - # Deep Storage - druid.storage.type=local - druid.storage.storageDirectory=/druid/deepstorage - - # - # Extensions - # - druid.extensions.loadList=["druid-kafka-indexing-service"] - - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - - druid.indexer.logs.type=file - druid.indexer.logs.directory=/druid/data/indexing-logs - druid.lookup.enableLookupSyncOnStartup=false - volumeMounts: - - mountPath: /druid/data - name: data-volume - - mountPath: /druid/deepstorage - name: deepstorage-volume - volumes: - - name: data-volume - emptyDir: {} - - name: deepstorage-volume - hostPath: - path: /tmp/druid/deepstorage - type: DirectoryOrCreate - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - nodes: - brokers: - # Optionally specify for running broker as Deployment - # kind: Deployment - nodeType: "broker" - # Optionally specify for broker nodes - # imagePullSecrets: - # - name: tutu - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - runtime.properties: | - druid.service=druid/broker - - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=10 - - # Processing threads and buffers - druid.processing.buffer.sizeBytes=1 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - druid.sql.enable=true - extra.jvm.options: |- - -Xmx512M - -Xms512M - hpAutoscaler: - maxReplicas: 10 - minReplicas: 1 - scaleTargetRef: - apiVersion: apps/v1 - kind: StatefulSet - name: druid-tiny-cluster-brokers - metrics: - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: 50 - - coordinators: - # Optionally specify for running coordinator as Deployment - # kind: Deployment - nodeType: "coordinator" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: | - druid.service=druid/coordinator - - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - - # Configure this coordinator to also run as Overlord - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - druid.indexer.queue.startDelay=PT30S - druid.indexer.runner.type=local - extra.jvm.options: |- - -Xmx512M - -Xms512M - - historicals: - nodeType: "historical" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - runtime.properties: | - druid.service=druid/historical - druid.server.http.numThreads=5 - druid.processing.buffer.sizeBytes=536870912 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - # Segment storage - druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}] - druid.server.maxSize=10737418240 - extra.jvm.options: |- - -Xmx512M - -Xms512M - - routers: - nodeType: "router" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/router" - replicas: 1 - runtime.properties: | - druid.service=druid/router - - # HTTP proxy - druid.router.http.numConnections=10 - druid.router.http.readTimeout=PT5M - druid.router.http.numMaxThreads=10 - druid.server.http.numThreads=10 - - # Service discovery - druid.router.defaultBrokerServiceName=druid/broker - druid.router.coordinatorServiceName=druid/coordinator - - # Management proxy to coordinator / overlord: required for unified web console. - druid.router.managementProxy.enabled=true - extra.jvm.options: |- - -Xmx512M - -Xms512M diff --git a/druid-operator/examples/tiny-cluster-mmless.yaml b/druid-operator/examples/tiny-cluster-mmless.yaml deleted file mode 100644 index b55493b064ec..000000000000 --- a/druid-operator/examples/tiny-cluster-mmless.yaml +++ /dev/null @@ -1,385 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# uses minio. -# run ```make helm-minio-install``` to install minio -apiVersion: "druid.apache.org/v1alpha1" -kind: "Druid" -metadata: - name: tiny-cluster -spec: - image: apache/druid:28.0.0 - # Optionally specify image for all nodes. Can be specify on nodes also - # imagePullSecrets: - # - name: tutu - startScript: /druid.sh - scalePvcSts: true - rollingDeploy: true - defaultProbes: false - podLabels: - environment: stage - release: alpha - podAnnotations: - dummy: k8s_extn_needs_atleast_one_annotation - additionalContainer: - - containerName: mysqlconnector - runAsInit: true - image: apache/druid:27.0.0 - command: - - "sh" - - "-c" - - "wget -O /tmp/mysql-connector-j-8.0.32.tar.gz https://downloads.mysql.com/archives/get/p/3/file/mysql-connector-j-8.0.32.tar.gz && cd /tmp && tar -xf /tmp/mysql-connector-j-8.0.32.tar.gz && cp /tmp/mysql-connector-j-8.0.32/mysql-connector-j-8.0.32.jar /opt/druid/extensions/mysql-connector/mysql-connector-java.jar" - volumeMounts: - - name: mysqlconnector - mountPath: "/opt/druid/extensions/mysql-connector" - volumes: - - name: mysqlconnector - emptyDir: {} - volumeMounts: - - name: mysqlconnector - mountPath: "/opt/druid/extensions/mysql-connector" - securityContext: - fsGroup: 0 - runAsUser: 0 - runAsGroup: 0 - containerSecurityContext: - privileged: true - services: - - spec: - type: ClusterIP - clusterIP: None - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - jvm.options: |- - -server - -Djava.net.preferIPv4Stack=true - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - log4j.config: |- - - - - - - - - - - - - - - - - - - common.runtime.properties: | - # - # Zookeeper-less Druid Cluster - # - druid.zk.service.enabled=false - druid.discovery.type=k8s - druid.discovery.k8s.clusterIdentifier=druid-it - druid.serverview.type=http - druid.coordinator.loadqueuepeon.type=http - druid.indexer.runner.type=httpRemote - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/var/druid/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - # Deep Storage - druid.storage.type=s3 - druid.storage.bucket=druid - druid.storage.baseKey=druid/segments - druid.s3.accessKey=minio - druid.s3.secretKey=minio123 - druid.s3.protocol=http - druid.s3.enabePathStyleAccess=true - druid.s3.endpoint.signingRegion=us-east-1 - druid.s3.enablePathStyleAccess=true - druid.s3.endpoint.url=http://myminio-hl.druid.svc.cluster.local:9000/ - # - # Extensions - # - druid.extensions.loadList=["druid-kubernetes-overlord-extensions", "druid-avro-extensions", "druid-s3-extensions", "druid-hdfs-storage", "druid-kafka-indexing-service", "druid-datasketches", "druid-kubernetes-extensions"] - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - druid.indexer.logs.type=s3 - druid.indexer.logs.s3Bucket=druid - druid.indexer.logs.s3Prefix=druid/indexing-logs - druid.lookup.enableLookupSyncOnStartup=false - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - nodes: - brokers: - # Optionally specify for running broker as Deployment - kind: Deployment - nodeType: "broker" - # Optionally specify for broker nodes - # imagePullSecrets: - # - name: tutu - priorityClassName: system-cluster-critical - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - runtime.properties: | - druid.service=druid/broker - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=40 - # Processing threads and buffers - druid.processing.buffer.sizeBytes=25000000 - druid.sql.enable=true - druid.host=druid-tiny-cluster-brokers - extra.jvm.options: |- - -Xmx512m - -Xms512m - - coordinators: - # Optionally specify for running coordinator as Deployment - kind: Deployment - nodeType: "coordinator" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: | - druid.service=druid/coordinator - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - # Configure this coordinator to also run as Overlord - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - druid.indexer.queue.startDelay=PT30S - druid.indexer.runner.capacity: 2 - druid.indexer.runner.namespace: druid - druid.indexer.runner.type: k8s - druid.indexer.task.encapsulatedTask: true - druid.host=druid-tiny-cluster-coordinators - extra.jvm.options: |- - -Xmx800m - -Xms800m - - hot: - nodeType: "historical" - druid.port: 8088 - resources: - requests: - memory: "1.5Mi" - cpu: "1" - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - livenessProbe: - failureThreshold: 10 - httpGet: - path: /status/health - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - startUpProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - volumeMounts: - - mountPath: /druid/data/segments - name: hot-volume - volumeClaimTemplates: - - metadata: - name: hot-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: gp2 - runtime.properties: | - druid.service=druid/hot - druid.server.tier=hot - druid.server.priority=1 - druid.processing.buffer.sizeBytes=25000000 - druid.processing.numThreads=2 - # Segment storage - druid.segmentCache.locations=[{"path":"/druid/data/segments","maxSize":1000000000}] - druid.server.maxSize=1000000000 - druid.host=druid-tiny-cluster-hot - extra.jvm.options: |- - -Xmx512m - -Xms512m - - cold: - nodeType: "historical" - druid.port: 8088 - resources: - requests: - memory: "0.5Mi" - cpu: "0.5" - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - livenessProbe: - failureThreshold: 10 - httpGet: - path: /status/health - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - startUpProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - volumeMounts: - - mountPath: /druid/data/segments - name: cold-volume - volumeClaimTemplates: - - metadata: - name: cold-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: gp2 - runtime.properties: | - druid.service=druid/cold - druid.server.tier=cold - druid.server.priority=0 - druid.processing.buffer.sizeBytes=25000000 - druid.processing.numThreads=2 - # Segment storage - druid.segmentCache.locations=[{"path":"/druid/data/segments","maxSize":2000000000}] - druid.server.maxSize=2000000000 - druid.host=druid-tiny-cluster-cold - extra.jvm.options: |- - -Xmx512m - -Xms512m - - routers: - nodeType: "router" - druid.port: 8088 - kind: Deployment - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/router" - replicas: 1 - runtime.properties: | - druid.service=druid/router - # HTTP proxy - druid.router.http.numConnections=50 - druid.router.http.readTimeout=PT5M - druid.router.http.numMaxThreads=100 - druid.server.http.numThreads=100 - # Service discovery - druid.router.defaultBrokerServiceName=druid/broker - druid.router.coordinatorServiceName=druid/coordinator - # Management proxy to coordinator / overlord: required for unified web console. - druid.router.managementProxy.enabled=true - druid.host=druid-tiny-cluster-routers ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: druid-cluster -rules: -- apiGroups: - - "" - resources: - - pods - - configmaps - verbs: - - '*' -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["get", "watch", "list", "delete", "create"] -- apiGroups: [""] - resources: ["pods", "pods/log"] - verbs: ["get", "watch", "list", "delete", "create"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: druid-cluster -subjects: -- kind: ServiceAccount - name: default -roleRef: - kind: Role - name: druid-cluster - apiGroup: rbac.authorization.k8s.io diff --git a/druid-operator/examples/tiny-cluster-zk.yaml b/druid-operator/examples/tiny-cluster-zk.yaml deleted file mode 100644 index a451d6bfaf0b..000000000000 --- a/druid-operator/examples/tiny-cluster-zk.yaml +++ /dev/null @@ -1,86 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- ---- -apiVersion: v1 -kind: Service -metadata: - name: tiny-cluster-zk -spec: - clusterIP: None - ports: - - name: zk-client-port - port: 2181 - - name: zk-fwr-port - port: 2888 - - name: zk-elec-port - port: 3888 - selector: - zk_cluster: tiny-cluster-zk ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - labels: - zk_cluster: tiny-cluster-zk - name: tiny-cluster-zk -spec: - replicas: 1 - selector: - matchLabels: - zk_cluster: tiny-cluster-zk - serviceName: tiny-cluster-zk - template: - metadata: - labels: - zk_cluster: tiny-cluster-zk - spec: - containers: - - env: - - name: ZOO_SERVERS - value: server.1=tiny-cluster-zk-0.tiny-cluster-zk:2888:3888;2181 - - name: SERVER_JVMFLAGS - value: -Xms256m -Xmx256m - image: zookeeper:3.7.0 - name: tiny-cluster-zk - command: - - /bin/sh - args: - - -c - - ZOO_MY_ID=$(( $(echo `hostname -s` | sed 's/[^0-9]//g') + 1 )) /docker-entrypoint.sh zkServer.sh start-foreground - ports: - - containerPort: 2181 - name: zk-client-port - - containerPort: 2888 - name: zk-fwr-port - - containerPort: 3888 - name: zk-elec-port - resources: - limits: - cpu: 1 - memory: 512Mi - requests: - cpu: 1 - memory: 512Mi - volumeMounts: - - mountPath: /data - name: druid-test-zk-data - - mountPath: /datalog - name: druid-test-zk-data-log - volumes: - - name: druid-test-zk-data - emptyDir: {} - - name: druid-test-zk-data-log - emptyDir: {} diff --git a/druid-operator/examples/tiny-cluster.yaml b/druid-operator/examples/tiny-cluster.yaml deleted file mode 100644 index 671c52d4834a..000000000000 --- a/druid-operator/examples/tiny-cluster.yaml +++ /dev/null @@ -1,382 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -# This spec only works on a single node kubernetes cluster(e.g. typical k8s cluster setup for dev using kind/minikube or single node AWS EKS cluster etc) -# as it uses local disk as "deep storage". -# -apiVersion: "druid.apache.org/v1alpha1" -kind: "Druid" -metadata: - name: tiny-cluster -spec: - image: apache/druid:25.0.0 - # Optionally specify image for all nodes. Can be specify on nodes also - # imagePullSecrets: - # - name: tutu - startScript: /druid.sh - podLabels: - environment: stage - release: alpha - podAnnotations: - dummykey: dummyval - readinessProbe: - httpGet: - path: /status/health - port: 8088 - securityContext: - fsGroup: 1000 - runAsUser: 1000 - runAsGroup: 1000 - services: - - spec: - type: ClusterIP - clusterIP: None - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - -Djava.io.tmpdir=/druid/data - log4j.config: |- - - - - - - - - - - - - - - common.runtime.properties: | - - # Zookeeper - druid.zk.service.host=tiny-cluster-zk-0.tiny-cluster-zk - druid.zk.paths.base=/druid - druid.zk.service.compress=false - - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/druid/data/derbydb/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - - # Deep Storage - druid.storage.type=local - druid.storage.storageDirectory=/druid/deepstorage - # - # Extensions - # - druid.extensions.loadList=["druid-kafka-indexing-service"] - - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - - druid.indexer.logs.type=file - druid.indexer.logs.directory=/druid/data/indexing-logs - druid.lookup.enableLookupSyncOnStartup=false - - metricDimensions.json: |- - { - "query/time" : { "dimensions" : ["dataSource", "type"], "type" : "timer"}, - "query/bytes" : { "dimensions" : ["dataSource", "type"], "type" : "count"}, - "query/node/time" : { "dimensions" : ["server"], "type" : "timer"}, - "query/node/ttfb" : { "dimensions" : ["server"], "type" : "timer"}, - "query/node/bytes" : { "dimensions" : ["server"], "type" : "count"}, - "query/node/backpressure": { "dimensions" : ["server"], "type" : "timer"}, - "query/intervalChunk/time" : { "dimensions" : [], "type" : "timer"}, - - "query/segment/time" : { "dimensions" : [], "type" : "timer"}, - "query/wait/time" : { "dimensions" : [], "type" : "timer"}, - "segment/scan/pending" : { "dimensions" : [], "type" : "gauge"}, - "query/segmentAndCache/time" : { "dimensions" : [], "type" : "timer" }, - "query/cpu/time" : { "dimensions" : ["dataSource", "type"], "type" : "timer" }, - - "query/count" : { "dimensions" : [], "type" : "count" }, - "query/success/count" : { "dimensions" : [], "type" : "count" }, - "query/failed/count" : { "dimensions" : [], "type" : "count" }, - "query/interrupted/count" : { "dimensions" : [], "type" : "count" }, - "query/timeout/count" : { "dimensions" : [], "type" : "count" }, - - "query/cache/delta/numEntries" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/sizeBytes" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/hits" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/misses" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/evictions" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/hitRate" : { "dimensions" : [], "type" : "count", "convertRange" : true }, - "query/cache/delta/averageBytes" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/timeouts" : { "dimensions" : [], "type" : "count" }, - "query/cache/delta/errors" : { "dimensions" : [], "type" : "count" }, - - "query/cache/total/numEntries" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/sizeBytes" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/hits" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/misses" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/evictions" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/hitRate" : { "dimensions" : [], "type" : "gauge", "convertRange" : true }, - "query/cache/total/averageBytes" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/timeouts" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/total/errors" : { "dimensions" : [], "type" : "gauge" }, - - "ingest/events/thrownAway" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/events/unparseable" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/events/duplicate" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/events/processed" : { "dimensions" : ["dataSource", "taskType", "taskId"], "type" : "count" }, - "ingest/events/messageGap" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "ingest/rows/output" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/persists/count" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/persists/time" : { "dimensions" : ["dataSource"], "type" : "timer" }, - "ingest/persists/cpu" : { "dimensions" : ["dataSource"], "type" : "timer" }, - "ingest/persists/backPressure" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "ingest/persists/failed" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/handoff/failed" : { "dimensions" : ["dataSource"], "type" : "count" }, - "ingest/merge/time" : { "dimensions" : ["dataSource"], "type" : "timer" }, - "ingest/merge/cpu" : { "dimensions" : ["dataSource"], "type" : "timer" }, - - "ingest/kafka/lag" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "ingest/kafka/maxLag" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "ingest/kafka/avgLag" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - - "task/success/count" : { "dimensions" : ["dataSource"], "type" : "count" }, - "task/failed/count" : { "dimensions" : ["dataSource"], "type" : "count" }, - "task/running/count" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "task/pending/count" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "task/waiting/count" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - - "taskSlot/total/count" : { "dimensions" : [], "type" : "gauge" }, - "taskSlot/idle/count" : { "dimensions" : [], "type" : "gauge" }, - "taskSlot/busy/count" : { "dimensions" : [], "type" : "gauge" }, - "taskSlot/lazy/count" : { "dimensions" : [], "type" : "gauge" }, - "taskSlot/blacklisted/count" : { "dimensions" : [], "type" : "gauge" }, - - "task/run/time" : { "dimensions" : ["dataSource", "taskType"], "type" : "timer" }, - "segment/added/bytes" : { "dimensions" : ["dataSource", "taskType"], "type" : "count" }, - "segment/moved/bytes" : { "dimensions" : ["dataSource", "taskType"], "type" : "count" }, - "segment/nuked/bytes" : { "dimensions" : ["dataSource", "taskType"], "type" : "count" }, - - "segment/assigned/count" : { "dimensions" : ["tier"], "type" : "count" }, - "segment/moved/count" : { "dimensions" : ["tier"], "type" : "count" }, - "segment/dropped/count" : { "dimensions" : ["tier"], "type" : "count" }, - "segment/deleted/count" : { "dimensions" : ["tier"], "type" : "count" }, - "segment/unneeded/count" : { "dimensions" : ["tier"], "type" : "count" }, - "segment/unavailable/count" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "segment/underReplicated/count" : { "dimensions" : ["dataSource", "tier"], "type" : "gauge" }, - "segment/loadQueue/size" : { "dimensions" : ["server"], "type" : "gauge" }, - "segment/loadQueue/failed" : { "dimensions" : ["server"], "type" : "gauge" }, - "segment/loadQueue/count" : { "dimensions" : ["server"], "type" : "gauge" }, - "segment/dropQueue/count" : { "dimensions" : ["server"], "type" : "gauge" }, - "segment/size" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "segment/overShadowed/count" : { "dimensions" : [], "type" : "gauge" }, - - "segment/max" : { "dimensions" : [], "type" : "gauge"}, - "segment/used" : { "dimensions" : ["dataSource", "tier", "priority"], "type" : "gauge" }, - "segment/usedPercent" : { "dimensions" : ["dataSource", "tier", "priority"], "type" : "gauge", "convertRange" : true }, - "segment/pendingDelete" : { "dimensions" : [], "type" : "gauge"}, - - "jvm/pool/committed" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" }, - "jvm/pool/init" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" }, - "jvm/pool/max" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" }, - "jvm/pool/used" : { "dimensions" : ["poolKind", "poolName"], "type" : "gauge" }, - "jvm/bufferpool/count" : { "dimensions" : ["bufferpoolName"], "type" : "gauge" }, - "jvm/bufferpool/used" : { "dimensions" : ["bufferpoolName"], "type" : "gauge" }, - "jvm/bufferpool/capacity" : { "dimensions" : ["bufferpoolName"], "type" : "gauge" }, - "jvm/mem/init" : { "dimensions" : ["memKind"], "type" : "gauge" }, - "jvm/mem/max" : { "dimensions" : ["memKind"], "type" : "gauge" }, - "jvm/mem/used" : { "dimensions" : ["memKind"], "type" : "gauge" }, - "jvm/mem/committed" : { "dimensions" : ["memKind"], "type" : "gauge" }, - "jvm/gc/count" : { "dimensions" : ["gcName", "gcGen"], "type" : "count" }, - "jvm/gc/cpu" : { "dimensions" : ["gcName", "gcGen"], "type" : "count" }, - - "ingest/events/buffered" : { "dimensions" : ["serviceName", "bufferCapacity"], "type" : "gauge"}, - - "sys/swap/free" : { "dimensions" : [], "type" : "gauge"}, - "sys/swap/max" : { "dimensions" : [], "type" : "gauge"}, - "sys/swap/pageIn" : { "dimensions" : [], "type" : "gauge"}, - "sys/swap/pageOut" : { "dimensions" : [], "type" : "gauge"}, - "sys/disk/write/count" : { "dimensions" : ["fsDevName"], "type" : "count"}, - "sys/disk/read/count" : { "dimensions" : ["fsDevName"], "type" : "count"}, - "sys/disk/write/size" : { "dimensions" : ["fsDevName"], "type" : "count"}, - "sys/disk/read/size" : { "dimensions" : ["fsDevName"], "type" : "count"}, - "sys/net/write/size" : { "dimensions" : [], "type" : "count"}, - "sys/net/read/size" : { "dimensions" : [], "type" : "count"}, - "sys/fs/used" : { "dimensions" : ["fsDevName", "fsDirName", "fsTypeName", "fsSysTypeName", "fsOptions"], "type" : "gauge"}, - "sys/fs/max" : { "dimensions" : ["fsDevName", "fsDirName", "fsTypeName", "fsSysTypeName", "fsOptions"], "type" : "gauge"}, - "sys/mem/used" : { "dimensions" : [], "type" : "gauge"}, - "sys/mem/max" : { "dimensions" : [], "type" : "gauge"}, - "sys/storage/used" : { "dimensions" : ["fsDirName"], "type" : "gauge"}, - "sys/cpu" : { "dimensions" : ["cpuName", "cpuTime"], "type" : "gauge"}, - - "coordinator-segment/count" : { "dimensions" : ["dataSource"], "type" : "gauge" }, - "historical-segment/count" : { "dimensions" : ["dataSource", "tier", "priority"], "type" : "gauge" }, - - "jetty/numOpenConnections" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/caffeine/total/requests" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/caffeine/total/loadTime" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/caffeine/total/evictionBytes" : { "dimensions" : [], "type" : "gauge" }, - "query/cache/memcached/total" : { "dimensions" : ["[MEM] Reconnecting Nodes (ReconnectQueue)", - "[MEM] Request Rate: All", - "[MEM] Average Bytes written to OS per write", - "[MEM] Average Bytes read from OS per read", - "[MEM] Response Rate: All (Failure + Success + Retry)", - "[MEM] Response Rate: Retry", - "[MEM] Response Rate: Failure", - "[MEM] Response Rate: Success"], - "type" : "gauge" }, - "query/cache/caffeine/delta/requests" : { "dimensions" : [], "type" : "count" }, - "query/cache/caffeine/delta/loadTime" : { "dimensions" : [], "type" : "count" }, - "query/cache/caffeine/delta/evictionBytes" : { "dimensions" : [], "type" : "count" }, - "query/cache/memcached/delta" : { "dimensions" : ["[MEM] Reconnecting Nodes (ReconnectQueue)", - "[MEM] Request Rate: All", - "[MEM] Average Bytes written to OS per write", - "[MEM] Average Bytes read from OS per read", - "[MEM] Response Rate: All (Failure + Success + Retry)", - "[MEM] Response Rate: Retry", - "[MEM] Response Rate: Failure", - "[MEM] Response Rate: Success"], - "type" : "count" } - } - - volumeMounts: - - mountPath: /druid/data - name: data-volume - - mountPath: /druid/deepstorage - name: deepstorage-volume - volumes: - - name: data-volume - emptyDir: {} - - name: deepstorage-volume - hostPath: - path: /tmp/druid/deepstorage - type: DirectoryOrCreate - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - nodes: - brokers: - # Optionally specify for running broker as Deployment - # kind: Deployment - nodeType: "broker" - # Optionally specify for broker nodes - # imagePullSecrets: - # - name: tutu - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - volumeClaimTemplates: - - metadata: - name: data-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 2Gi - storageClassName: standard - runtime.properties: | - druid.service=druid/broker - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=10 - # Processing threads and buffers - druid.processing.buffer.sizeBytes=1 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - druid.sql.enable=true - extra.jvm.options: |- - -Xmx512M - -Xms512M - - coordinators: - # Optionally specify for running coordinator as Deployment - # kind: Deployment - nodeType: "coordinator" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: | - druid.service=druid/coordinator - - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - - # Configure this coordinator to also run as Overlord - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - druid.indexer.queue.startDelay=PT30S - druid.indexer.runner.type=local - extra.jvm.options: |- - -Xmx512M - -Xms512M - - historicals: - nodeType: "historical" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - runtime.properties: | - druid.service=druid/historical - druid.server.http.numThreads=5 - druid.processing.buffer.sizeBytes=536870912 - druid.processing.numMergeBuffers=1 - druid.processing.numThreads=1 - - # Segment storage - druid.segmentCache.locations=[{\"path\":\"/druid/data/segments\",\"maxSize\":10737418240}] - druid.server.maxSize=10737418240 - extra.jvm.options: |- - -Xmx512M - -Xms512M - - routers: - nodeType: "router" - druid.port: 8088 - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/router" - replicas: 1 - runtime.properties: | - druid.service=druid/router - - # HTTP proxy - druid.router.http.numConnections=10 - druid.router.http.readTimeout=PT5M - druid.router.http.numMaxThreads=10 - druid.server.http.numThreads=10 - - # Service discovery - druid.router.defaultBrokerServiceName=druid/broker - druid.router.coordinatorServiceName=druid/coordinator - - # Management proxy to coordinator / overlord: required for unified web console. - druid.router.managementProxy.enabled=true - extra.jvm.options: |- - -Xmx512M - -Xms512M diff --git a/druid-operator/go.mod b/druid-operator/go.mod deleted file mode 100644 index 9af90909212c..000000000000 --- a/druid-operator/go.mod +++ /dev/null @@ -1,95 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -module github.com/datainfrahq/druid-operator - -go 1.20 - -require ( - github.com/datainfrahq/operator-runtime v0.0.2-0.20230425161705-667c247a660b - github.com/ghodss/yaml v1.0.0 - github.com/go-logr/logr v1.2.4 - github.com/onsi/ginkgo/v2 v2.9.5 - github.com/onsi/gomega v1.27.7 - github.com/stretchr/testify v1.8.1 - k8s.io/api v0.27.7 - k8s.io/apimachinery v0.27.7 - k8s.io/client-go v0.27.7 - sigs.k8s.io/controller-runtime v0.15.3 -) - -require ( - github.com/beorn7/perks v1.0.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/emicklei/go-restful/v3 v3.9.0 // indirect - github.com/evanphx/json-patch v4.12.0+incompatible // indirect - github.com/evanphx/json-patch/v5 v5.6.0 // indirect - github.com/fsnotify/fsnotify v1.6.0 // indirect - github.com/go-logr/zapr v1.2.4 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.1 // indirect - github.com/go-openapi/swag v0.22.3 // indirect - github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-cmp v0.5.9 // indirect - github.com/google/gofuzz v1.1.0 // indirect - github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect - github.com/google/uuid v1.3.0 // indirect - github.com/imdario/mergo v0.3.12 // indirect - github.com/josharian/intern v1.0.0 // indirect - github.com/json-iterator/go v1.1.12 // indirect - github.com/mailru/easyjson v0.7.7 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/client_golang v1.15.1 // indirect - github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.42.0 // indirect - github.com/prometheus/procfs v0.9.0 // indirect - github.com/spf13/pflag v1.0.5 // indirect - go.uber.org/atomic v1.7.0 // indirect - go.uber.org/multierr v1.6.0 // indirect - go.uber.org/zap v1.24.0 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/oauth2 v0.5.0 // indirect - golang.org/x/sys v0.13.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect - golang.org/x/time v0.3.0 // indirect - golang.org/x/tools v0.9.1 // indirect - gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.30.0 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.27.7 // indirect - k8s.io/component-base v0.27.7 // indirect - k8s.io/klog/v2 v2.90.1 // indirect - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect -) diff --git a/druid-operator/go.sum b/druid-operator/go.sum deleted file mode 100644 index 43ed29b75361..000000000000 --- a/druid-operator/go.sum +++ /dev/null @@ -1,290 +0,0 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= -github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/datainfrahq/operator-runtime v0.0.2-0.20230425161705-667c247a660b h1:BuG3c4Gh7l44zBdEGiwXQHwI0f2nZ3igBjpByr89928= -github.com/datainfrahq/operator-runtime v0.0.2-0.20230425161705-667c247a660b/go.mod h1:Pd4ny0zdmpQIBYtZnK1knh0DFqUQ6LIdi71DsAXDr3E= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= -github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= -github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= -github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= -github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= -github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= -github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= -github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= -github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.9.5 h1:+6Hr4uxzP4XIUyAkg61dWBw8lb/gc4/X5luuxN/EC+Q= -github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= -github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU= -github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= -github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.15.1 h1:8tXpTmJbyH5lydzFPoxSIJ0J46jdh3tylbvM1xCv0LI= -github.com/prometheus/client_golang v1.15.1/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= -github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= -github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= -github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= -github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= -go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= -go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= -go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s= -golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= -golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.9.1 h1:8WMNJAz3zrtPmnYC7ISf5dEn3MT0gY7jBJfw27yrrLo= -golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.3.0 h1:8NFhfS6gzxNqjLIYnZxg319wZ5Qjnx4m/CcX+Klzazc= -gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.27.7 h1:7yG4D3t/q4utJe2ptlRw9aPuxcSmroTsYxsofkQNl/A= -k8s.io/api v0.27.7/go.mod h1:ZNExI/Lhrs9YrLgVWx6jjHZdoWCTXfBXuFjt1X6olro= -k8s.io/apiextensions-apiserver v0.27.7 h1:YqIOwZAUokzxJIjunmUd4zS1v3JhK34EPXn+pP0/bsU= -k8s.io/apiextensions-apiserver v0.27.7/go.mod h1:x0p+b5a955lfPz9gaDeBy43obM12s+N9dNHK6+dUL+g= -k8s.io/apimachinery v0.27.7 h1:Gxgtb7Y/Rsu8ymgmUEaiErkxa6RY4oTd8kNUI6SUR58= -k8s.io/apimachinery v0.27.7/go.mod h1:jBGQgTjkw99ef6q5hv1YurDd3BqKDk9YRxmX0Ozo0i8= -k8s.io/client-go v0.27.7 h1:+Xgh9OOKv6A3qdD4Dnl/0VOI5EvAv+0s/OseDxVVTwQ= -k8s.io/client-go v0.27.7/go.mod h1:dZ2kqcalYp5YZ2EV12XIMc77G6PxHWOJp/kclZr4+5Q= -k8s.io/component-base v0.27.7 h1:kngM58HR9W9Nqpv7e4rpdRyWnKl/ABpUhLAZ+HoliMs= -k8s.io/component-base v0.27.7/go.mod h1:YGjlCVL1oeKvG3HSciyPHFh+LCjIEqsxz4BDR3cfHRs= -k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= -k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= -k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.15.3 h1:L+t5heIaI3zeejoIyyvLQs5vTVu/67IU2FfisVzFlBc= -sigs.k8s.io/controller-runtime v0.15.3/go.mod h1:kp4jckA4vTx281S/0Yk2LFEEQe67mjg+ev/yknv47Ds= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/druid-operator/hack/api-docs/config.json b/druid-operator/hack/api-docs/config.json deleted file mode 100644 index 6f886756fe17..000000000000 --- a/druid-operator/hack/api-docs/config.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "hideMemberFields": [ - "TypeMeta" - ], - "hideTypePatterns": [ - "ParseError$", - "List$" - ], - "externalPackages": [ - { - "typeMatchPrefix": "^k8s\\.io/apimachinery/pkg/apis/meta/v1\\.Duration$", - "docsURLTemplate": "https://godoc.org/k8s.io/apimachinery/pkg/apis/meta/v1#Duration" - }, - { - "typeMatchPrefix": "^k8s\\.io/apiextensions-apiserver/pkg/apis/apiextensions/v1\\.JSON$", - "docsURLTemplate": "https://pkg.go.dev/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1?tab=doc#JSON" - }, - { - "typeMatchPrefix": "^k8s\\.io/(api|apimachinery/pkg/apis)/", - "docsURLTemplate": "https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#{{lower .TypeIdentifier}}-{{arrIndex .PackageSegments -1}}-{{arrIndex .PackageSegments -2}}" - } - ], - "typeDisplayNamePrefixOverrides": { - "k8s.io/api/": "Kubernetes ", - "k8s.io/apimachinery/pkg/apis/": "Kubernetes ", - "k8s.io/apiextensions-apiserver/": "Kubernetes " - }, - "markdownDisabled": false -} diff --git a/druid-operator/hack/api-docs/template/members.tpl b/druid-operator/hack/api-docs/template/members.tpl deleted file mode 100644 index 173273ee3831..000000000000 --- a/druid-operator/hack/api-docs/template/members.tpl +++ /dev/null @@ -1,64 +0,0 @@ -{{/* -Licensed to the Apache Software Foundation (ASF) under one or more -contributor license agreements. See the NOTICE file distributed with -this work for additional information regarding copyright ownership. -The ASF licenses this file to You under the Apache License, Version 2.0 -(the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -------------------------------------------------------------------------- -*/}} - -{{ define "members" }} - {{ range .Members }} - {{ if not (hiddenMember .)}} - - - {{ fieldName . }}
    - - {{ if linkForType .Type }} - - {{ typeDisplayName .Type }} - - {{ else }} - {{ typeDisplayName .Type }} - {{ end }} - - - - {{ if fieldEmbedded . }} -

    - (Members of {{ fieldName . }} are embedded into this type.) -

    - {{ end}} - - {{ if isOptionalMember .}} - (Optional) - {{ end }} - - {{ safe (renderComments .CommentLines) }} - - {{ if and (eq (.Type.Name.Name) "ObjectMeta") }} - Refer to the Kubernetes API documentation for the fields of the - metadata field. - {{ end }} - - {{ if or (eq (fieldName .) "spec") }} -
    -
    - - {{ template "members" .Type }} -
    - {{ end }} - - - {{ end }} - {{ end }} -{{ end }} diff --git a/druid-operator/hack/api-docs/template/pkg.tpl b/druid-operator/hack/api-docs/template/pkg.tpl deleted file mode 100644 index ee8aefc7cd1a..000000000000 --- a/druid-operator/hack/api-docs/template/pkg.tpl +++ /dev/null @@ -1,64 +0,0 @@ -{{/* -Licensed to the Apache Software Foundation (ASF) under one or more -contributor license agreements. See the NOTICE file distributed with -this work for additional information regarding copyright ownership. -The ASF licenses this file to You under the Apache License, Version 2.0 -(the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -------------------------------------------------------------------------- -*/}} - -{{ define "packages" }} -

    Druid API reference

    - - {{ with .packages}} -

    Packages:

    - - {{ end}} - - {{ range .packages }} -

    - {{- packageDisplayName . -}} -

    - - {{ with (index .GoPackages 0 )}} - {{ with .DocComments }} - {{ safe (renderComments .) }} - {{ end }} - {{ end }} - - Resource Types: - -
      - {{- range (visibleTypes (sortedTypes .Types)) -}} - {{ if isExportedType . -}} -
    • - {{ typeDisplayName . }} -
      • - {{- end }} - {{- end -}} -
    - - {{ range (visibleTypes (sortedTypes .Types))}} - {{ template "type" . }} - {{ end }} - {{ end }} - -
    -

    This page was automatically generated with gen-crd-api-reference-docs

    -
    -{{ end }} diff --git a/druid-operator/hack/api-docs/template/type.tpl b/druid-operator/hack/api-docs/template/type.tpl deleted file mode 100644 index ca147ed3c5c7..000000000000 --- a/druid-operator/hack/api-docs/template/type.tpl +++ /dev/null @@ -1,78 +0,0 @@ -{{/* -Licensed to the Apache Software Foundation (ASF) under one or more -contributor license agreements. See the NOTICE file distributed with -this work for additional information regarding copyright ownership. -The ASF licenses this file to You under the Apache License, Version 2.0 -(the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -------------------------------------------------------------------------- -*/}} - -{{ define "type" }} -

    - {{- .Name.Name }} - {{ if eq .Kind "Alias" }}({{.Underlying}} alias){{ end -}} -

    - - {{ with (typeReferences .) }} -

    - (Appears on: - {{- $prev := "" -}} - {{- range . -}} - {{- if $prev -}}, {{ end -}} - {{ $prev = . }} - {{ typeDisplayName . }} - {{- end -}} - ) -

    - {{ end }} - - {{ with .CommentLines }} - {{ safe (renderComments .) }} - {{ end }} - - {{ if .Members }} -
    -
    - - - - - - - - - {{ if isExportedType . }} - - - - - - - - - {{ end }} - {{ template "members" . }} - -
    FieldDescription
    - apiVersion
    - string    		 - {{ apiGroup . }} -
    - kind
    - string -     		- {{ .Name.Name }} -
    -
    -
    - {{ end }} -{{ end }} diff --git a/druid-operator/hack/boilerplate.go.txt b/druid-operator/hack/boilerplate.go.txt deleted file mode 100644 index af89b2a6519a..000000000000 --- a/druid-operator/hack/boilerplate.go.txt +++ /dev/null @@ -1,20 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - \ No newline at end of file diff --git a/druid-operator/main.go b/druid-operator/main.go deleted file mode 100644 index 857f01c026c4..000000000000 --- a/druid-operator/main.go +++ /dev/null @@ -1,142 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package main - -import ( - "flag" - "os" - "strings" - - "github.com/datainfrahq/druid-operator/controllers/druid" - // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) - // to ensure that exec-entrypoint and run can make use of them. - _ "k8s.io/client-go/plugin/pkg/client/auth" - "sigs.k8s.io/controller-runtime/pkg/cache" - - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - clientgoscheme "k8s.io/client-go/kubernetes/scheme" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/healthz" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - - druidv1alpha1 "github.com/datainfrahq/druid-operator/apis/druid/v1alpha1" - druidingestioncontrollers "github.com/datainfrahq/druid-operator/controllers/ingestion" - //+kubebuilder:scaffold:imports -) - -var ( - scheme = runtime.NewScheme() - setupLog = ctrl.Log.WithName("setup") - watchNamespace = os.Getenv("WATCH_NAMESPACE") -) - -func init() { - utilruntime.Must(clientgoscheme.AddToScheme(scheme)) - - utilruntime.Must(druidv1alpha1.AddToScheme(scheme)) - //+kubebuilder:scaffold:scheme -} - -func main() { - var metricsAddr string - var enableLeaderElection bool - var probeAddr string - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") - flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") - flag.BoolVar(&enableLeaderElection, "leader-elect", false, - "Enable leader election for controller manager. "+ - "Enabling this will ensure there is only one active controller manager.") - opts := zap.Options{ - Development: true, - } - opts.BindFlags(flag.CommandLine) - flag.Parse() - - ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) - - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ - Scheme: scheme, - MetricsBindAddress: metricsAddr, - Port: 9443, - HealthProbeBindAddress: probeAddr, - LeaderElection: enableLeaderElection, - LeaderElectionID: "e6946145.apache.org", - Namespace: os.Getenv("WATCH_NAMESPACE"), - NewCache: watchNamespaceCache(), - // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily - // when the Manager ends. This requires the binary to immediately end when the - // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly - // speeds up voluntary leader transitions as the new leader don't have to wait - // LeaseDuration time first. - // - // In the default scaffold provided, the program ends immediately after - // the manager stops, so would be fine to enable this option. However, - // if you are doing or is intended to do any operation such as perform cleanups - // after the manager stops then its usage might be unsafe. - // LeaderElectionReleaseOnCancel: true, - }) - if err != nil { - setupLog.Error(err, "unable to start manager") - os.Exit(1) - } - - if err = (druid.NewDruidReconciler(mgr)).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Druid") - os.Exit(1) - } - - if err = (druidingestioncontrollers.NewDruidIngestionReconciler(mgr)).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "DruidIngestion") - os.Exit(1) - } - - //+kubebuilder:scaffold:builder - - if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { - setupLog.Error(err, "unable to set up health check") - os.Exit(1) - } - if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { - setupLog.Error(err, "unable to set up ready check") - os.Exit(1) - } - - setupLog.Info("starting manager") - if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { - setupLog.Error(err, "problem running manager") - os.Exit(1) - } -} - -func watchNamespaceCache() cache.NewCacheFunc { - var managerWatchCache cache.NewCacheFunc - ns := strings.Split(watchNamespace, ",") - - if len(ns) > 1 { - for i := range ns { - ns[i] = strings.TrimSpace(ns[i]) - } - managerWatchCache = cache.MultiNamespacedCacheBuilder(ns) - return managerWatchCache - } - managerWatchCache = (cache.NewCacheFunc)(nil) - return managerWatchCache -} diff --git a/druid-operator/pkg/druidapi/druidapi.go b/druid-operator/pkg/druidapi/druidapi.go deleted file mode 100644 index 1eae53018d16..000000000000 --- a/druid-operator/pkg/druidapi/druidapi.go +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druidapi - -import ( - "context" - "errors" - "fmt" - "net/url" - "path" - - internalhttp "github.com/datainfrahq/druid-operator/pkg/http" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -const ( - DruidRouterPort = "8088" - OperatorUserName = "OperatorUserName" - OperatorPassword = "OperatorPassword" -) - -type AuthType string - -const ( - BasicAuth AuthType = "basic-auth" -) - -type Auth struct { - // +required - Type AuthType `json:"type"` - // +required - SecretRef v1.SecretReference `json:"secretRef"` - - // UsernameKey specifies the key within the Kubernetes secret that contains the username for authentication. - UsernameKey string `json:"usernameKey,omitempty"` - - // PasswordKey specifies the key within the Kubernetes secret that contains the password for authentication. - PasswordKey string `json:"passwordKey,omitempty"` -} - -// GetAuthCreds retrieves basic authentication credentials from a Kubernetes secret. -// If the Auth object is empty, it returns an empty BasicAuth object. -// Parameters: -// -// ctx: The context object. -// c: The Kubernetes client. -// auth: The Auth object containing the secret reference. -// -// Returns: -// -// BasicAuth: The basic authentication credentials, or an error if authentication retrieval fails. -func GetAuthCreds( - ctx context.Context, - c client.Client, - auth Auth, -) (internalhttp.BasicAuth, error) { - userNameKey := OperatorUserName - passwordKey := OperatorPassword - - if auth.UsernameKey != "" { - userNameKey = auth.UsernameKey - } - - if auth.PasswordKey != "" { - passwordKey = auth.PasswordKey - } - - // Check if the mentioned secret exists - if auth != (Auth{}) { - secret := v1.Secret{} - if err := c.Get(ctx, types.NamespacedName{ - Namespace: auth.SecretRef.Namespace, - Name: auth.SecretRef.Name, - }, &secret); err != nil { - return internalhttp.BasicAuth{}, err - } - - if _, ok := secret.Data[userNameKey]; !ok { - return internalhttp.BasicAuth{}, fmt.Errorf("username key %q not found in secret %s/%s", userNameKey, auth.SecretRef.Namespace, auth.SecretRef.Name) - } - - if _, ok := secret.Data[passwordKey]; !ok { - return internalhttp.BasicAuth{}, fmt.Errorf("password key %q not found in secret %s/%s", passwordKey, auth.SecretRef.Namespace, auth.SecretRef.Name) - } - - creds := internalhttp.BasicAuth{ - UserName: string(secret.Data[userNameKey]), - Password: string(secret.Data[passwordKey]), - } - - return creds, nil - } - - return internalhttp.BasicAuth{}, nil -} - -// MakePath constructs the appropriate path for the specified Druid API. -// Parameters: -// -// baseURL: The base URL of the Druid cluster. For example, http://router-svc.namespace.svc.cluster.local:8088. -// componentType: The type of Druid component. For example, "indexer". -// apiType: The type of Druid API. For example, "worker". -// additionalPaths: Additional path components to be appended to the URL. -// -// Returns: -// -// string: The constructed path. -func MakePath(baseURL, componentType, apiType string, additionalPaths ...string) string { - u, err := url.Parse(baseURL) - if err != nil { - fmt.Println("Error parsing URL:", err) - return "" - } - - // Construct the initial path - u.Path = path.Join("druid", componentType, "v1", apiType) - - // Append additional path components - for _, p := range additionalPaths { - u.Path = path.Join(u.Path, p) - } - - return u.String() -} - -// GetRouterSvcUrl retrieves the URL of the Druid router service. -// Parameters: -// -// namespace: The namespace of the Druid cluster. -// druidClusterName: The name of the Druid cluster. -// c: The Kubernetes client. -// -// Returns: -// -// string: The URL of the Druid router service. -func GetRouterSvcUrl(namespace, druidClusterName string, c client.Client) (string, error) { - listOpts := []client.ListOption{ - client.InNamespace(namespace), - client.MatchingLabels(map[string]string{ - "druid_cr": druidClusterName, - "component": "router", - }), - } - svcList := &v1.ServiceList{} - if err := c.List(context.Background(), svcList, listOpts...); err != nil { - return "", err - } - var svcName string - - for range svcList.Items { - svcName = svcList.Items[0].Name - } - - if svcName == "" { - return "", errors.New("router svc discovery fail") - } - - newName := "http://" + svcName + "." + namespace + ":" + DruidRouterPort - - return newName, nil -} diff --git a/druid-operator/pkg/druidapi/druidapi_test.go b/druid-operator/pkg/druidapi/druidapi_test.go deleted file mode 100644 index aff4fd2d9997..000000000000 --- a/druid-operator/pkg/druidapi/druidapi_test.go +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package druidapi - -import ( - "context" - internalhttp "github.com/datainfrahq/druid-operator/pkg/http" - "github.com/stretchr/testify/assert" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/controller-runtime/pkg/client/fake" - "testing" -) - -func TestGetAuthCreds(t *testing.T) { - tests := []struct { - name string - auth Auth - expected internalhttp.BasicAuth - expectErr bool - }{ - { - name: "default keys present", - auth: Auth{ - Type: BasicAuth, - SecretRef: v1.SecretReference{Name: "test-default", Namespace: "test"}, - }, - expected: internalhttp.BasicAuth{UserName: "test-user", Password: "test-password"}, - expectErr: false, - }, - { - name: "custom keys present", - auth: Auth{ - Type: BasicAuth, - SecretRef: v1.SecretReference{Name: "test", Namespace: "default"}, - UsernameKey: "usr", - PasswordKey: "pwd", - }, - expected: internalhttp.BasicAuth{UserName: "admin", Password: "admin"}, - expectErr: false, - }, - { - name: "custom user key is missing", - auth: Auth{ - Type: BasicAuth, - SecretRef: v1.SecretReference{Name: "test", Namespace: "default"}, - UsernameKey: "nope", - PasswordKey: "pwd", - }, - expected: internalhttp.BasicAuth{}, - expectErr: true, - }, - { - name: "custom user key with default password key", - auth: Auth{ - Type: BasicAuth, - SecretRef: v1.SecretReference{Name: "test", Namespace: "default"}, - UsernameKey: "usr", - }, - expected: internalhttp.BasicAuth{UserName: "admin", Password: "also-admin"}, - expectErr: false, - }, - { - name: "custom password key is missing", - auth: Auth{ - Type: BasicAuth, - SecretRef: v1.SecretReference{Name: "test", Namespace: "default"}, - UsernameKey: "usr", - PasswordKey: "nope", - }, - expected: internalhttp.BasicAuth{}, - expectErr: true, - }, - { - name: "empty auth struct returns no creds", - auth: Auth{}, - expected: internalhttp.BasicAuth{}, - expectErr: false, - }, - } - - client := fake.NewClientBuilder(). - WithObjects(&v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-default", - Namespace: "test", - }, - Data: map[string][]byte{ - OperatorUserName: []byte("test-user"), - OperatorPassword: []byte("test-password"), - }, - }). - WithObjects(&v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "default", - }, - Data: map[string][]byte{ - "usr": []byte("admin"), - "pwd": []byte("admin"), - OperatorPassword: []byte("also-admin"), - }, - }).Build() - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - actual, err := GetAuthCreds(context.TODO(), client, tt.auth) - if tt.expectErr { - assert.Error(t, err) - } else { - assert.NoError(t, err) - } - - assert.Equal(t, tt.expected, actual) - }) - } -} - -func TestMakePath(t *testing.T) { - tests := []struct { - name string - baseURL string - componentType string - apiType string - additionalPaths []string - expected string - }{ - { - name: "NoAdditionalPath", - baseURL: "http://example-druid-service", - componentType: "indexer", - apiType: "task", - expected: "http://example-druid-service/druid/indexer/v1/task", - }, - { - name: "OneAdditionalPath", - baseURL: "http://example-druid-service", - componentType: "indexer", - apiType: "task", - additionalPaths: []string{"extra"}, - expected: "http://example-druid-service/druid/indexer/v1/task/extra", - }, - { - name: "MultipleAdditionalPaths", - baseURL: "http://example-druid-service", - componentType: "coordinator", - apiType: "rules", - additionalPaths: []string{"wikipedia", "history"}, - expected: "http://example-druid-service/druid/coordinator/v1/rules/wikipedia/history", - }, - { - name: "EmptyBaseURL", - baseURL: "", - componentType: "indexer", - apiType: "task", - expected: "druid/indexer/v1/task", - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - actual := MakePath(tt.baseURL, tt.componentType, tt.apiType, tt.additionalPaths...) - if actual != tt.expected { - t.Errorf("makePath() = %v, expected %v", actual, tt.expected) - } - }) - } -} diff --git a/druid-operator/pkg/http/http.go b/druid-operator/pkg/http/http.go deleted file mode 100644 index 695c032114c0..000000000000 --- a/druid-operator/pkg/http/http.go +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package http - -import ( - "bytes" - "io" - "net/http" -) - -// DruidHTTP interface -type DruidHTTP interface { - Do(method, url string, body []byte) (*Response, error) -} - -// HTTP client -type DruidClient struct { - HTTPClient *http.Client - Auth *Auth -} - -func NewHTTPClient(client *http.Client, auth *Auth) DruidHTTP { - newClient := &DruidClient{ - HTTPClient: client, - Auth: auth, - } - - return newClient -} - -// Auth mechanisms supported by Druid control plane to authenticate -// with druid clusters -type Auth struct { - BasicAuth BasicAuth -} - -// BasicAuth -type BasicAuth struct { - UserName string - Password string -} - -// Response passed to controller -type Response struct { - ResponseBody string - StatusCode int -} - -// Do method to be used schema and tenant controller. -func (c *DruidClient) Do(Method, url string, body []byte) (*Response, error) { - - req, err := http.NewRequest(Method, url, bytes.NewBuffer(body)) - if err != nil { - return nil, err - } - - if c.Auth.BasicAuth != (BasicAuth{}) { - req.SetBasicAuth(c.Auth.BasicAuth.UserName, c.Auth.BasicAuth.Password) - } - - req.Header.Add("Content-Type", "application/json") - resp, err := c.HTTPClient.Do(req) - if err != nil { - return nil, err - } - - defer resp.Body.Close() - - responseBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - return &Response{ResponseBody: string(responseBody), StatusCode: resp.StatusCode}, nil -} diff --git a/druid-operator/pkg/util/util.go b/druid-operator/pkg/util/util.go deleted file mode 100644 index ba9025ab92b7..000000000000 --- a/druid-operator/pkg/util/util.go +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package util - -import ( - "encoding/json" - "fmt" - "reflect" -) - -// ToJsonString marshals the given data into a JSON string. -func ToJsonString(data interface{}) (string, error) { - jsonData, err := json.Marshal(data) - if err != nil { - return "", err - } - return string(jsonData), nil -} - -// IncludesJson checks if all key-value pairs in the desired JSON string are present in the current JSON string. -func IncludesJson(currentJson, desiredJson string) (bool, error) { - var current, desired map[string]interface{} - - // Parse the current JSON string - if err := json.Unmarshal([]byte(currentJson), ¤t); err != nil { - return false, fmt.Errorf("error parsing current JSON: %w", err) - } - - // Parse the desired JSON string - if err := json.Unmarshal([]byte(desiredJson), &desired); err != nil { - return false, fmt.Errorf("error parsing desired JSON: %w", err) - } - - // Check if all key-value pairs in desired are present in current - return includes(current, desired), nil -} - -// includes recursively checks if all key-value pairs in the desired map are present in the current map. -func includes(current, desired map[string]interface{}) bool { - for key, desiredValue := range desired { - currentValue, exists := current[key] - if !exists { - return false - } - - if !reflect.DeepEqual(desiredValue, currentValue) { - switch desiredValueTyped := desiredValue.(type) { - case map[string]interface{}: - currentValueTyped, ok := currentValue.(map[string]interface{}) - if !ok || !includes(currentValueTyped, desiredValueTyped) { - return false - } - case []interface{}: - currentValueTyped, ok := currentValue.([]interface{}) - if !ok || !sliceIncludes(currentValueTyped, desiredValueTyped) { - return false - } - default: - return false - } - } - } - return true -} - -// sliceIncludes checks if all elements of the desired slice are present in the current slice. -func sliceIncludes(current, desired []interface{}) bool { - for _, desiredItem := range desired { - found := false - for _, currentItem := range current { - if reflect.DeepEqual(desiredItem, currentItem) { - found = true - break - } - } - if !found { - return false - } - } - return true -} diff --git a/druid-operator/pkg/util/util_test.go b/druid-operator/pkg/util/util_test.go deleted file mode 100644 index c55c68086e72..000000000000 --- a/druid-operator/pkg/util/util_test.go +++ /dev/null @@ -1,184 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package util - -import ( - "testing" -) - -func TestIncludesJson(t *testing.T) { - tests := []struct { - name string - currentJson string - desiredJson string - expectedEqual bool - expectError bool - }{ - { - name: "Exact match", - currentJson: `{ - "key1": "value1", - "key2": "value2" - }`, - desiredJson: `{ - "key1": "value1", - "key2": "value2" - }`, - expectedEqual: true, - expectError: false, - }, - { - name: "Real config not matching", - currentJson: `{ - "type": "default", - "selectStrategy": { - "type": "fillCapacityWithCategorySpec", - "workerCategorySpec": { - "categoryMap": {}, - "strong": false - } - }, - "autoScaler": null - }`, - desiredJson: `{ - "type": "default", - "selectStrategy": { - "type": "fillCapacityWithCategorySpec", - "workerCategorySpec": { - "categoryMap": {}, - "strong": true - } - }, - "autoScaler": null - }`, - expectedEqual: false, - expectError: false, - }, - { - // This covers a case where a user may use the JSON body from the cURL example - // in Druid documentation (https://druid.apache.org/docs/latest/api-reference/dynamic-configuration-api), - // which includes extra fields that are not supported by Druid anymore. - name: "Incorrect coordinator dynamic config", - currentJson: `{"millisToWaitBeforeDeleting":900000,"mergeBytesLimit":524288000,"mergeSegmentsLimit":100,"maxSegmentsToMove":5,"replicantLifetime":15,"replicationThrottleLimit":10,"balancerComputeThreads":1,"killDataSourceWhitelist":[],"killTaskSlotRatio":0.1,"maxKillTaskSlots":2147483647,"killPendingSegmentsSkipList":[],"maxSegmentsInNodeLoadingQueue":100,"decommissioningNodes":[],"pauseCoordination":false,"replicateAfterLoadTimeout":false,"useRoundRobinSegmentAssignment":true,"smartSegmentLoading":true,"debugDimensions":null}`, - desiredJson: `{ - "millisToWaitBeforeDeleting": 900000, - "mergeBytesLimit": 524288000, - "mergeSegmentsLimit": 100, - "maxSegmentsToMove": 5, - "percentOfSegmentsToConsiderPerMove": 100, - "useBatchedSegmentSampler": false, - "replicantLifetime": 15, - "replicationThrottleLimit": 10, - "balancerComputeThreads": 1, - "emitBalancingStats": false, - "killDataSourceWhitelist": [], - "killAllDataSources": true, - "killPendingSegmentsSkipList": [], - "maxSegmentsInNodeLoadingQueue": 100, - "decommissioningNodes": [], - "decommissioningMaxPercentOfMaxSegmentsToMove": 70, - "pauseCoordination": false, - "replicateAfterLoadTimeout": false, - "maxNonPrimaryReplicantsToLoad": 2147483647 - }`, - expectedEqual: false, - expectError: false, - }, - { - name: "Subset match with nested maps", - currentJson: `{ - "key1": "value1", - "key2": { - "nestedKey1": "nestedValue1", - "nestedKey2": "nestedValue2" - } - }`, - desiredJson: `{ - "key2": { - "nestedKey1": "nestedValue1" - } - }`, - expectedEqual: true, - expectError: false, - }, - { - name: "Mismatch with nested maps", - currentJson: `{ - "key1": "value1", - "key2": { - "nestedKey1": "nestedValue1" - } - }`, - desiredJson: `{ - "key2": { - "nestedKey2": "nestedValue2" - } - }`, - expectedEqual: false, - expectError: false, - }, - { - name: "Subset match with arrays", - currentJson: `{ - "key1": ["value1", "value2", "value3"] - }`, - desiredJson: `{ - "key1": ["value1", "value2"] - }`, - expectedEqual: true, - expectError: false, - }, - { - name: "Mismatch with arrays", - currentJson: `{ - "key1": ["value1", "value2"] - }`, - desiredJson: `{ - "key1": ["value3"] - }`, - expectedEqual: false, - expectError: false, - }, - { - name: "Invalid JSON", - currentJson: `{ - "key1": "value1" - `, - desiredJson: `{ - "key1": "value1" - }`, - expectedEqual: false, - expectError: true, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - equal, err := IncludesJson(test.currentJson, test.desiredJson) - if (err != nil) != test.expectError { - t.Errorf("IncludesJson() error = %v, expectError %v", err, test.expectError) - return - } - if equal != test.expectedEqual { - t.Errorf("IncludesJson() = %v, expectedEqual %v", equal, test.expectedEqual) - } - }) - } -} diff --git a/druid-operator/tutorials/druid-on-kind/README.md b/druid-operator/tutorials/druid-on-kind/README.md deleted file mode 100644 index 3347ae2a1bd6..000000000000 --- a/druid-operator/tutorials/druid-on-kind/README.md +++ /dev/null @@ -1,79 +0,0 @@ - - -# Deploying Druid On KIND - -- In this tutorial, we are going to deploy an Apache Druid cluster on KIND. -- This tutorial can easily run on your local machine. - -## Prerequisites -To follow this tutorial you will need: - -- The [KIND CLI](https://kind.sigs.k8s.io/) installed. -- The KUBECTL CLI installed. -- Docker up and Running. - -## Install Kind Cluster -Create kind cluster on your machine. - -```kind create cluster --name druid``` - -## Install Druid Operator - -- Add Helm Repo -``` -helm repo add datainfra https://charts.datainfra.io -helm repo update -``` - -- Install Operator -``` -# Install Druid operator using Helm -helm -n druid-operator-system upgrade -i --create-namespace cluster-druid-operator datainfra/druid-operator -``` - -## Apply Druid Customer Resource - -- This druid CR runs druid without zookeeper, using druid k8s extension. -- MM less deployment. -- Derby for metadata. -- Minio for deepstorage. - -- Run ```make helm-minio-install ```. This will deploy minio using minio operator. - -- Once the minio pod is up and running in druid namespace, apply the druid CR. -- ```kubectl apply -f tutorials/druid-on-kind/druid-mmless.yaml -n druid``` - -Here's a view of the druid namespace. - -``` -NAMESPACE NAME READY STATUS RESTARTS AGE -druid druid-tiny-cluster-brokers-5ddcb655cf-plq6x 1/1 Running 0 2d -druid druid-tiny-cluster-cold-0 1/1 Running 0 2d -druid druid-tiny-cluster-coordinators-846df8f545-9qrsw 1/1 Running 1 2d -druid druid-tiny-cluster-hot-0 1/1 Running 0 2d -druid druid-tiny-cluster-routers-5c9677bf9d-qk9q7 1/1 Running 0 2d -druid myminio-ss-0-0 2/2 Running 0 2d - -``` - -## Access Router Console - -- Port forward router -- ```kubectl port-forward svc/druid-tiny-cluster-routers 8088 -n druid``` diff --git a/druid-operator/tutorials/druid-on-kind/druid-mmless.yaml b/druid-operator/tutorials/druid-on-kind/druid-mmless.yaml deleted file mode 100644 index ff5b3706326e..000000000000 --- a/druid-operator/tutorials/druid-on-kind/druid-mmless.yaml +++ /dev/null @@ -1,377 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -#------------------------------------------------------------------------- -apiVersion: "druid.apache.org/v1alpha1" -kind: "Druid" -metadata: - name: tiny-cluster -spec: - image: apache/druid:28.0.0 - # Optionally specify image for all nodes. Can be specify on nodes also - # imagePullSecrets: - # - name: tutu - startScript: /druid.sh - scalePvcSts: true - rollingDeploy: true - defaultProbes: false - podLabels: - environment: stage - release: alpha - podAnnotations: - dummy: k8s_extn_needs_atleast_one_annotation - additionalContainer: - - containerName: mysqlconnector - runAsInit: true - image: apache/druid:27.0.0 - command: - - "sh" - - "-c" - - "wget -O /tmp/mysql-connector-j-8.0.32.tar.gz https://downloads.mysql.com/archives/get/p/3/file/mysql-connector-j-8.0.32.tar.gz && cd /tmp && tar -xf /tmp/mysql-connector-j-8.0.32.tar.gz && cp /tmp/mysql-connector-j-8.0.32/mysql-connector-j-8.0.32.jar /opt/druid/extensions/mysql-connector/mysql-connector-java.jar" - volumeMounts: - - name: mysqlconnector - mountPath: "/opt/druid/extensions/mysql-connector" - volumes: - - name: mysqlconnector - emptyDir: {} - volumeMounts: - - name: mysqlconnector - mountPath: "/opt/druid/extensions/mysql-connector" - securityContext: - fsGroup: 0 - runAsUser: 0 - runAsGroup: 0 - containerSecurityContext: - privileged: true - services: - - spec: - type: ClusterIP - clusterIP: None - commonConfigMountPath: "/opt/druid/conf/druid/cluster/_common" - jvm.options: |- - -server - -XX:MaxDirectMemorySize=10240g - -Duser.timezone=UTC - -Dfile.encoding=UTF-8 - -Dlog4j.debug - -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager - log4j.config: |- - - - - - - - - - - - - - - - - - - common.runtime.properties: | - # - # Zookeeper-less Druid Cluster - # - druid.zk.service.enabled=false - druid.discovery.type=k8s - druid.discovery.k8s.clusterIdentifier=druid-it - druid.serverview.type=http - druid.coordinator.loadqueuepeon.type=http - druid.indexer.runner.type=httpRemote - # Metadata Store - druid.metadata.storage.type=derby - druid.metadata.storage.connector.connectURI=jdbc:derby://localhost:1527/var/druid/metadata.db;create=true - druid.metadata.storage.connector.host=localhost - druid.metadata.storage.connector.port=1527 - druid.metadata.storage.connector.createTables=true - # Deep Storage - druid.storage.type=s3 - druid.storage.bucket=druid - druid.storage.baseKey=druid/segments - druid.s3.accessKey=minio - druid.s3.secretKey=minio123 - druid.s3.protocol=http - druid.s3.enabePathStyleAccess=true - druid.s3.endpoint.signingRegion=us-east-1 - druid.s3.enablePathStyleAccess=true - druid.s3.endpoint.url=http://myminio-hl.druid.svc.cluster.local:9000/ - # - # Extensions - # - druid.extensions.loadList=["druid-kubernetes-overlord-extensions", "druid-avro-extensions", "druid-s3-extensions", "druid-hdfs-storage", "druid-kafka-indexing-service", "druid-datasketches", "druid-kubernetes-extensions"] - # - # Service discovery - # - druid.selectors.indexing.serviceName=druid/overlord - druid.selectors.coordinator.serviceName=druid/coordinator - druid.indexer.logs.type=s3 - druid.indexer.logs.s3Bucket=druid - druid.indexer.logs.s3Prefix=druid/indexing-logs - druid.lookup.enableLookupSyncOnStartup=false - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - nodes: - brokers: - # Optionally specify for running broker as Deployment - kind: Deployment - nodeType: "broker" - # Optionally specify for broker nodes - # imagePullSecrets: - # - name: tutu - priorityClassName: system-cluster-critical - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/broker" - replicas: 1 - runtime.properties: | - druid.service=druid/broker - # HTTP server threads - druid.broker.http.numConnections=5 - druid.server.http.numThreads=40 - # Processing threads and buffers - druid.processing.buffer.sizeBytes=25000000 - druid.sql.enable=true - extra.jvm.options: |- - -Xmx512m - -Xms512m - - coordinators: - # Optionally specify for running coordinator as Deployment - kind: Deployment - nodeType: "coordinator" - druid.port: 8088 - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/master/coordinator-overlord" - replicas: 1 - runtime.properties: | - druid.service=druid/coordinator - # HTTP server threads - druid.coordinator.startDelay=PT30S - druid.coordinator.period=PT30S - # Configure this coordinator to also run as Overlord - druid.coordinator.asOverlord.enabled=true - druid.coordinator.asOverlord.overlordService=druid/overlord - druid.indexer.queue.startDelay=PT30S - druid.indexer.runner.capacity: 2 - druid.indexer.runner.namespace: druid - druid.indexer.runner.type: k8s - druid.indexer.task.encapsulatedTask: true - extra.jvm.options: |- - -Xmx800m - -Xms800m - - hot: - nodeType: "historical" - druid.port: 8088 - resources: - requests: - memory: "1.5Mi" - cpu: "1" - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - livenessProbe: - failureThreshold: 10 - httpGet: - path: /status/health - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - startUpProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - volumeMounts: - - mountPath: /druid/data/segments - name: hot-volume - volumeClaimTemplates: - - metadata: - name: hot-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: standard - runtime.properties: | - druid.service=druid/hot - druid.server.tier=hot - druid.server.priority=1 - druid.processing.buffer.sizeBytes=25000000 - druid.processing.numThreads=2 - # Segment storage - druid.segmentCache.locations=[{"path":"/druid/data/segments","maxSize":1000000000}] - druid.server.maxSize=1000000000 - extra.jvm.options: |- - -Xmx512m - -Xms512m - - cold: - nodeType: "historical" - druid.port: 8088 - resources: - requests: - memory: "0.5Mi" - cpu: "0.5" - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/data/historical" - replicas: 1 - livenessProbe: - failureThreshold: 10 - httpGet: - path: /status/health - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - startUpProbe: - failureThreshold: 20 - httpGet: - path: /druid/historical/v1/loadstatus - port: 8088 - initialDelaySeconds: 60 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 10 - volumeMounts: - - mountPath: /druid/data/segments - name: cold-volume - volumeClaimTemplates: - - metadata: - name: cold-volume - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - storageClassName: standard - runtime.properties: | - druid.service=druid/cold - druid.server.tier=cold - druid.server.priority=0 - druid.processing.buffer.sizeBytes=25000000 - druid.processing.numThreads=2 - # Segment storage - druid.segmentCache.locations=[{"path":"/druid/data/segments","maxSize":2000000000}] - druid.server.maxSize=2000000000 - extra.jvm.options: |- - -Xmx512m - -Xms512m - - routers: - nodeType: "router" - druid.port: 8088 - kind: Deployment - services: - - spec: - type: ClusterIP - clusterIP: None - nodeConfigMountPath: "/opt/druid/conf/druid/cluster/query/router" - replicas: 1 - runtime.properties: | - druid.service=druid/router - # HTTP proxy - druid.router.http.numConnections=50 - druid.router.http.readTimeout=PT5M - druid.router.http.numMaxThreads=100 - druid.server.http.numThreads=100 - # Service discovery - druid.router.defaultBrokerServiceName=druid/broker - druid.router.coordinatorServiceName=druid/coordinator - # Management proxy to coordinator / overlord: required for unified web console. - druid.router.managementProxy.enabled=true ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: druid-cluster -rules: -- apiGroups: - - "" - resources: - - pods - - configmaps - verbs: - - '*' -- apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["get", "watch", "list", "delete", "create"] -- apiGroups: [""] - resources: ["pods", "pods/log"] - verbs: ["get", "watch", "list", "delete", "create"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: druid-cluster -subjects: -- kind: ServiceAccount - name: default -roleRef: - kind: Role - name: druid-cluster - apiGroup: rbac.authorization.k8s.io diff --git a/pom.xml b/pom.xml index b631bc4a9f04..38edd13ff42b 100644 --- a/pom.xml +++ b/pom.xml @@ -2363,7 +2363,6 @@ **/.project **/*.iq **/*.iq.out - **/*.sum