diff --git a/.DS_Store b/.DS_Store
index 35381ca..9adc2af 100644
Binary files a/.DS_Store and b/.DS_Store differ
diff --git a/app-of-apps/bookstack.yaml b/app-of-apps/bookstack.yaml
new file mode 100644
index 0000000..96c8e2d
--- /dev/null
+++ b/app-of-apps/bookstack.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: bookstack
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: bookstack
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: bookstack
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/fileserver.yaml b/app-of-apps/fileserver.yaml
new file mode 100644
index 0000000..27874cf
--- /dev/null
+++ b/app-of-apps/fileserver.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: fileserver
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: fileserver
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: fileserver
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/forum.yaml b/app-of-apps/forum.yaml
new file mode 100644
index 0000000..4a7e502
--- /dev/null
+++ b/app-of-apps/forum.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: forum
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: forum
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: forum
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/guacamole.yaml b/app-of-apps/guacamole.yaml
new file mode 100644
index 0000000..c0509a9
--- /dev/null
+++ b/app-of-apps/guacamole.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: guacamole
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: guacamole
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: guacamole
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/jellyfin.yaml b/app-of-apps/jellyfin.yaml
new file mode 100644
index 0000000..c0d09de
--- /dev/null
+++ b/app-of-apps/jellyfin.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: fellyfin
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: fellyfin
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: fellyfin
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/jitsi.yaml b/app-of-apps/jitsi.yaml
new file mode 100644
index 0000000..ee1f6ec
--- /dev/null
+++ b/app-of-apps/jitsi.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: jitsi
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: jitsi
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: jitsi
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/kubevirt.yaml b/app-of-apps/kubevirt.yaml
new file mode 100644
index 0000000..371337d
--- /dev/null
+++ b/app-of-apps/kubevirt.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: kubevirt
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: kubevirt
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: kubevirt
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/logging.yaml b/app-of-apps/logging.yaml
new file mode 100644
index 0000000..455ca4b
--- /dev/null
+++ b/app-of-apps/logging.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: logging
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: logging
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: logging
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/mail.yaml b/app-of-apps/mail.yaml
new file mode 100644
index 0000000..cffd21b
--- /dev/null
+++ b/app-of-apps/mail.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: mail
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: mail
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: mail
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/matrix.yaml b/app-of-apps/matrix.yaml
new file mode 100644
index 0000000..2af3133
--- /dev/null
+++ b/app-of-apps/matrix.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: matrix
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: matrix
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: matrix
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/nextcloud.yaml b/app-of-apps/nextcloud.yaml
new file mode 100644
index 0000000..a0ab419
--- /dev/null
+++ b/app-of-apps/nextcloud.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: nextcloud
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: nextcloud
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: nextcloud
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/paperless.yaml b/app-of-apps/paperless.yaml
new file mode 100644
index 0000000..068a5c8
--- /dev/null
+++ b/app-of-apps/paperless.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: paperless
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: paperless
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: paperless
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/vaultwarden.yaml b/app-of-apps/vaultwarden.yaml
new file mode 100644
index 0000000..e217c18
--- /dev/null
+++ b/app-of-apps/vaultwarden.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: vaultwarden
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: vaultwarden
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: vaultwarden
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/app-of-apps/wordpress.yaml b/app-of-apps/wordpress.yaml
new file mode 100644
index 0000000..648d2d0
--- /dev/null
+++ b/app-of-apps/wordpress.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: wordpress
+ namespace: argocd
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ destination:
+ namespace: wordpress
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: wordpress
+ repoURL: https://build-node.undercloud.local/Undercloud/k8s-apps.git
+ targetRevision: HEAD
\ No newline at end of file
diff --git a/bookstack/README.md b/bookstack/README.md
new file mode 100644
index 0000000..0eb1d2b
--- /dev/null
+++ b/bookstack/README.md
@@ -0,0 +1,10 @@
+# Bookstack
+## Wiki
+
+BookStack is a simple, self-hosted, easy-to-use platform for organising and storing information.
+
+improvements:
+smtp settings
+metrics
+liveness probes
+resource limits
\ No newline at end of file
diff --git a/bookstack/adminer.yaml b/bookstack/adminer.yaml
new file mode 100644
index 0000000..e1fb557
--- /dev/null
+++ b/bookstack/adminer.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: adminer
+ namespace: bookstack
+ labels:
+ app: adminer
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: adminer
+ template:
+ metadata:
+ labels:
+ app: adminer
+ spec:
+ containers:
+ - name: adminer
+ image: adminer
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: ADMINER_DEFAULT_SERVER
+ value: db
+ ports:
+ - containerPort: 8080
+ protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: adminer
+ namespace: bookstack
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ ports:
+ - name: http
+ port: 8080
+ protocol: TCP
+ targetPort: 8080
+ selector:
+ app: adminer
+ sessionAffinity: None
+ type: ClusterIP
diff --git a/bookstack/backupSchedule.yaml b/bookstack/backupSchedule.yaml
new file mode 100644
index 0000000..72f995b
--- /dev/null
+++ b/bookstack/backupSchedule.yaml
@@ -0,0 +1,140 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: bookstack-backup-csi-hourly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 15-22 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - bookstack
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 8h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: bookstack-backup-csi-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - bookstack
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: bookstack-backup-csi-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - bookstack
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: bookstack-backup-restic-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - bookstack
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: bookstack-backup-restic-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - bookstack
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: bookstack-backup-restic-monthly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 1 * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - bookstack
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 4380h0m0s
\ No newline at end of file
diff --git a/bookstack/bookstack.yaml b/bookstack/bookstack.yaml
new file mode 100644
index 0000000..d2327ef
--- /dev/null
+++ b/bookstack/bookstack.yaml
@@ -0,0 +1,307 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: env
+ namespace: bookstack
+data:
+ # file-like keys
+ .env: |
+ #from configmap
+ # This file, when named as ".env" in the root of your BookStack install
+ # folder, is used for the core configuration of the application.
+ # By default this file contains the most common required options but
+ # a full list of options can be found in the '.env.example.complete' file.
+
+ # NOTE: If any of your values contain a space or a hash you will need to
+ # wrap the entire value in quotes. (eg. MAIL_FROM_NAME="BookStack Mailer")
+
+ # Use dark mode by default
+ # Will be overridden by any existing user/session preference.
+ APP_DEFAULT_DARK_MODE=true
+
+ # Application key
+ # Used for encryption where needed.
+ # Run `php artisan key:generate` to generate a valid key.
+ APP_KEY=base64:Gvel4j1kfhBBoT7aho5ibdozSkf7BwB/4vDfSbMTkiU=
+
+ # Application URL
+ # This must be the root URL that you want to host BookStack on.
+ # All URLs in BookStack will be generated using this value
+ # to ensure URLs generated are consistent and secure.
+ # If you change this in the future you may need to run a command
+ # to update stored URLs in the database. Command example:
+ # php artisan bookstack:update-url https://old.example.com https://new.example.com
+ APP_URL=https://bookstack.undercloud.cf
+
+ # Database details
+ DB_HOST='db'
+ DB_PORT='3306'
+ DB_DATABASE='bookstack'
+ DB_USERNAME='bookstack'
+ DB_PASSWORD='verysecurePWDBbookstackbookstack'
+
+ # Mail system to use
+ # Can be 'smtp' or 'sendmail'
+ MAIL_DRIVER=smtp
+
+ # Mail sender details
+ MAIL_FROM_NAME="BookStack"
+ MAIL_FROM=bookstack@example.com
+
+ # SMTP mail options
+ # These settings can be checked using the "Send a Test Email"
+ # feature found in the "Settings > Maintenance" area of the system.
+ MAIL_HOST=localhost
+ MAIL_PORT=1025
+ MAIL_USERNAME=null
+ MAIL_PASSWORD=null
+ MAIL_ENCRYPTION=null
+
+
+
+ # General auth
+ #AUTH_METHOD=ldap
+ AUTH_METHOD=standard
+
+ # The LDAP host, Adding a port is optional
+ #LDAP_SERVER=example.com:389
+ # If using LDAP over SSL you should also define the protocol:
+ LDAP_SERVER=ldaps://ldap.undercloud.cf:636
+
+ # The base DN from where users will be searched within
+ LDAP_BASE_DN="ou=users,dc=undercloud,dc=cf"
+
+ # The full DN and password of the user used to search the server
+ # Can both be left as 'false' (without quotes) to bind anonymously
+ LDAP_DN="cn=bookstack,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf"
+ LDAP_PASS="thisismysecureLDAPPWbookstack"
+
+ # A filter to use when searching for users
+ # The user-provided user-name used to replace any occurrences of '${user}'
+ # If you're setting this option via other means, such as within a docker-compose.yml,
+ # you may need escape the $, often using $$ or \$ instead.
+ # Note: This option cannot be used with the docker-compose.yml `env_file` option.
+ LDAP_USER_FILTER=(&(uid=${user}))
+
+ # Set the LDAP version to use when connecting to the server
+ # Should be set to 3 in most cases.
+ LDAP_VERSION=3
+
+ # Set the property to use as a unique identifier for this user.
+ # Stored and used to match LDAP users with existing BookStack users.
+ # Prefixing the value with 'BIN;' will assume the LDAP service provides the attribute value as
+ # binary data and BookStack will convert the value to a hexidecimal representation.
+ # Defaults to 'uid'.
+ LDAP_ID_ATTRIBUTE=uid
+
+ # Set the default 'email' attribute. Defaults to 'mail'
+ LDAP_EMAIL_ATTRIBUTE=mail
+
+ # Set the property to use for a user's display name. Defaults to 'cn'
+ LDAP_DISPLAY_NAME_ATTRIBUTE=cn
+
+ # Set the attribute to use for the user's avatar image.
+ # Must provide JPEG binary image data.
+ # Will be used upon login or registration when the user doesn't
+ # already have an avatar image set.
+ # Remove this option or set to 'null' to disable LDAP avatar import.
+ LDAP_THUMBNAIL_ATTRIBUTE=jpegphoto
+
+ # Force TLS to be used for LDAP communication.
+ # Use this if you can but your LDAP support will need to support it and
+ # you may need to import your certificate to the BookStack host machine.
+ # Defaults to 'false'.
+ LDAP_START_TLS=false
+
+ # If you need to allow untrusted LDAPS certificates, add the below and uncomment (remove the #)
+ # Only set this option if debugging or you're absolutely sure it's required for your setup.
+ # If using php-fpm, you may want to restart it after changing this option to avoid instability.
+ LDAP_TLS_INSECURE=true
+
+ # If you need to debug the details coming from your LDAP server, add the below and uncomment (remove the #)
+ # Only set this option if debugging since it will block logins and potentially show private details.
+ #LDAP_DUMP_USER_DETAILS=true
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: startup
+ namespace: bookstack
+data:
+ startup.sh: |
+ #!/bin/sh
+ echo "startup..."
+ #if test ! -f "/config/startup.ran"; then
+ # touch /config/startup.ran
+ cp -f /mnt/.env /config/www/.env
+ #else
+ # echo "startup ran already!"
+ #fi
+ echo "startup done."
+ #exit 123
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: bookstack
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: bookstack
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: bookstack-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: bookstack
+ namespace: bookstack
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 32Gi
+ storageClassName: bookstack
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: bookstack
+ namespace: bookstack
+ labels:
+ app: bookstack
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: bookstack
+ template:
+ metadata:
+ labels:
+ app: bookstack
+ spec:
+ dnsConfig:
+ options:
+ - name: ndots
+ value: "1"
+ initContainers:
+ - name: copyappini
+ image: linuxserver/bookstack:23.05.2
+ command: ['/bin/startup.sh']
+ volumeMounts:
+ - mountPath: "/config"
+ name: bookstack
+ - mountPath: "/mnt/.env"
+ name: env
+ subPath: .env
+ - mountPath: /bin/startup.sh
+ name: startup
+ subPath: startup.sh
+ containers:
+ - name: bookstack
+ image: linuxserver/bookstack:23.05.2
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 80
+ #lifecycle:
+ # postStart:
+ # exec:
+ # command:
+ # - "/bin/startup.sh"
+ #livenessProbe:
+ # httpGet:
+ # path: /status
+ # port: 80
+ # #httpHeaders:
+ # #- name: Custom-Header
+ # # value: Awesome
+ # initialDelaySeconds: 120
+ # periodSeconds: 10
+ env:
+ - name: PUID
+ value: "1000"
+ - name: PGID
+ value: "1000"
+ - name: DB_HOST
+ value: "db"
+ - name: DB_PORT
+ value: "3306"
+ - name: APP_URL
+ value: "https://bookstack.undercloud.cf"
+ - name: DB_USER
+ valueFrom:
+ secretKeyRef:
+ name: bookstack-db
+ key: username
+ optional: false
+ - name: DB_PASS
+ valueFrom:
+ secretKeyRef:
+ name: bookstack-db
+ key: user.pw
+ optional: false
+ - name: DB_DATABASE
+ value: "bookstack"
+ volumeMounts:
+ - mountPath: "/config"
+ name: bookstack
+ volumes:
+ - name: bookstack
+ persistentVolumeClaim:
+ claimName: bookstack
+ - name: env
+ configMap:
+ name: env
+ defaultMode: 0777
+ items:
+ - key: ".env"
+ path: ".env"
+ - name: startup
+ configMap:
+ name: startup
+ defaultMode: 0700
+ items:
+ - key: "startup.sh"
+ path: "startup.sh"
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: bookstack
+ namespace: bookstack
+ labels:
+ app: bookstack
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 80
+ selector:
+ app: bookstack
+ sessionAffinity: None
+ type: ClusterIP
diff --git a/bookstack/db.yaml b/bookstack/db.yaml
new file mode 100644
index 0000000..6a93e9d
--- /dev/null
+++ b/bookstack/db.yaml
@@ -0,0 +1,216 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: bookstack-db
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: bookstack
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: bookstack-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db
+ namespace: bookstack
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 16Gi
+ storageClassName: bookstack-db
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db
+ namespace: bookstack
+ labels:
+ app: db
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db
+ template:
+ metadata:
+ labels:
+ app: db
+ spec:
+ containers:
+ - name: db
+ image: mariadb:10.5
+ imagePullPolicy: "IfNotPresent"
+ ports:
+ - name: mysql
+ containerPort: 3306
+ env:
+ - name: MARIADB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: bookstack-db
+ key: root.pw
+ - name: MARIADB_USER
+ valueFrom:
+ secretKeyRef:
+ name: bookstack-db
+ key: username
+ optional: false
+ - name: MARIADB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: bookstack-db
+ key: user.pw
+ optional: false
+ - name: MARIADB_DATABASE
+ value: bookstack
+ #livenessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 120
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ #readinessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 30
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ volumeMounts:
+ - mountPath: /var/lib/mysql
+ name: data
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: db
+ readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: db
+ namespace: bookstack
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ ports:
+ - name: mysql
+ port: 3306
+ protocol: TCP
+ targetPort: 3306
+ selector:
+ app: db
+ sessionAffinity: None
+ type: ClusterIP
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: bookstack-db-backup
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: bookstack
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: bookstack-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db-backup
+ namespace: bookstack
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 10Gi
+ storageClassName: bookstack-db-backup
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db-backup
+ namespace: bookstack
+ labels:
+ app: db-backup
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db-backup
+ template:
+ metadata:
+ labels:
+ app: db-backup
+ spec:
+ containers:
+ - name: db-backup
+ image: rsprta/mariadb-backup
+ imagePullPolicy: "IfNotPresent"
+ env:
+ - name: CRON_TIMER
+ value: "@daily"
+ - name: MARIADB_HOST
+ value: db
+ - name: MARIADB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: bookstack-db
+ key: root.pw
+ - name: MARIADB_USER
+ value: root
+ - name: MARIADB_PORT
+ value: "3306"
+ volumeMounts:
+ - mountPath: /backup
+ name: backup
+ volumes:
+ - name: backup
+ persistentVolumeClaim:
+ claimName: db-backup
+ readOnly: false
\ No newline at end of file
diff --git a/bookstack/filesystem.yaml b/bookstack/filesystem.yaml
new file mode 100644
index 0000000..a091613
--- /dev/null
+++ b/bookstack/filesystem.yaml
@@ -0,0 +1,42 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+ name: bookstack
+ namespace: rook-ceph
+spec:
+ metadataPool:
+ failureDomain: host
+ replicated:
+ size: 3
+ dataPools:
+ - name: replicated
+ failureDomain: host
+ replicated:
+ size: 3
+ preserveFilesystemOnDelete: false
+ metadataServer:
+ activeCount: 1
+ activeStandby: true
+ placement:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - mds-node
+ tolerations:
+ - key: node-role.kubernetes.io/storage-node
+ operator: Exists
+ effect: NoSchedule
+ # podAffinity:
+ # podAntiAffinity:
+ # topologySpreadConstraints:
+ #resources:
+ # limits:
+ # cpu: "80m"
+ # memory: "1024Mi"
+ # requests:
+ # cpu: "500m"
+ # memory: "1024Mi"
\ No newline at end of file
diff --git a/bookstack/ingress.yaml b/bookstack/ingress.yaml
new file mode 100644
index 0000000..d5d651d
--- /dev/null
+++ b/bookstack/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: bookstack
+ namespace: bookstack
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - bookstack.undercloud.cf
+ secretName: bookstack-tls
+ rules:
+ - host: bookstack.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: bookstack
+ port:
+ number: 80
\ No newline at end of file
diff --git a/bookstack/namespace.yaml b/bookstack/namespace.yaml
new file mode 100644
index 0000000..51b5a2d
--- /dev/null
+++ b/bookstack/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: bookstack
+ labels:
+ prometheus: prometheus
\ No newline at end of file
diff --git a/bookstack/secrets.yaml b/bookstack/secrets.yaml
new file mode 100644
index 0000000..6eb28cd
--- /dev/null
+++ b/bookstack/secrets.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: bookstack-db
+ namespace: bookstack
+type: Opaque
+data:
+ root.pw: dmVyeXNlY3VyZVBXREJib29rc3RhY2tyb290
+ username: Ym9va3N0YWNr
+ user.pw: dmVyeXNlY3VyZVBXREJib29rc3RhY2tib29rc3RhY2s=
\ No newline at end of file
diff --git a/fileserver/README.md b/fileserver/README.md
new file mode 100644
index 0000000..c150f94
--- /dev/null
+++ b/fileserver/README.md
@@ -0,0 +1,16 @@
+# Fileserver
+## samba + filebrowser + csi-smb-driver
+
+csi-smb
+makes it possible to use SMB shares as kubernetes volumes (volume claims etc)
+
+### improvements:
+samba
+ldap integration
+metrics
+liveness probes
+resource limits
+
+filebrowser
+automatically change password
+ldap inntegration
\ No newline at end of file
diff --git a/fileserver/backupSchedule.yaml b/fileserver/backupSchedule.yaml
new file mode 100644
index 0000000..5bfef43
--- /dev/null
+++ b/fileserver/backupSchedule.yaml
@@ -0,0 +1,140 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: fileserver-backup-csi-hourly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 15-22 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - fileserver
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 8h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: fileserver-backup-csi-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - fileserver
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: fileserver-backup-csi-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - fileserver
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: fileserver-backup-restic-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - fileserver
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: fileserver-backup-restic-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - fileserver
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: fileserver-backup-restic-monthly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 1 * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - fileserver
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 4380h0m0s
\ No newline at end of file
diff --git a/fileserver/csi-driver.yaml b/fileserver/csi-driver.yaml
new file mode 100644
index 0000000..c81533a
--- /dev/null
+++ b/fileserver/csi-driver.yaml
@@ -0,0 +1,7 @@
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+ name: smb.csi.k8s.io
+spec:
+ attachRequired: false
+ podInfoOnMount: true
\ No newline at end of file
diff --git a/fileserver/csi-smb-controller.yaml b/fileserver/csi-smb-controller.yaml
new file mode 100644
index 0000000..026316e
--- /dev/null
+++ b/fileserver/csi-smb-controller.yaml
@@ -0,0 +1,108 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: csi-smb-controller
+ namespace: fileserver
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: csi-smb-controller
+ template:
+ metadata:
+ labels:
+ app: csi-smb-controller
+ spec:
+ dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+ serviceAccountName: csi-smb-controller-sa
+ nodeSelector:
+ kubernetes.io/os: linux
+ priorityClassName: system-cluster-critical
+ tolerations:
+ - key: "node-role.kubernetes.io/master"
+ operator: "Exists"
+ effect: "NoSchedule"
+ - key: "node-role.kubernetes.io/controlplane"
+ operator: "Exists"
+ effect: "NoSchedule"
+ - key: "node-role.kubernetes.io/control-plane"
+ operator: "Exists"
+ effect: "NoSchedule"
+ containers:
+ - name: csi-provisioner
+ image: registry.k8s.io/sig-storage/csi-provisioner:v3.2.0
+ args:
+ - "-v=2"
+ - "--csi-address=$(ADDRESS)"
+ - "--leader-election"
+ - "--leader-election-namespace=kube-system"
+ - "--extra-create-metadata=true"
+ env:
+ - name: ADDRESS
+ value: /csi/csi.sock
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+ resources:
+ limits:
+ cpu: 1
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ - name: liveness-probe
+ image: registry.k8s.io/sig-storage/livenessprobe:v2.7.0
+ args:
+ - --csi-address=/csi/csi.sock
+ - --probe-timeout=3s
+ - --health-port=29642
+ - --v=2
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ resources:
+ limits:
+ cpu: 1
+ memory: 100Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ - name: smb
+ image: registry.k8s.io/sig-storage/smbplugin:v1.9.0
+ imagePullPolicy: IfNotPresent
+ args:
+ - "--v=5"
+ - "--endpoint=$(CSI_ENDPOINT)"
+ - "--metrics-address=0.0.0.0:29644"
+ ports:
+ - containerPort: 29642
+ name: healthz
+ protocol: TCP
+ - containerPort: 29644
+ name: metrics
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 5
+ httpGet:
+ path: /healthz
+ port: healthz
+ initialDelaySeconds: 30
+ timeoutSeconds: 10
+ periodSeconds: 30
+ env:
+ - name: CSI_ENDPOINT
+ value: unix:///csi/csi.sock
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+ resources:
+ limits:
+ memory: 200Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ volumes:
+ - name: socket-dir
+ emptyDir: {}
\ No newline at end of file
diff --git a/fileserver/csi-smb-node.yaml b/fileserver/csi-smb-node.yaml
new file mode 100644
index 0000000..14d7e20
--- /dev/null
+++ b/fileserver/csi-smb-node.yaml
@@ -0,0 +1,128 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: csi-smb-node
+ namespace: fileserver
+spec:
+ updateStrategy:
+ rollingUpdate:
+ maxUnavailable: 1
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ app: csi-smb-node
+ template:
+ metadata:
+ labels:
+ app: csi-smb-node
+ spec:
+ hostNetwork: true
+ dnsPolicy: Default # available values: Default, ClusterFirstWithHostNet, ClusterFirst
+ serviceAccountName: csi-smb-node-sa
+ nodeSelector:
+ kubernetes.io/os: linux
+ priorityClassName: system-node-critical
+ tolerations:
+ - operator: "Exists"
+ containers:
+ - name: liveness-probe
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+ image: registry.k8s.io/sig-storage/livenessprobe:v2.7.0
+ args:
+ - --csi-address=/csi/csi.sock
+ - --probe-timeout=3s
+ - --health-port=29643
+ - --v=2
+ resources:
+ limits:
+ memory: 100Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ - name: node-driver-registrar
+ image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.5.1
+ args:
+ - --csi-address=$(ADDRESS)
+ - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+ - --v=2
+ livenessProbe:
+ exec:
+ command:
+ - /csi-node-driver-registrar
+ - --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
+ - --mode=kubelet-registration-probe
+ initialDelaySeconds: 30
+ timeoutSeconds: 15
+ env:
+ - name: ADDRESS
+ value: /csi/csi.sock
+ - name: DRIVER_REG_SOCK_PATH
+ value: /var/lib/kubelet/plugins/smb.csi.k8s.io/csi.sock
+ volumeMounts:
+ - name: socket-dir
+ mountPath: /csi
+ - name: registration-dir
+ mountPath: /registration
+ resources:
+ limits:
+ memory: 100Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ - name: smb
+ image: registry.k8s.io/sig-storage/smbplugin:v1.9.0
+ imagePullPolicy: IfNotPresent
+ args:
+ - "--v=5"
+ - "--endpoint=$(CSI_ENDPOINT)"
+ - "--nodeid=$(KUBE_NODE_NAME)"
+ - "--metrics-address=0.0.0.0:29645"
+ ports:
+ - containerPort: 29643
+ name: healthz
+ protocol: TCP
+ livenessProbe:
+ failureThreshold: 5
+ httpGet:
+ path: /healthz
+ port: healthz
+ initialDelaySeconds: 30
+ timeoutSeconds: 10
+ periodSeconds: 30
+ env:
+ - name: CSI_ENDPOINT
+ value: unix:///csi/csi.sock
+ - name: KUBE_NODE_NAME
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: spec.nodeName
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /csi
+ name: socket-dir
+ - mountPath: /var/lib/kubelet/
+ mountPropagation: Bidirectional
+ name: mountpoint-dir
+ resources:
+ limits:
+ memory: 200Mi
+ requests:
+ cpu: 10m
+ memory: 20Mi
+ volumes:
+ - hostPath:
+ path: /var/lib/kubelet/plugins/smb.csi.k8s.io
+ type: DirectoryOrCreate
+ name: socket-dir
+ - hostPath:
+ path: /var/lib/kubelet/
+ type: DirectoryOrCreate
+ name: mountpoint-dir
+ - hostPath:
+ path: /var/lib/kubelet/plugins_registry/
+ type: DirectoryOrCreate
+ name: registration-dir
diff --git a/fileserver/csi-smb-rbac.yaml b/fileserver/csi-smb-rbac.yaml
new file mode 100644
index 0000000..d60a77d
--- /dev/null
+++ b/fileserver/csi-smb-rbac.yaml
@@ -0,0 +1,55 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: csi-smb-controller-sa
+ namespace: fileserver
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: csi-smb-node-sa
+ namespace: fileserver
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: smb-external-provisioner-role
+rules:
+ - apiGroups: [""]
+ resources: ["persistentvolumes"]
+ verbs: ["get", "list", "watch", "create", "delete"]
+ - apiGroups: [""]
+ resources: ["persistentvolumeclaims"]
+ verbs: ["get", "list", "watch", "update"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["storageclasses"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["events"]
+ verbs: ["get", "list", "watch", "create", "update", "patch"]
+ - apiGroups: ["storage.k8s.io"]
+ resources: ["csinodes"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get", "list", "watch"]
+ - apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["get", "list", "watch", "create", "update", "patch"]
+ - apiGroups: [""]
+ resources: ["secrets"]
+ verbs: ["get"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: smb-csi-provisioner-binding
+subjects:
+ - kind: ServiceAccount
+ name: csi-smb-controller-sa
+ namespace: fileserver
+roleRef:
+ kind: ClusterRole
+ name: smb-external-provisioner-role
+ apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/fileserver/filebrowser.yaml b/fileserver/filebrowser.yaml
new file mode 100644
index 0000000..64c86c9
--- /dev/null
+++ b/fileserver/filebrowser.yaml
@@ -0,0 +1,122 @@
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: filebrowser
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: fileserver
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: fileserver-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+#apiVersion: v1
+#kind: PersistentVolumeClaim
+#metadata:
+# name: filebrowser
+# namespace: fileserver
+#spec:
+# accessModes:
+# - ReadWriteMany
+# resources:
+# requests:
+# storage: 2Gi
+# storageClassName: filebrowser
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: filebrowser-db
+ namespace: fileserver
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 4Gi
+ storageClassName: filebrowser
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: filebrowser
+ namespace: fileserver
+ labels:
+ app: filebrowser
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: filebrowser
+ template:
+ metadata:
+ labels:
+ app: filebrowser
+ spec:
+ initContainers:
+ - name: createfile
+ image: debian
+ command: ["bash", "-c", "touch /database/database.db && ls -la /database"]
+ volumeMounts:
+ - mountPath: "/database/"
+ name: filebrowser-db
+ containers:
+ - name: filebrowser
+ image: filebrowser/filebrowser
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - mountPath: "/srv"
+ name: filebrowser
+ - mountPath: "/database.db"
+ name: filebrowser-db
+ subPath: database.db
+ volumes:
+ - name: filebrowser
+ persistentVolumeClaim:
+ claimName: samba
+ - name: filebrowser-db
+ persistentVolumeClaim:
+ claimName: filebrowser-db
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: filebrowser
+ namespace: fileserver
+ labels:
+ app: filebrowser
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 80
+ selector:
+ app: filebrowser
+ sessionAffinity: None
+ type: ClusterIP
diff --git a/fileserver/filesystem.yaml b/fileserver/filesystem.yaml
new file mode 100644
index 0000000..fb693b7
--- /dev/null
+++ b/fileserver/filesystem.yaml
@@ -0,0 +1,42 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+ name: fileserver
+ namespace: rook-ceph
+spec:
+ metadataPool:
+ failureDomain: host
+ replicated:
+ size: 3
+ dataPools:
+ - name: replicated
+ failureDomain: host
+ replicated:
+ size: 3
+ preserveFilesystemOnDelete: false
+ metadataServer:
+ activeCount: 1
+ activeStandby: true
+ placement:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - mds-node
+ tolerations:
+ - key: node-role.kubernetes.io/storage-node
+ operator: Exists
+ effect: NoSchedule
+ # podAffinity:
+ # podAntiAffinity:
+ # topologySpreadConstraints:
+ #resources:
+ # limits:
+ # cpu: "80m"
+ # memory: "1024Mi"
+ # requests:
+ # cpu: "500m"
+ # memory: "1024Mi"
\ No newline at end of file
diff --git a/fileserver/ingress.yaml b/fileserver/ingress.yaml
new file mode 100644
index 0000000..587bd7f
--- /dev/null
+++ b/fileserver/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: fileserver
+ namespace: fileserver
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - fileserver.undercloud.cf
+ secretName: fileserver-tls
+ rules:
+ - host: fileserver.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: filebrowser
+ port:
+ number: 80
\ No newline at end of file
diff --git a/fileserver/namespace.yaml b/fileserver/namespace.yaml
new file mode 100644
index 0000000..2b3e07c
--- /dev/null
+++ b/fileserver/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: fileserver
+ labels:
+ prometheus: prometheus
\ No newline at end of file
diff --git a/fileserver/samba.yaml b/fileserver/samba.yaml
new file mode 100644
index 0000000..3ffdf1b
--- /dev/null
+++ b/fileserver/samba.yaml
@@ -0,0 +1,119 @@
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: samba
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: fileserver
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: fileserver-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: samba
+ namespace: fileserver
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 64Gi
+ storageClassName: samba
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: samba
+ namespace: fileserver
+ labels:
+ app: samba
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: samba
+ template:
+ metadata:
+ labels:
+ app: samba
+ spec:
+ initContainers:
+ - name: createfolders
+ image: dperson/samba
+ command: ["bash", "-c", "mkdir -p /data/music && mkdir -p /data/movies && mkdir -p /data/tvshows"]
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ containers:
+ - name: samba
+ image: dperson/samba
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 139
+ - containerPort: 445
+ env:
+ - name: SHARE
+ value: "data;/data"
+ - name: SHARE2
+ value: "music;/music"
+ - name: SHARE3
+ value: "movies;/movies"
+ - name: SHARE4
+ value: "tvshows;/tvshows"
+ - name: USER
+ value: "admin;4IsTheMindKiller"
+ volumeMounts:
+ - mountPath: "/data"
+ name: data
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: samba
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: samba
+ namespace: fileserver
+ labels:
+ app: samba
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ - name: smb1
+ port: 139
+ protocol: TCP
+ targetPort: 139
+ - name: smb2
+ port: 445
+ protocol: TCP
+ targetPort: 445
+ selector:
+ app: samba
+ sessionAffinity: None
+ type: ClusterIP
diff --git a/forum/README.md b/forum/README.md
new file mode 100644
index 0000000..5fe750f
--- /dev/null
+++ b/forum/README.md
@@ -0,0 +1,20 @@
+# Forum
+## phpbb
+
+phpBB is a free flat-forum bulletin board software solution that can be used to stay in touch with a group of people or can power your entire website. With an extensive database of user-created extensions and styles database containing hundreds of style and image packages to customise your board, you can create a very unique forum in minutes.
+
+improvements:
+ metrics (see https://git.app.uib.no/caleno/helm-charts/-/blob/master/stable/phpbb/templates/deployment.yaml)
+ health probes (see https://git.app.uib.no/caleno/helm-charts/-/blob/master/stable/phpbb/templates/deployment.yaml)
+ automate deployment
+ change logo
+ create boards and forums
+ dark theme / cyberpunk theme
+ smtp setup
+ create users
+ disable registration
+ enable ldap
+ resource limits
+
+ metrics:
+ there is a metrics exporter
\ No newline at end of file
diff --git a/forum/backupSchedule.yaml b/forum/backupSchedule.yaml
new file mode 100644
index 0000000..f192b93
--- /dev/null
+++ b/forum/backupSchedule.yaml
@@ -0,0 +1,140 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: forum-backup-csi-hourly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 15-22 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - forum
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 8h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: forum-backup-csi-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - forum
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: forum-backup-csi-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - forum
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: forum-backup-restic-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - forum
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: forum-backup-restic-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - forum
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: forum-backup-restic-monthly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 1 * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - forum
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 4380h0m0s
\ No newline at end of file
diff --git a/forum/db.yaml b/forum/db.yaml
new file mode 100644
index 0000000..3d04ec7
--- /dev/null
+++ b/forum/db.yaml
@@ -0,0 +1,216 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: forum-db
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: forum
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: forum-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db
+ namespace: forum
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 8Gi
+ storageClassName: forum-db
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db
+ namespace: forum
+ labels:
+ app: db
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db
+ template:
+ metadata:
+ labels:
+ app: db
+ spec:
+ containers:
+ - name: db
+ image: mariadb:10.5
+ imagePullPolicy: "IfNotPresent"
+ ports:
+ - name: mysql
+ containerPort: 3306
+ env:
+ - name: MARIADB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: forum-db
+ key: root.pw
+ - name: MARIADB_USER
+ valueFrom:
+ secretKeyRef:
+ name: forum-db
+ key: username
+ optional: false
+ - name: MARIADB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: forum-db
+ key: user.pw
+ optional: false
+ - name: MARIADB_DATABASE
+ value: phpbb
+ #livenessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 120
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ #readinessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 30
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ volumeMounts:
+ - mountPath: /var/lib/mysql
+ name: data
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: db
+ readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: db
+ namespace: forum
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ ports:
+ - name: mysql
+ port: 3306
+ protocol: TCP
+ targetPort: 3306
+ selector:
+ app: db
+ sessionAffinity: None
+ type: ClusterIP
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: forum-db-backup
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: forum
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: forum-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db-backup
+ namespace: forum
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 8Gi
+ storageClassName: forum-db-backup
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db-backup
+ namespace: forum
+ labels:
+ app: db-backup
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db-backup
+ template:
+ metadata:
+ labels:
+ app: db-backup
+ spec:
+ containers:
+ - name: db-backup
+ image: rsprta/mariadb-backup
+ imagePullPolicy: "IfNotPresent"
+ env:
+ - name: CRON_TIMER
+ value: "@daily"
+ - name: MARIADB_HOST
+ value: db
+ - name: MARIADB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: forum-db
+ key: root.pw
+ - name: MARIADB_USER
+ value: root
+ - name: MARIADB_PORT
+ value: "3306"
+ volumeMounts:
+ - mountPath: /backup
+ name: backup
+ volumes:
+ - name: backup
+ persistentVolumeClaim:
+ claimName: db-backup
+ readOnly: false
\ No newline at end of file
diff --git a/forum/filesystem.yaml b/forum/filesystem.yaml
new file mode 100644
index 0000000..90e8c2a
--- /dev/null
+++ b/forum/filesystem.yaml
@@ -0,0 +1,42 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+ name: forum
+ namespace: rook-ceph
+spec:
+ metadataPool:
+ failureDomain: host
+ replicated:
+ size: 3
+ dataPools:
+ - name: replicated
+ failureDomain: host
+ replicated:
+ size: 3
+ preserveFilesystemOnDelete: false
+ metadataServer:
+ activeCount: 1
+ activeStandby: true
+ placement:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - mds-node
+ tolerations:
+ - key: node-role.kubernetes.io/storage-node
+ operator: Exists
+ effect: NoSchedule
+ # podAffinity:
+ # podAntiAffinity:
+ # topologySpreadConstraints:
+ #resources:
+ # limits:
+ # cpu: "80m"
+ # memory: "1024Mi"
+ # requests:
+ # cpu: "500m"
+ # memory: "1024Mi"
\ No newline at end of file
diff --git a/forum/ingress.yaml b/forum/ingress.yaml
new file mode 100644
index 0000000..b0f51cf
--- /dev/null
+++ b/forum/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: forum
+ namespace: forum
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - forum.undercloud.cf
+ secretName: forum-tls
+ rules:
+ - host: forum.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: phpbb
+ port:
+ number: 80
\ No newline at end of file
diff --git a/forum/namespace.yaml b/forum/namespace.yaml
new file mode 100644
index 0000000..8aa9570
--- /dev/null
+++ b/forum/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: forum
+ labels:
+ prometheus: prometheus
\ No newline at end of file
diff --git a/forum/phpbb.yaml b/forum/phpbb.yaml
new file mode 100644
index 0000000..585b8eb
--- /dev/null
+++ b/forum/phpbb.yaml
@@ -0,0 +1,170 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config
+ namespace: forum
+data:
+ config.php: |
+
+
+ 3
+ false
+ true
+ true
+ true
+ true
+ true
+ true
+
+
+ en
+ US
+
+ .
+ +
+ %
+
+
+ ,
+ &
+ -
+ {
+ }
+ '
+
+
+ the
+ a
+ an
+
+ 5
+ 90
+ 300
+ 5
+ 5
+ 60
+ Legacy
+
+
+ Book
+
+
+
+
+
+
+
+
+ Movie
+
+
+
+
+
+
+
+
+ MusicVideo
+
+
+
+ The Open Movie Database
+
+
+
+ The Open Movie Database
+
+
+
+
+ Series
+
+
+
+
+
+
+
+
+ MusicAlbum
+
+
+
+ TheAudioDB
+
+
+
+
+
+
+ MusicArtist
+
+
+
+ TheAudioDB
+
+
+
+
+
+
+ BoxSet
+
+
+
+
+
+
+
+
+ Season
+
+
+
+
+
+
+
+
+ Episode
+
+
+
+
+
+
+
+
+ true
+
+ en-US
+ false
+
+ 0
+ false
+ false
+ true
+
+
+
+ Jellyfin Stable
+ https://repo.jellyfin.org/releases/plugin/manifest-stable.json
+ true
+
+
+ true
+ 0
+
+ true
+ 500
+
+ *
+
+ 30
+ 0
+ 0
+ false
+ true
+
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: jellyfin
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: jellyfin
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: jellyfin-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: config
+ namespace: jellyfin
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 2Gi
+ storageClassName: jellyfin
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: music-jelly
+ namespace: jellyfin
+spec:
+ storageClassName: ""
+ capacity:
+ storage: 32Gi
+ accessModes:
+ - ReadWriteMany
+ persistentVolumeReclaimPolicy: Retain
+ mountOptions:
+ - dir_mode=0777
+ - file_mode=0777
+ - vers=3.0
+ csi:
+ driver: smb.csi.k8s.io
+ readOnly: false
+ volumeHandle: "music" # make sure it's a unique id in the cluster
+ volumeAttributes:
+ source: "//samba.fileserver.svc.k8aux.undercloud.cf./music"
+ nodeStageSecretRef:
+ name: fileserver-smb-account
+ namespace: jellyfin
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: music
+ namespace: jellyfin
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 30Gi
+ volumeName: music-jelly
+ storageClassName: ""
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: movies
+ namespace: jellyfin
+spec:
+ storageClassName: ""
+ capacity:
+ storage: 32Gi
+ accessModes:
+ - ReadWriteMany
+ persistentVolumeReclaimPolicy: Retain
+ mountOptions:
+ - dir_mode=0777
+ - file_mode=0777
+ - vers=3.0
+ csi:
+ driver: smb.csi.k8s.io
+ readOnly: false
+ volumeHandle: "movies" # make sure it's a unique id in the cluster
+ volumeAttributes:
+ source: "//samba.fileserver.svc.k8aux.undercloud.cf./movies"
+ nodeStageSecretRef:
+ name: fileserver-smb-account
+ namespace: jellyfin
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: tvshows
+ namespace: jellyfin
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 30Gi
+ volumeName: tvshows
+ storageClassName: ""
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: tvshows
+ namespace: jellyfin
+spec:
+ storageClassName: ""
+ capacity:
+ storage: 32Gi
+ accessModes:
+ - ReadWriteMany
+ persistentVolumeReclaimPolicy: Retain
+ mountOptions:
+ - dir_mode=0777
+ - file_mode=0777
+ - vers=3.0
+ csi:
+ driver: smb.csi.k8s.io
+ readOnly: false
+ volumeHandle: "tvshows" # make sure it's a unique id in the cluster
+ volumeAttributes:
+ source: "//samba.fileserver.svc.k8aux.undercloud.cf./tvshows"
+ nodeStageSecretRef:
+ name: fileserver-smb-account
+ namespace: jellyfin
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: movies
+ namespace: jellyfin
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 30Gi
+ volumeName: movies
+ storageClassName: ""
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: jellyfin
+ namespace: jellyfin
+ labels:
+ app: jellyfin
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: jellyfin
+ template:
+ metadata:
+ labels:
+ app: jellyfin
+ spec:
+ dnsConfig:
+ options:
+ - name: ndots
+ value: "1"
+ #securityContext:
+ # runAsUser: 1000
+ # runAsGroup: 1000
+ # fsGroup: 1000
+ containers:
+ - name: jellyfin
+ image: linuxserver/jellyfin
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 8096
+ - containerPort: 8920
+ - containerPort: 7359 #udp
+ - containerPort: 1900 #udp
+ #livenessProbe:
+ # httpGet:
+ # path: /health
+ # port: 8096
+ # #httpHeaders:
+ # #- name: Custom-Header
+ # # value: Awesome
+ # initialDelaySeconds: 30
+ # periodSeconds: 5
+ env:
+ - name: PUID
+ value: "1000"
+ - name: PGID
+ value: "1000"
+ volumeMounts:
+ - mountPath: /config
+ name: config
+ - mountPath: /data/movies
+ name: movies
+ #- mountPath: "/config/system.xml"
+ # name: config-cm
+ # subPath: system.xml
+ volumes:
+ - name: config
+ persistentVolumeClaim:
+ claimName: config
+ readOnly: false
+ - name: movies
+ persistentVolumeClaim:
+ claimName: movies
+ readOnly: false
+ - name: config-cm
+ configMap:
+ name: config
+ items:
+ - key: "system.xml"
+ path: "system.xml"
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: jellyfin
+ namespace: jellyfin
+spec:
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 8096
+ - name: jelly1
+ port: 8920
+ protocol: TCP
+ targetPort: 8920
+ - name: jelly2
+ port: 7359
+ protocol: UDP
+ targetPort: 7359
+ - name: jelly3
+ port: 1900
+ protocol: UDP
+ targetPort: 1900
+ selector:
+ app: jellyfin
+ sessionAffinity: None
+ type: ClusterIP
diff --git a/jellyfin/namespace.yaml b/jellyfin/namespace.yaml
new file mode 100644
index 0000000..63e357e
--- /dev/null
+++ b/jellyfin/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: jellyfin
+ labels:
+ prometheus: prometheus
\ No newline at end of file
diff --git a/jellyfin/secrets.yaml b/jellyfin/secrets.yaml
new file mode 100644
index 0000000..88c8a45
--- /dev/null
+++ b/jellyfin/secrets.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: fileserver-smb-account
+ namespace: jellyfin
+type: Opaque
+data:
+ username: YWRtaW4=
+ password: NElzVGhlTWluZEtpbGxlcg==
+ domain: bG9jYWxob3N0
\ No newline at end of file
diff --git a/jellyfin/service-monitor.yaml b/jellyfin/service-monitor.yaml
new file mode 100644
index 0000000..88c84c7
--- /dev/null
+++ b/jellyfin/service-monitor.yaml
@@ -0,0 +1,18 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: jellyfin
+ namespace: jellyfin
+ labels:
+ team: undercloud
+spec:
+ #namespaceSelector:
+ # matchNames:
+ # - argocd-metrics
+ selector:
+ matchLabels:
+ app: jellyfin
+ endpoints:
+ - port: http
+ #path: /metrics
+ interval: 5s
diff --git a/jitsi/README.md b/jitsi/README.md
new file mode 100644
index 0000000..3d7ea56
--- /dev/null
+++ b/jitsi/README.md
@@ -0,0 +1,10 @@
+# Jitsi
+## Video Conferencing / Telephony
+
+Jitsi ist eine Sammlung freier Software für IP-Telefonie, Videokonferenzen und Instant Messaging.
+
+improvements:
+ldap auth
+metrics
+liveness probes
+resource limits
\ No newline at end of file
diff --git a/jitsi/filesystem.yaml b/jitsi/filesystem.yaml
new file mode 100644
index 0000000..ab52a2d
--- /dev/null
+++ b/jitsi/filesystem.yaml
@@ -0,0 +1,42 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+ name: jitsi
+ namespace: rook-ceph
+spec:
+ metadataPool:
+ failureDomain: host
+ replicated:
+ size: 3
+ dataPools:
+ - name: replicated
+ failureDomain: host
+ replicated:
+ size: 3
+ preserveFilesystemOnDelete: false
+ metadataServer:
+ activeCount: 1
+ activeStandby: true
+ placement:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - mds-node
+ tolerations:
+ - key: node-role.kubernetes.io/storage-node
+ operator: Exists
+ effect: NoSchedule
+ # podAffinity:
+ # podAntiAffinity:
+ # topologySpreadConstraints:
+ #resources:
+ # limits:
+ # cpu: "80m"
+ # memory: "1024Mi"
+ # requests:
+ # cpu: "500m"
+ # memory: "1024Mi"
\ No newline at end of file
diff --git a/jitsi/ingress.yaml b/jitsi/ingress.yaml
new file mode 100644
index 0000000..beeb23d
--- /dev/null
+++ b/jitsi/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: jitsi
+ namespace: jitsi
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - jitsi.undercloud.cf
+ secretName: jitsi-tls
+ rules:
+ - host: jitsi.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: frontend
+ port:
+ number: 80
\ No newline at end of file
diff --git a/jitsi/jitsi.yaml b/jitsi/jitsi.yaml
new file mode 100644
index 0000000..a16db77
--- /dev/null
+++ b/jitsi/jitsi.yaml
@@ -0,0 +1,631 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: jitsi
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: jitsi
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: jitsi-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: data
+ namespace: jitsi
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 512Mi
+ storageClassName: jitsi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: frontend
+ namespace: jitsi
+ labels:
+ app: frontend
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: frontend
+ template:
+ metadata:
+ annotations:
+ #backup.velero.io/backup-volumes: html
+ labels:
+ app: frontend
+ spec:
+ dnsConfig:
+ options:
+ - name: ndots
+ value: "1"
+ #securityContext:
+ # runAsUser: 1000
+ # runAsGroup: 1000
+ # fsGroup: 1000
+ containers:
+ - name: frontend
+ resources:
+ #requests:
+ # memory: "10Mi"
+ # cpu: "250m"
+ #limits:
+ # memory: "256Mi"
+ # cpu: "10m"
+ image: jitsi/web:web-1.0.7257-1
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 80
+ - containerPort: 443
+ env:
+ - name: TZ
+ value: "Europe/Berlin"
+ - name: PUBLIC_URL
+ value: "https://jitsi.undercloud.cf"
+ - name: JICOFO_AUTH_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JICOFO_AUTH_PASSWORD
+ - name: JVB_AUTH_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JVB_AUTH_PASSWORD
+ - name: JIGASI_XMPP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIGASI_XMPP_PASSWORD
+ - name: JIBRI_RECORDER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIBRI_RECORDER_PASSWORD
+ - name: JIBRI_XMPP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIBRI_XMPP_PASSWORD
+ - name: ENABLE_LETSENCRYPT
+ value: "0"
+ - name: XMPP_DOMAIN
+ value: "xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_BOSH_URL_BASE
+ value: "http://xmpp.jitsi.svc.k8aux.undercloud.cf:5280"
+ - name: XMPP_PORT
+ value: "5222"
+ - name: XMPP_SERVER
+ value: "xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: JVB_ADVERTISE_IPS
+ value: "2001:470:72f0:2::31,10.0.2.31"
+ - name: DEFAULT_LANGUAGE
+ value: "de"
+ - name: XMPP_AUTH_DOMAIN
+ value: "auth.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_MUC_DOMAIN
+ value: "muc.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_INTERNAL_MUC_DOMAIN
+ value: "internal-muc.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ #- name: PUID
+ # value: "1000"
+ #- name: PGID
+ # value: "1000"
+ #lifecycle:
+ # postStart:
+ # exec:
+ # command: ["/bin/sh", "-c", "cp -rf /opt/bastillion/jetty/bastillion/WEB-INF/classe/BastillionConfig.properties.tmp /opt/bastillion/jetty/bastillion/WEB-INF/classe/BastillionConfig.properties"]
+ volumeMounts:
+ - mountPath: /config
+ name: data
+ subPath: config
+ - mountPath: /var/spool/cron/crontabs
+ name: data
+ subPath: crontabs
+ - mountPath: /usr/share/jitsi-meet/transcripts
+ name: data
+ subPath: transcripts
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: data
+ readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: frontend
+ namespace: jitsi
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ #ipFamilyPolicy: SingleStack
+ ports:
+ - name: http
+ port: 80
+ targetPort: 80
+ - name: https
+ port: 443
+ targetPort: 443
+ selector:
+ app: frontend
+ #sessionAffinity: None
+ type: ClusterIP
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: xmpp-data
+ namespace: jitsi
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 512Mi
+ storageClassName: jitsi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: xmpp
+ namespace: jitsi
+ labels:
+ app: xmpp
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: xmpp
+ template:
+ metadata:
+ annotations:
+ #backup.velero.io/backup-volumes: html
+ labels:
+ app: xmpp
+ spec:
+ dnsConfig:
+ options:
+ - name: ndots
+ value: "1"
+ #securityContext:
+ # runAsUser: 1000
+ # runAsGroup: 1000
+ # fsGroup: 1000
+ containers:
+ - name: xmpp
+ resources:
+ #requests:
+ # memory: "10Mi"
+ # cpu: "250m"
+ #limits:
+ # memory: "256Mi"
+ # cpu: "10m"
+ image: jitsi/prosody:prosody-0.12.3
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 5222
+ - containerPort: 5347
+ - containerPort: 5280
+ env:
+ - name: TZ
+ value: "Europe/Berlin"
+ - name: PUBLIC_URL
+ value: "https://jitsi.undercloud.cf"
+ - name: JICOFO_AUTH_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JICOFO_AUTH_PASSWORD
+ - name: JVB_AUTH_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JVB_AUTH_PASSWORD
+ - name: JIGASI_XMPP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIGASI_XMPP_PASSWORD
+ - name: JIBRI_RECORDER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIBRI_RECORDER_PASSWORD
+ - name: JIBRI_XMPP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIBRI_XMPP_PASSWORD
+ - name: ENABLE_LETSENCRYPT
+ value: "0"
+ - name: ENABLE_IPV6
+ value: "1"
+ - name: XMPP_DOMAIN
+ value: "xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_BOSH_URL_BASE
+ value: "http://xmpp.jitsi.svc.k8aux.undercloud.cf:5280"
+ - name: XMPP_PORT
+ value: "5222"
+ - name: XMPP_SERVER
+ value: "xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: JVB_ADVERTISE_IPS
+ value: "2001:470:72f0:2::31,10.0.2.31"
+ - name: XMPP_AUTH_DOMAIN
+ value: "auth.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_MUC_DOMAIN
+ value: "muc.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_INTERNAL_MUC_DOMAIN
+ value: "internal-muc.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ #- RESET_APPLICATION_SSH_KEY=false # set to true to regenerate and import SSH keys
+ #- SSH_KEY_TYPE=rsa # SSH key type 'dsa', 'rsa', or 'ecdsa' for generated keys
+ #- SSH_KEY_LENGTH=2048 # SSH key length for generated keys 2048 => 'rsa','dsa'; 521 => 'ecdsa'
+ #- name: PUID
+ # value: "1000"
+ #- name: PGID
+ # value: "1000"
+ #lifecycle:
+ # postStart:
+ # exec:
+ # command: ["/bin/sh", "-c", "cp -rf /opt/bastillion/jetty/bastillion/WEB-INF/classe/BastillionConfig.properties.tmp /opt/bastillion/jetty/bastillion/WEB-INF/classe/BastillionConfig.properties"]
+ volumeMounts:
+ - mountPath: /config
+ name: data
+ subPath: config
+ - mountPath: /prosody-plugins-custom
+ name: data
+ subPath: plugins
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: xmpp-data
+ readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: xmpp
+ namespace: jitsi
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ #ipFamilyPolicy: SingleStack
+ ports:
+ - name: xmpp1
+ port: 5222
+ targetPort: 5222
+ - name: xmpp2
+ port: 5347
+ targetPort: 5347
+ - name: xmpp3
+ port: 5280
+ targetPort: 5280
+ selector:
+ app: xmpp
+ #sessionAffinity: None
+ type: ClusterIP
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: focus-data
+ namespace: jitsi
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 512Mi
+ storageClassName: jitsi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: focus
+ namespace: jitsi
+ labels:
+ app: focus
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: focus
+ template:
+ metadata:
+ annotations:
+ #backup.velero.io/backup-volumes: html
+ labels:
+ app: focus
+ spec:
+ dnsConfig:
+ options:
+ - name: ndots
+ value: "1"
+ #securityContext:
+ # runAsUser: 1000
+ # runAsGroup: 1000
+ # fsGroup: 1000
+ containers:
+ - name: focus
+ resources:
+ #requests:
+ # memory: "10Mi"
+ # cpu: "250m"
+ #limits:
+ # memory: "256Mi"
+ # cpu: "10m"
+ image: jitsi/jicofo:jicofo-1.0-1029-1
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 8888
+ env:
+ - name: JICOFO_AUTH_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JICOFO_AUTH_PASSWORD
+ - name: JVB_AUTH_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JVB_AUTH_PASSWORD
+ - name: JIGASI_XMPP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIGASI_XMPP_PASSWORD
+ - name: JIBRI_RECORDER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIBRI_RECORDER_PASSWORD
+ - name: JIBRI_XMPP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIBRI_XMPP_PASSWORD
+ - name: ENABLE_LETSENCRYPT
+ value: "0"
+ - name: ENABLE_IPV6
+ value: "1"
+ - name: XMPP_DOMAIN
+ value: "xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_BOSH_URL_BASE
+ value: "http://xmpp.jitsi.svc.k8aux.undercloud.cf:5280"
+ - name: XMPP_PORT
+ value: "5222"
+ - name: XMPP_SERVER
+ value: "xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: JVB_ADVERTISE_IPS
+ value: "2001:470:72f0:2::31,10.0.2.31"
+ - name: XMPP_AUTH_DOMAIN
+ value: "auth.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_MUC_DOMAIN
+ value: "muc.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_INTERNAL_MUC_DOMAIN
+ value: "internal-muc.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ #- RESET_APPLICATION_SSH_KEY=false # set to true to regenerate and import SSH keys
+ #- SSH_KEY_TYPE=rsa # SSH key type 'dsa', 'rsa', or 'ecdsa' for generated keys
+ #- SSH_KEY_LENGTH=2048 # SSH key length for generated keys 2048 => 'rsa','dsa'; 521 => 'ecdsa'
+ #- name: PUID
+ # value: "1000"
+ #- name: PGID
+ # value: "1000"
+ #lifecycle:
+ # postStart:
+ # exec:
+ # command: ["/bin/sh", "-c", "cp -rf /opt/bastillion/jetty/bastillion/WEB-INF/classe/BastillionConfig.properties.tmp /opt/bastillion/jetty/bastillion/WEB-INF/classe/BastillionConfig.properties"]
+ volumeMounts:
+ - mountPath: /config
+ name: data
+ subPath: config
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: focus-data
+ readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: focus
+ namespace: jitsi
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ #ipFamilyPolicy: SingleStack
+ ports:
+ - name: focus
+ port: 8888
+ targetPort: 8888
+ selector:
+ app: focus
+ #sessionAffinity: None
+ type: ClusterIP
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: jvb-data
+ namespace: jitsi
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 512Mi
+ storageClassName: jitsi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: jvb
+ namespace: jitsi
+ labels:
+ app: jvb
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: jvb
+ template:
+ metadata:
+ annotations:
+ #backup.velero.io/backup-volumes: html
+ labels:
+ app: jvb
+ spec:
+ dnsConfig:
+ options:
+ - name: ndots
+ value: "1"
+ #securityContext:
+ # runAsUser: 1000
+ # runAsGroup: 1000
+ # fsGroup: 1000
+ containers:
+ - name: jvb
+ resources:
+ #requests:
+ # memory: "10Mi"
+ # cpu: "250m"
+ #limits:
+ # memory: "256Mi"
+ # cpu: "10m"
+ image: jitsi/jvb:jvb-2.3-20-gfc17337e-1
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 10000
+ - containerPort: 8080
+ env:
+ - name: TZ
+ value: "Europe/Berlin"
+ - name: PUBLIC_URL
+ value: "https://jitsi.undercloud.cf"
+ - name: JICOFO_AUTH_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JICOFO_AUTH_PASSWORD
+ - name: JVB_AUTH_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JVB_AUTH_PASSWORD
+ - name: JIGASI_XMPP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIGASI_XMPP_PASSWORD
+ - name: JIBRI_RECORDER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIBRI_RECORDER_PASSWORD
+ - name: JIBRI_XMPP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: jitsi
+ key: JIBRI_XMPP_PASSWORD
+ - name: ENABLE_LETSENCRYPT
+ value: "0"
+ - name: ENABLE_IPV6
+ value: "1"
+ - name: JVB_PORT
+ value: "10000"
+ - name: XMPP_DOMAIN
+ value: "xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_BOSH_URL_BASE
+ value: "http://xmpp.jitsi.svc.k8aux.undercloud.cf:5280"
+ - name: XMPP_PORT
+ value: "5222"
+ - name: XMPP_SERVER
+ value: "xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: JVB_ADVERTISE_IPS
+ value: "2001:470:72f0:2::31,10.0.2.31"
+ - name: JVB_DISABLE_STUN
+ value: "1"
+ - name: XMPP_AUTH_DOMAIN
+ value: "auth.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_MUC_DOMAIN
+ value: "muc.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ - name: XMPP_INTERNAL_MUC_DOMAIN
+ value: "internal-muc.xmpp.jitsi.svc.k8aux.undercloud.cf"
+ #- RESET_APPLICATION_SSH_KEY=false # set to true to regenerate and import SSH keys
+ #- SSH_KEY_TYPE=rsa # SSH key type 'dsa', 'rsa', or 'ecdsa' for generated keys
+ #- SSH_KEY_LENGTH=2048 # SSH key length for generated keys 2048 => 'rsa','dsa'; 521 => 'ecdsa'
+ #- name: PUID
+ # value: "1000"
+ #- name: PGID
+ # value: "1000"
+ #lifecycle:
+ # postStart:
+ # exec:
+ # command: ["/bin/sh", "-c", "cp -rf /opt/bastillion/jetty/bastillion/WEB-INF/classe/BastillionConfig.properties.tmp /opt/bastillion/jetty/bastillion/WEB-INF/classe/BastillionConfig.properties"]
+ volumeMounts:
+ - mountPath: /config
+ name: data
+ subPath: config
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: jvb-data
+ readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: jvb
+ namespace: jitsi
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ #ipFamilyPolicy: SingleStack
+ ports:
+ - name: jvb1
+ port: 10000
+ targetPort: 10000
+ - name: jvb2
+ port: 8080
+ targetPort: 8080
+ selector:
+ app: jvb
+ #sessionAffinity: None
+ type: ClusterIP
+---
\ No newline at end of file
diff --git a/jitsi/namespace.yaml b/jitsi/namespace.yaml
new file mode 100644
index 0000000..4eb5d46
--- /dev/null
+++ b/jitsi/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: jitsi
+ labels:
+ prometheus: prometheus
\ No newline at end of file
diff --git a/jitsi/secrets.yaml b/jitsi/secrets.yaml
new file mode 100644
index 0000000..8648f86
--- /dev/null
+++ b/jitsi/secrets.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: jitsi
+ namespace: jitsi
+type: Opaque
+data:
+ JICOFO_AUTH_PASSWORD: a3Jhc3Nlc0pJQ09GT19BVVRIX1BBU1NXT1JE
+ JVB_AUTH_PASSWORD: a3Jhc3Nlc0pWQl9BVVRIX1BBU1NXT1JE
+ JIGASI_XMPP_PASSWORD: a3Jhc3Nlc0pJR0FTSV9YTVBQX1BBU1NXT1JE
+ JIBRI_RECORDER_PASSWORD: a3Jhc3Nlc0pJQlJJX1JFQ09SREVSX1BBU1NXT1JE
+ JIBRI_XMPP_PASSWORD: a3Jhc3Nlc0pJQlJJX1hNUFBfUEFTU1dPUkQ=
\ No newline at end of file
diff --git a/kubevirt/README.md b/kubevirt/README.md
new file mode 100644
index 0000000..1d4e35c
--- /dev/null
+++ b/kubevirt/README.md
@@ -0,0 +1,10 @@
+# Kubevirt
+## virtual Machines in Kubernetes
+
+KubeVirt technology addresses the needs of development teams that have adopted or want to adopt Kubernetes but possess existing Virtual Machine-based workloads that cannot be easily containerized. More specifically, the technology provides a unified development platform where developers can build, modify, and deploy applications residing in both Application Containers as well as Virtual Machines in a common, shared environment.
+
+Benefits are broad and significant. Teams with a reliance on existing virtual machine-based workloads are empowered to rapidly containerize applications. With virtualized workloads placed directly in development workflows, teams can decompose them over time while still leveraging remaining virtualized components as is comfortably desired.
+
+
+NOT WORKING!
+there is no working arm64 version
\ No newline at end of file
diff --git a/kubevirt/filesystem.yaml b/kubevirt/filesystem.yaml
new file mode 100644
index 0000000..8a9a304
--- /dev/null
+++ b/kubevirt/filesystem.yaml
@@ -0,0 +1,17 @@
+#apiVersion: ceph.rook.io/v1
+#kind: CephFilesystem
+#metadata:
+# name: kubevirt
+# namespace: rook-ceph
+#spec:
+# metadataPool:
+# replicated:
+# size: 3
+# dataPools:
+# - name: replicated
+# replicated:
+# size: 3
+# preserveFilesystemOnDelete: false
+# metadataServer:
+# activeCount: 1
+# activeStandby: true
\ No newline at end of file
diff --git a/kubevirt/kubevirt-operator-crds.yaml b/kubevirt/kubevirt-operator-crds.yaml
new file mode 100644
index 0000000..ca11512
--- /dev/null
+++ b/kubevirt/kubevirt-operator-crds.yaml
@@ -0,0 +1,5546 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ operator.kubevirt.io: ""
+ name: kubevirts.kubevirt.io
+spec:
+ group: kubevirt.io
+ names:
+ categories:
+ - all
+ kind: KubeVirt
+ plural: kubevirts
+ shortNames:
+ - kv
+ - kvs
+ singular: kubevirt
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: KubeVirt represents the object deploying all KubeVirt resources
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ certificateRotateStrategy:
+ properties:
+ selfSigned:
+ properties:
+ ca:
+ description: CA configuration CA certs are kept in the CA
+ bundle as long as they are valid
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's "notAfter" time that we will begin to
+ attempt to renew the certificate.
+ type: string
+ type: object
+ caOverlapInterval:
+ description: Deprecated. Use CA.Duration and CA.RenewBefore
+ instead
+ type: string
+ caRotateInterval:
+ description: Deprecated. Use CA.Duration instead
+ type: string
+ certRotateInterval:
+ description: Deprecated. Use Server.Duration instead
+ type: string
+ server:
+ description: Server configuration Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's "notAfter" time that we will begin to
+ attempt to renew the certificate.
+ type: string
+ type: object
+ type: object
+ type: object
+ configuration:
+ description: holds kubevirt configurations. same as the virt-configMap
+ properties:
+ additionalGuestMemoryOverheadRatio:
+ description: AdditionalGuestMemoryOverheadRatio can be used to
+ increase the virtualization infrastructure overhead. This is
+ useful, since the calculation of this overhead is not accurate
+ and cannot be entirely known in advance. The ratio that is being
+ set determines by which factor to increase the overhead calculated
+ by Kubevirt. A higher ratio means that the VMs would be less
+ compromised by node pressures, but would mean that fewer VMs
+ could be scheduled to a node. If not set, the default is 1.
+ type: string
+ apiConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ controllerConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ cpuModel:
+ type: string
+ cpuRequest:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ defaultRuntimeClass:
+ type: string
+ developerConfiguration:
+ description: DeveloperConfiguration holds developer options
+ properties:
+ cpuAllocationRatio:
+ description: 'For each requested virtual CPU, CPUAllocationRatio
+ defines how much physical CPU to request per VMI from the
+ hosting node. The value is in fraction of a CPU thread (or
+ core on non-hyperthreaded nodes). For example, a value of
+ 1 means 1 physical CPU thread per VMI CPU thread. A value
+ of 100 would be 1% of a physical thread allocated for each
+ requested VMI thread. This option has no effect on VMIs
+ that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio
+ Defaults to 10'
+ type: integer
+ diskVerification:
+ description: DiskVerification holds container disks verification
+ limits
+ properties:
+ memoryLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - memoryLimit
+ type: object
+ featureGates:
+ description: FeatureGates is the list of experimental features
+ to enable. Defaults to none
+ items:
+ type: string
+ type: array
+ logVerbosity:
+ description: LogVerbosity sets log verbosity level of various
+ components
+ properties:
+ nodeVerbosity:
+ additionalProperties:
+ type: integer
+ description: NodeVerbosity represents a map of nodes with
+ a specific verbosity level
+ type: object
+ virtAPI:
+ type: integer
+ virtController:
+ type: integer
+ virtHandler:
+ type: integer
+ virtLauncher:
+ type: integer
+ virtOperator:
+ type: integer
+ type: object
+ memoryOvercommit:
+ description: MemoryOvercommit is the percentage of memory
+ we want to give VMIs compared to the amount given to its
+ parent pod (virt-launcher). For example, a value of 102
+ means the VMI will "see" 2% more memory than its parent
+ pod. Values under 100 are effectively "undercommits". Overcommits
+ can lead to memory exhaustion, which in turn can lead to
+ crashes. Use carefully. Defaults to 100
+ type: integer
+ minimumClusterTSCFrequency:
+ description: Allow overriding the automatically determined
+ minimum TSC frequency of the cluster and fixate the minimum
+ to this frequency.
+ format: int64
+ type: integer
+ minimumReservePVCBytes:
+ description: MinimumReservePVCBytes is the amount of space,
+ in bytes, to leave unused on disks. Defaults to 131072 (128KiB)
+ format: int64
+ type: integer
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: NodeSelectors allows restricting VMI creation
+ to nodes that match a set of labels. Defaults to none
+ type: object
+ pvcTolerateLessSpaceUpToPercent:
+ description: LessPVCSpaceToleration determines how much smaller,
+ in percentage, disk PVCs are allowed to be compared to the
+ requested size (to account for various overheads). Defaults
+ to 10
+ type: integer
+ useEmulation:
+ description: UseEmulation can be set to true to allow fallback
+ to software emulation in case hardware-assisted emulation
+ is not available. Defaults to false
+ type: boolean
+ type: object
+ emulatedMachines:
+ items:
+ type: string
+ type: array
+ evictionStrategy:
+ description: EvictionStrategy defines at the cluster level if
+ the VirtualMachineInstance should be migrated instead of shut-off
+ in case of a node drain. If the VirtualMachineInstance specific
+ field is set it overrides the cluster level one.
+ type: string
+ handlerConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ imagePullPolicy:
+ description: PullPolicy describes a policy for if/when to pull
+ a container image
+ type: string
+ machineType:
+ type: string
+ mediatedDevicesConfiguration:
+ description: MediatedDevicesConfiguration holds information about
+ MDEV types to be defined, if available
+ properties:
+ mediatedDeviceTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mediatedDevicesTypes:
+ description: Deprecated. Use mediatedDeviceTypes instead.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeMediatedDeviceTypes:
+ items:
+ description: NodeMediatedDeviceTypesConfig holds information
+ about MDEV types to be defined in a specifc node that
+ matches the NodeSelector field.
+ properties:
+ mediatedDeviceTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mediatedDevicesTypes:
+ description: Deprecated. Use mediatedDeviceTypes instead.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'NodeSelector is a selector which must
+ be true for the vmi to fit on a node. Selector which
+ must match a node''s labels for the vmi to be scheduled
+ on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ required:
+ - nodeSelector
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ memBalloonStatsPeriod:
+ format: int32
+ type: integer
+ migrations:
+ description: MigrationConfiguration holds migration options. Can
+ be overridden for specific groups of VMs though migration policies.
+ Visit https://kubevirt.io/user-guide/operations/migration_policies/
+ for more information.
+ properties:
+ allowAutoConverge:
+ description: AllowAutoConverge allows the platform to compromise
+ performance/availability of VMIs to guarantee successful
+ VMI live migrations. Defaults to false
+ type: boolean
+ allowPostCopy:
+ description: AllowPostCopy enables post-copy live migrations.
+ Such migrations allow even the busiest VMIs to successfully
+ live-migrate. However, events like a network failure can
+ cause a VMI crash. If set to true, migrations will still
+ start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB
+ triggers. Defaults to false
+ type: boolean
+ bandwidthPerMigration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: BandwidthPerMigration limits the amount of network
+ bandwith live migrations are allowed to use. The value is
+ in quantity per second. Defaults to 0 (no limit)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ completionTimeoutPerGiB:
+ description: CompletionTimeoutPerGiB is the maximum number
+ of seconds per GiB a migration is allowed to take. If a
+ live-migration takes longer to migrate than this value multiplied
+ by the size of the VMI, the migration will be cancelled,
+ unless AllowPostCopy is true. Defaults to 800
+ format: int64
+ type: integer
+ disableTLS:
+ description: When set to true, DisableTLS will disable the
+ additional layer of live migration encryption provided by
+ KubeVirt. This is usually a bad idea. Defaults to false
+ type: boolean
+ network:
+ description: Network is the name of the CNI network to use
+ for live migrations. By default, migrations go through the
+ pod network.
+ type: string
+ nodeDrainTaintKey:
+ description: 'NodeDrainTaintKey defines the taint key that
+ indicates a node should be drained. Note: this option relies
+ on the deprecated node taint feature. Default: kubevirt.io/drain'
+ type: string
+ parallelMigrationsPerCluster:
+ description: ParallelMigrationsPerCluster is the total number
+ of concurrent live migrations allowed cluster-wide. Defaults
+ to 5
+ format: int32
+ type: integer
+ parallelOutboundMigrationsPerNode:
+ description: ParallelOutboundMigrationsPerNode is the maximum
+ number of concurrent outgoing live migrations allowed per
+ node. Defaults to 2
+ format: int32
+ type: integer
+ progressTimeout:
+ description: ProgressTimeout is the maximum number of seconds
+ a live migration is allowed to make no progress. Hitting
+ this timeout means a migration transferred 0 data for that
+ many seconds. The migration is then considered stuck and
+ therefore cancelled. Defaults to 150
+ format: int64
+ type: integer
+ unsafeMigrationOverride:
+ description: UnsafeMigrationOverride allows live migrations
+ to occur even if the compatibility check indicates the migration
+ will be unsafe to the guest. Defaults to false
+ type: boolean
+ type: object
+ minCPUModel:
+ type: string
+ network:
+ description: NetworkConfiguration holds network options
+ properties:
+ defaultNetworkInterface:
+ type: string
+ permitBridgeInterfaceOnPodNetwork:
+ type: boolean
+ permitSlirpInterface:
+ type: boolean
+ type: object
+ obsoleteCPUModels:
+ additionalProperties:
+ type: boolean
+ type: object
+ ovmfPath:
+ type: string
+ permittedHostDevices:
+ description: PermittedHostDevices holds information about devices
+ allowed for passthrough
+ properties:
+ mediatedDevices:
+ items:
+ description: MediatedHostDevice represents a host mediated
+ device allowed for passthrough
+ properties:
+ externalResourceProvider:
+ type: boolean
+ mdevNameSelector:
+ type: string
+ resourceName:
+ type: string
+ required:
+ - mdevNameSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ pciHostDevices:
+ items:
+ description: PciHostDevice represents a host PCI device
+ allowed for passthrough
+ properties:
+ externalResourceProvider:
+ description: If true, KubeVirt will leave the allocation
+ and monitoring to an external device plugin
+ type: boolean
+ pciVendorSelector:
+ description: The vendor_id:product_id tuple of the PCI
+ device
+ type: string
+ resourceName:
+ description: The name of the resource that is representing
+ the device. Exposed by a device plugin and requested
+ by VMs. Typically of the form vendor.com/product_nameThe
+ name of the resource that is representing the device.
+ Exposed by a device plugin and requested by VMs. Typically
+ of the form vendor.com/product_name
+ type: string
+ required:
+ - pciVendorSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ seccompConfiguration:
+ description: SeccompConfiguration holds Seccomp configuration
+ for Kubevirt components
+ properties:
+ virtualMachineInstanceProfile:
+ description: VirtualMachineInstanceProfile defines what profile
+ should be used with virt-launcher. Defaults to none
+ properties:
+ customProfile:
+ description: CustomProfile allows to request arbitrary
+ profile for virt-launcher
+ properties:
+ localhostProfile:
+ type: string
+ runtimeDefaultProfile:
+ type: boolean
+ type: object
+ type: object
+ type: object
+ selinuxLauncherType:
+ type: string
+ smbios:
+ properties:
+ family:
+ type: string
+ manufacturer:
+ type: string
+ product:
+ type: string
+ sku:
+ type: string
+ version:
+ type: string
+ type: object
+ supportedGuestAgentVersions:
+ description: deprecated
+ items:
+ type: string
+ type: array
+ tlsConfiguration:
+ description: TLSConfiguration holds TLS options
+ properties:
+ ciphers:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ minTLSVersion:
+ description: "MinTLSVersion is a way to specify the minimum
+ protocol version that is acceptable for TLS connections.
+ Protocol versions are based on the following most common
+ TLS configurations: \n https://ssl-config.mozilla.org/
+ \n Note that SSLv3.0 is not a supported protocol version
+ due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE"
+ enum:
+ - VersionTLS10
+ - VersionTLS11
+ - VersionTLS12
+ - VersionTLS13
+ type: string
+ type: object
+ virtualMachineInstancesPerNode:
+ type: integer
+ webhookConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ type: object
+ customizeComponents:
+ properties:
+ flags:
+ description: Configure the value used for deployment and daemonset
+ resources
+ properties:
+ api:
+ additionalProperties:
+ type: string
+ type: object
+ controller:
+ additionalProperties:
+ type: string
+ type: object
+ handler:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ patches:
+ items:
+ properties:
+ patch:
+ type: string
+ resourceName:
+ minLength: 1
+ type: string
+ resourceType:
+ minLength: 1
+ type: string
+ type:
+ type: string
+ required:
+ - patch
+ - resourceName
+ - resourceType
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ imagePullPolicy:
+ description: The ImagePullPolicy to use.
+ type: string
+ imagePullSecrets:
+ description: The imagePullSecrets to pull the container images from
+ Defaults to none
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ imageRegistry:
+ description: The image registry to pull the container images from
+ Defaults to the same registry the operator's container image is
+ pulled from.
+ type: string
+ imageTag:
+ description: The image tag to use for the continer images installed.
+ Defaults to the same tag as the operator's container image.
+ type: string
+ infra:
+ description: selectors and tolerations that should apply to KubeVirt
+ infrastructure components
+ properties:
+ nodePlacement:
+ description: nodePlacement describes scheduling configuration
+ for specific KubeVirt components
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed
+ with nodeSelector. affinity is going to be applied to the
+ relevant kind of pods in parallel with nodeSelector See
+ https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term
+ matches all objects with implicit weight 0 (i.e.
+ it's a no-op). A null preferred scheduling term
+ matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to an update), the system may or may not try
+ to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them
+ are ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected,
+ i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity
+ expressions, etc.), compute a sum by iterating through
+ the elements of this field and adding "weight" to
+ the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ anti-affinity requirements specified by this field
+ cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may
+ or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the
+ lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to
+ the relevant kind of pods It specifies a map of key-value
+ pairs: for the pod to be eligible to run on a node, the
+ node must have each of the indicated key-value pairs as
+ labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied
+ to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than
+ default ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified,
+ allowed values are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys. If the
+ key is empty, operator must be Exists; this combination
+ means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints of
+ a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period
+ of time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the
+ taint forever (do not evict). Zero and negative values
+ will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration
+ matches to. If the operator is Exists, the value should
+ be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: 'replicas indicates how many replicas should be created
+ for each KubeVirt infrastructure component (like virt-api or
+ virt-controller). Defaults to 2. WARNING: this is an advanced
+ feature that prevents auto-scaling for core kubevirt components.
+ Please use with caution!'
+ type: integer
+ type: object
+ monitorAccount:
+ description: The name of the Prometheus service account that needs
+ read-access to KubeVirt endpoints Defaults to prometheus-k8s
+ type: string
+ monitorNamespace:
+ description: The namespace Prometheus is deployed in Defaults to openshift-monitor
+ type: string
+ productComponent:
+ description: Designate the apps.kubevirt.io/component label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductComponent is not specified, the component label default
+ value is kubevirt.
+ type: string
+ productName:
+ description: Designate the apps.kubevirt.io/part-of label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductName is not specified, the part-of label will be omitted.
+ type: string
+ productVersion:
+ description: Designate the apps.kubevirt.io/version label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductVersion is not specified, KubeVirt's version will be used.
+ type: string
+ serviceMonitorNamespace:
+ description: The namespace the service monitor will be deployed When
+ ServiceMonitorNamespace is set, then we'll install the service monitor
+ object in that namespace otherwise we will use the monitoring namespace.
+ type: string
+ uninstallStrategy:
+ description: Specifies if kubevirt can be deleted if workloads are
+ still present. This is mainly a precaution to avoid accidental data
+ loss
+ type: string
+ workloadUpdateStrategy:
+ description: WorkloadUpdateStrategy defines at the cluster level how
+ to handle automated workload updates
+ properties:
+ batchEvictionInterval:
+ description: "BatchEvictionInterval Represents the interval to
+ wait before issuing the next batch of shutdowns \n Defaults
+ to 1 minute"
+ type: string
+ batchEvictionSize:
+ description: "BatchEvictionSize Represents the number of VMIs
+ that can be forced updated per the BatchShutdownInteral interval
+ \n Defaults to 10"
+ type: integer
+ workloadUpdateMethods:
+ description: "WorkloadUpdateMethods defines the methods that can
+ be used to disrupt workloads during automated workload updates.
+ When multiple methods are present, the least disruptive method
+ takes precedence over more disruptive methods. For example if
+ both LiveMigrate and Shutdown methods are listed, only VMs which
+ are not live migratable will be restarted/shutdown \n An empty
+ list defaults to no automated workload updating"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ workloads:
+ description: selectors and tolerations that should apply to KubeVirt
+ workloads
+ properties:
+ nodePlacement:
+ description: nodePlacement describes scheduling configuration
+ for specific KubeVirt components
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed
+ with nodeSelector. affinity is going to be applied to the
+ relevant kind of pods in parallel with nodeSelector See
+ https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term
+ matches all objects with implicit weight 0 (i.e.
+ it's a no-op). A null preferred scheduling term
+ matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to an update), the system may or may not try
+ to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them
+ are ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected,
+ i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity
+ expressions, etc.), compute a sum by iterating through
+ the elements of this field and adding "weight" to
+ the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ anti-affinity requirements specified by this field
+ cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may
+ or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the
+ lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to
+ the relevant kind of pods It specifies a map of key-value
+ pairs: for the pod to be eligible to run on a node, the
+ node must have each of the indicated key-value pairs as
+ labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied
+ to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than
+ default ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified,
+ allowed values are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys. If the
+ key is empty, operator must be Exists; this combination
+ means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints of
+ a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period
+ of time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the
+ taint forever (do not evict). Zero and negative values
+ will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration
+ matches to. If the operator is Exists, the value should
+ be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: 'replicas indicates how many replicas should be created
+ for each KubeVirt infrastructure component (like virt-api or
+ virt-controller). Defaults to 2. WARNING: this is an advanced
+ feature that prevents auto-scaling for core kubevirt components.
+ Please use with caution!'
+ type: integer
+ type: object
+ type: object
+ status:
+ description: KubeVirtStatus represents information pertaining to a KubeVirt
+ deployment.
+ properties:
+ conditions:
+ items:
+ description: KubeVirtCondition represents a condition of a KubeVirt
+ deployment
+ properties:
+ lastProbeTime:
+ format: date-time
+ nullable: true
+ type: string
+ lastTransitionTime:
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ generations:
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - lastGeneration
+ - name
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedDeploymentConfig:
+ type: string
+ observedDeploymentID:
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ observedKubeVirtRegistry:
+ type: string
+ observedKubeVirtVersion:
+ type: string
+ operatorVersion:
+ type: string
+ outdatedVirtualMachineInstanceWorkloads:
+ type: integer
+ phase:
+ description: KubeVirtPhase is a label for the phase of a KubeVirt
+ deployment at the current time.
+ type: string
+ targetDeploymentConfig:
+ type: string
+ targetDeploymentID:
+ type: string
+ targetKubeVirtRegistry:
+ type: string
+ targetKubeVirtVersion:
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1alpha3
+ schema:
+ openAPIV3Schema:
+ description: KubeVirt represents the object deploying all KubeVirt resources
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ certificateRotateStrategy:
+ properties:
+ selfSigned:
+ properties:
+ ca:
+ description: CA configuration CA certs are kept in the CA
+ bundle as long as they are valid
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's "notAfter" time that we will begin to
+ attempt to renew the certificate.
+ type: string
+ type: object
+ caOverlapInterval:
+ description: Deprecated. Use CA.Duration and CA.RenewBefore
+ instead
+ type: string
+ caRotateInterval:
+ description: Deprecated. Use CA.Duration instead
+ type: string
+ certRotateInterval:
+ description: Deprecated. Use Server.Duration instead
+ type: string
+ server:
+ description: Server configuration Certs are rotated and discarded
+ properties:
+ duration:
+ description: The requested 'duration' (i.e. lifetime)
+ of the Certificate.
+ type: string
+ renewBefore:
+ description: The amount of time before the currently issued
+ certificate's "notAfter" time that we will begin to
+ attempt to renew the certificate.
+ type: string
+ type: object
+ type: object
+ type: object
+ configuration:
+ description: holds kubevirt configurations. same as the virt-configMap
+ properties:
+ additionalGuestMemoryOverheadRatio:
+ description: AdditionalGuestMemoryOverheadRatio can be used to
+ increase the virtualization infrastructure overhead. This is
+ useful, since the calculation of this overhead is not accurate
+ and cannot be entirely known in advance. The ratio that is being
+ set determines by which factor to increase the overhead calculated
+ by Kubevirt. A higher ratio means that the VMs would be less
+ compromised by node pressures, but would mean that fewer VMs
+ could be scheduled to a node. If not set, the default is 1.
+ type: string
+ apiConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ controllerConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ cpuModel:
+ type: string
+ cpuRequest:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ defaultRuntimeClass:
+ type: string
+ developerConfiguration:
+ description: DeveloperConfiguration holds developer options
+ properties:
+ cpuAllocationRatio:
+ description: 'For each requested virtual CPU, CPUAllocationRatio
+ defines how much physical CPU to request per VMI from the
+ hosting node. The value is in fraction of a CPU thread (or
+ core on non-hyperthreaded nodes). For example, a value of
+ 1 means 1 physical CPU thread per VMI CPU thread. A value
+ of 100 would be 1% of a physical thread allocated for each
+ requested VMI thread. This option has no effect on VMIs
+ that request dedicated CPUs. More information at: https://kubevirt.io/user-guide/operations/node_overcommit/#node-cpu-allocation-ratio
+ Defaults to 10'
+ type: integer
+ diskVerification:
+ description: DiskVerification holds container disks verification
+ limits
+ properties:
+ memoryLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - memoryLimit
+ type: object
+ featureGates:
+ description: FeatureGates is the list of experimental features
+ to enable. Defaults to none
+ items:
+ type: string
+ type: array
+ logVerbosity:
+ description: LogVerbosity sets log verbosity level of various
+ components
+ properties:
+ nodeVerbosity:
+ additionalProperties:
+ type: integer
+ description: NodeVerbosity represents a map of nodes with
+ a specific verbosity level
+ type: object
+ virtAPI:
+ type: integer
+ virtController:
+ type: integer
+ virtHandler:
+ type: integer
+ virtLauncher:
+ type: integer
+ virtOperator:
+ type: integer
+ type: object
+ memoryOvercommit:
+ description: MemoryOvercommit is the percentage of memory
+ we want to give VMIs compared to the amount given to its
+ parent pod (virt-launcher). For example, a value of 102
+ means the VMI will "see" 2% more memory than its parent
+ pod. Values under 100 are effectively "undercommits". Overcommits
+ can lead to memory exhaustion, which in turn can lead to
+ crashes. Use carefully. Defaults to 100
+ type: integer
+ minimumClusterTSCFrequency:
+ description: Allow overriding the automatically determined
+ minimum TSC frequency of the cluster and fixate the minimum
+ to this frequency.
+ format: int64
+ type: integer
+ minimumReservePVCBytes:
+ description: MinimumReservePVCBytes is the amount of space,
+ in bytes, to leave unused on disks. Defaults to 131072 (128KiB)
+ format: int64
+ type: integer
+ nodeSelectors:
+ additionalProperties:
+ type: string
+ description: NodeSelectors allows restricting VMI creation
+ to nodes that match a set of labels. Defaults to none
+ type: object
+ pvcTolerateLessSpaceUpToPercent:
+ description: LessPVCSpaceToleration determines how much smaller,
+ in percentage, disk PVCs are allowed to be compared to the
+ requested size (to account for various overheads). Defaults
+ to 10
+ type: integer
+ useEmulation:
+ description: UseEmulation can be set to true to allow fallback
+ to software emulation in case hardware-assisted emulation
+ is not available. Defaults to false
+ type: boolean
+ type: object
+ emulatedMachines:
+ items:
+ type: string
+ type: array
+ evictionStrategy:
+ description: EvictionStrategy defines at the cluster level if
+ the VirtualMachineInstance should be migrated instead of shut-off
+ in case of a node drain. If the VirtualMachineInstance specific
+ field is set it overrides the cluster level one.
+ type: string
+ handlerConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ imagePullPolicy:
+ description: PullPolicy describes a policy for if/when to pull
+ a container image
+ type: string
+ machineType:
+ type: string
+ mediatedDevicesConfiguration:
+ description: MediatedDevicesConfiguration holds information about
+ MDEV types to be defined, if available
+ properties:
+ mediatedDeviceTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mediatedDevicesTypes:
+ description: Deprecated. Use mediatedDeviceTypes instead.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeMediatedDeviceTypes:
+ items:
+ description: NodeMediatedDeviceTypesConfig holds information
+ about MDEV types to be defined in a specifc node that
+ matches the NodeSelector field.
+ properties:
+ mediatedDeviceTypes:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mediatedDevicesTypes:
+ description: Deprecated. Use mediatedDeviceTypes instead.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'NodeSelector is a selector which must
+ be true for the vmi to fit on a node. Selector which
+ must match a node''s labels for the vmi to be scheduled
+ on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ required:
+ - nodeSelector
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ memBalloonStatsPeriod:
+ format: int32
+ type: integer
+ migrations:
+ description: MigrationConfiguration holds migration options. Can
+ be overridden for specific groups of VMs though migration policies.
+ Visit https://kubevirt.io/user-guide/operations/migration_policies/
+ for more information.
+ properties:
+ allowAutoConverge:
+ description: AllowAutoConverge allows the platform to compromise
+ performance/availability of VMIs to guarantee successful
+ VMI live migrations. Defaults to false
+ type: boolean
+ allowPostCopy:
+ description: AllowPostCopy enables post-copy live migrations.
+ Such migrations allow even the busiest VMIs to successfully
+ live-migrate. However, events like a network failure can
+ cause a VMI crash. If set to true, migrations will still
+ start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB
+ triggers. Defaults to false
+ type: boolean
+ bandwidthPerMigration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: BandwidthPerMigration limits the amount of network
+ bandwith live migrations are allowed to use. The value is
+ in quantity per second. Defaults to 0 (no limit)
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ completionTimeoutPerGiB:
+ description: CompletionTimeoutPerGiB is the maximum number
+ of seconds per GiB a migration is allowed to take. If a
+ live-migration takes longer to migrate than this value multiplied
+ by the size of the VMI, the migration will be cancelled,
+ unless AllowPostCopy is true. Defaults to 800
+ format: int64
+ type: integer
+ disableTLS:
+ description: When set to true, DisableTLS will disable the
+ additional layer of live migration encryption provided by
+ KubeVirt. This is usually a bad idea. Defaults to false
+ type: boolean
+ network:
+ description: Network is the name of the CNI network to use
+ for live migrations. By default, migrations go through the
+ pod network.
+ type: string
+ nodeDrainTaintKey:
+ description: 'NodeDrainTaintKey defines the taint key that
+ indicates a node should be drained. Note: this option relies
+ on the deprecated node taint feature. Default: kubevirt.io/drain'
+ type: string
+ parallelMigrationsPerCluster:
+ description: ParallelMigrationsPerCluster is the total number
+ of concurrent live migrations allowed cluster-wide. Defaults
+ to 5
+ format: int32
+ type: integer
+ parallelOutboundMigrationsPerNode:
+ description: ParallelOutboundMigrationsPerNode is the maximum
+ number of concurrent outgoing live migrations allowed per
+ node. Defaults to 2
+ format: int32
+ type: integer
+ progressTimeout:
+ description: ProgressTimeout is the maximum number of seconds
+ a live migration is allowed to make no progress. Hitting
+ this timeout means a migration transferred 0 data for that
+ many seconds. The migration is then considered stuck and
+ therefore cancelled. Defaults to 150
+ format: int64
+ type: integer
+ unsafeMigrationOverride:
+ description: UnsafeMigrationOverride allows live migrations
+ to occur even if the compatibility check indicates the migration
+ will be unsafe to the guest. Defaults to false
+ type: boolean
+ type: object
+ minCPUModel:
+ type: string
+ network:
+ description: NetworkConfiguration holds network options
+ properties:
+ defaultNetworkInterface:
+ type: string
+ permitBridgeInterfaceOnPodNetwork:
+ type: boolean
+ permitSlirpInterface:
+ type: boolean
+ type: object
+ obsoleteCPUModels:
+ additionalProperties:
+ type: boolean
+ type: object
+ ovmfPath:
+ type: string
+ permittedHostDevices:
+ description: PermittedHostDevices holds information about devices
+ allowed for passthrough
+ properties:
+ mediatedDevices:
+ items:
+ description: MediatedHostDevice represents a host mediated
+ device allowed for passthrough
+ properties:
+ externalResourceProvider:
+ type: boolean
+ mdevNameSelector:
+ type: string
+ resourceName:
+ type: string
+ required:
+ - mdevNameSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ pciHostDevices:
+ items:
+ description: PciHostDevice represents a host PCI device
+ allowed for passthrough
+ properties:
+ externalResourceProvider:
+ description: If true, KubeVirt will leave the allocation
+ and monitoring to an external device plugin
+ type: boolean
+ pciVendorSelector:
+ description: The vendor_id:product_id tuple of the PCI
+ device
+ type: string
+ resourceName:
+ description: The name of the resource that is representing
+ the device. Exposed by a device plugin and requested
+ by VMs. Typically of the form vendor.com/product_nameThe
+ name of the resource that is representing the device.
+ Exposed by a device plugin and requested by VMs. Typically
+ of the form vendor.com/product_name
+ type: string
+ required:
+ - pciVendorSelector
+ - resourceName
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ seccompConfiguration:
+ description: SeccompConfiguration holds Seccomp configuration
+ for Kubevirt components
+ properties:
+ virtualMachineInstanceProfile:
+ description: VirtualMachineInstanceProfile defines what profile
+ should be used with virt-launcher. Defaults to none
+ properties:
+ customProfile:
+ description: CustomProfile allows to request arbitrary
+ profile for virt-launcher
+ properties:
+ localhostProfile:
+ type: string
+ runtimeDefaultProfile:
+ type: boolean
+ type: object
+ type: object
+ type: object
+ selinuxLauncherType:
+ type: string
+ smbios:
+ properties:
+ family:
+ type: string
+ manufacturer:
+ type: string
+ product:
+ type: string
+ sku:
+ type: string
+ version:
+ type: string
+ type: object
+ supportedGuestAgentVersions:
+ description: deprecated
+ items:
+ type: string
+ type: array
+ tlsConfiguration:
+ description: TLSConfiguration holds TLS options
+ properties:
+ ciphers:
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: set
+ minTLSVersion:
+ description: "MinTLSVersion is a way to specify the minimum
+ protocol version that is acceptable for TLS connections.
+ Protocol versions are based on the following most common
+ TLS configurations: \n https://ssl-config.mozilla.org/
+ \n Note that SSLv3.0 is not a supported protocol version
+ due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE"
+ enum:
+ - VersionTLS10
+ - VersionTLS11
+ - VersionTLS12
+ - VersionTLS13
+ type: string
+ type: object
+ virtualMachineInstancesPerNode:
+ type: integer
+ webhookConfiguration:
+ description: ReloadableComponentConfiguration holds all generic
+ k8s configuration options which can be reloaded by components
+ without requiring a restart.
+ properties:
+ restClient:
+ description: RestClient can be used to tune certain aspects
+ of the k8s client in use.
+ properties:
+ rateLimiter:
+ description: RateLimiter allows selecting and configuring
+ different rate limiters for the k8s client.
+ properties:
+ tokenBucketRateLimiter:
+ properties:
+ burst:
+ description: Maximum burst for throttle. If it's
+ zero, the component default will be used
+ type: integer
+ qps:
+ description: QPS indicates the maximum QPS to
+ the apiserver from this client. If it's zero,
+ the component default will be used
+ type: number
+ required:
+ - burst
+ - qps
+ type: object
+ type: object
+ type: object
+ type: object
+ type: object
+ customizeComponents:
+ properties:
+ flags:
+ description: Configure the value used for deployment and daemonset
+ resources
+ properties:
+ api:
+ additionalProperties:
+ type: string
+ type: object
+ controller:
+ additionalProperties:
+ type: string
+ type: object
+ handler:
+ additionalProperties:
+ type: string
+ type: object
+ type: object
+ patches:
+ items:
+ properties:
+ patch:
+ type: string
+ resourceName:
+ minLength: 1
+ type: string
+ resourceType:
+ minLength: 1
+ type: string
+ type:
+ type: string
+ required:
+ - patch
+ - resourceName
+ - resourceType
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ imagePullPolicy:
+ description: The ImagePullPolicy to use.
+ type: string
+ imagePullSecrets:
+ description: The imagePullSecrets to pull the container images from
+ Defaults to none
+ items:
+ description: LocalObjectReference contains enough information to
+ let you locate the referenced object inside the same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?'
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ imageRegistry:
+ description: The image registry to pull the container images from
+ Defaults to the same registry the operator's container image is
+ pulled from.
+ type: string
+ imageTag:
+ description: The image tag to use for the continer images installed.
+ Defaults to the same tag as the operator's container image.
+ type: string
+ infra:
+ description: selectors and tolerations that should apply to KubeVirt
+ infrastructure components
+ properties:
+ nodePlacement:
+ description: nodePlacement describes scheduling configuration
+ for specific KubeVirt components
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed
+ with nodeSelector. affinity is going to be applied to the
+ relevant kind of pods in parallel with nodeSelector See
+ https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term
+ matches all objects with implicit weight 0 (i.e.
+ it's a no-op). A null preferred scheduling term
+ matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to an update), the system may or may not try
+ to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them
+ are ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected,
+ i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity
+ expressions, etc.), compute a sum by iterating through
+ the elements of this field and adding "weight" to
+ the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ anti-affinity requirements specified by this field
+ cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may
+ or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the
+ lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to
+ the relevant kind of pods It specifies a map of key-value
+ pairs: for the pod to be eligible to run on a node, the
+ node must have each of the indicated key-value pairs as
+ labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied
+ to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than
+ default ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified,
+ allowed values are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys. If the
+ key is empty, operator must be Exists; this combination
+ means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints of
+ a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period
+ of time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the
+ taint forever (do not evict). Zero and negative values
+ will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration
+ matches to. If the operator is Exists, the value should
+ be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: 'replicas indicates how many replicas should be created
+ for each KubeVirt infrastructure component (like virt-api or
+ virt-controller). Defaults to 2. WARNING: this is an advanced
+ feature that prevents auto-scaling for core kubevirt components.
+ Please use with caution!'
+ type: integer
+ type: object
+ monitorAccount:
+ description: The name of the Prometheus service account that needs
+ read-access to KubeVirt endpoints Defaults to prometheus-k8s
+ type: string
+ monitorNamespace:
+ description: The namespace Prometheus is deployed in Defaults to openshift-monitor
+ type: string
+ productComponent:
+ description: Designate the apps.kubevirt.io/component label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductComponent is not specified, the component label default
+ value is kubevirt.
+ type: string
+ productName:
+ description: Designate the apps.kubevirt.io/part-of label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductName is not specified, the part-of label will be omitted.
+ type: string
+ productVersion:
+ description: Designate the apps.kubevirt.io/version label for KubeVirt
+ components. Useful if KubeVirt is included as part of a product.
+ If ProductVersion is not specified, KubeVirt's version will be used.
+ type: string
+ serviceMonitorNamespace:
+ description: The namespace the service monitor will be deployed When
+ ServiceMonitorNamespace is set, then we'll install the service monitor
+ object in that namespace otherwise we will use the monitoring namespace.
+ type: string
+ uninstallStrategy:
+ description: Specifies if kubevirt can be deleted if workloads are
+ still present. This is mainly a precaution to avoid accidental data
+ loss
+ type: string
+ workloadUpdateStrategy:
+ description: WorkloadUpdateStrategy defines at the cluster level how
+ to handle automated workload updates
+ properties:
+ batchEvictionInterval:
+ description: "BatchEvictionInterval Represents the interval to
+ wait before issuing the next batch of shutdowns \n Defaults
+ to 1 minute"
+ type: string
+ batchEvictionSize:
+ description: "BatchEvictionSize Represents the number of VMIs
+ that can be forced updated per the BatchShutdownInteral interval
+ \n Defaults to 10"
+ type: integer
+ workloadUpdateMethods:
+ description: "WorkloadUpdateMethods defines the methods that can
+ be used to disrupt workloads during automated workload updates.
+ When multiple methods are present, the least disruptive method
+ takes precedence over more disruptive methods. For example if
+ both LiveMigrate and Shutdown methods are listed, only VMs which
+ are not live migratable will be restarted/shutdown \n An empty
+ list defaults to no automated workload updating"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ workloads:
+ description: selectors and tolerations that should apply to KubeVirt
+ workloads
+ properties:
+ nodePlacement:
+ description: nodePlacement describes scheduling configuration
+ for specific KubeVirt components
+ properties:
+ affinity:
+ description: affinity enables pod affinity/anti-affinity placement
+ expanding the types of constraints that can be expressed
+ with nodeSelector. affinity is going to be applied to the
+ relevant kind of pods in parallel with nodeSelector See
+ https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node matches the corresponding matchExpressions;
+ the node(s) with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term
+ matches all objects with implicit weight 0 (i.e.
+ it's a no-op). A null preferred scheduling term
+ matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to an update), the system may or may not try
+ to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: A null or empty node selector term
+ matches no objects. The requirements of them
+ are ANDed. The TopologySelectorTerm type implements
+ a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: Represents a key's relationship
+ to a set of values. Valid operators
+ are In, NotIn, Exists, DoesNotExist.
+ Gt, and Lt.
+ type: string
+ values:
+ description: An array of string values.
+ If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty.
+ If the operator is Gt or Lt, the
+ values array must have a single
+ element, which will be interpreted
+ as an integer. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions,
+ etc.), compute a sum by iterating through the elements
+ of this field and adding "weight" to the sum if
+ the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ affinity requirements specified by this field cease
+ to be met at some point during pod execution (e.g.
+ due to a pod label update), the system may or may
+ not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes
+ corresponding to each podAffinityTerm are intersected,
+ i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the anti-affinity expressions
+ specified by this field, but it may choose a node
+ that violates one or more of the expressions. The
+ node that is most preferred is the one with the
+ greatest sum of weights, i.e. for each node that
+ meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity
+ expressions, etc.), compute a sum by iterating through
+ the elements of this field and adding "weight" to
+ the sum if the node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest sum
+ are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ This field is beta-level and is only honored
+ when PodAffinityNamespaceSelector feature
+ is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements specified
+ by this field are not met at scheduling time, the
+ pod will not be scheduled onto the node. If the
+ anti-affinity requirements specified by this field
+ cease to be met at some point during pod execution
+ (e.g. due to a pod label update), the system may
+ or may not try to eventually evict the pod from
+ its node. When there are multiple elements, the
+ lists of nodes corresponding to each podAffinityTerm
+ are intersected, i.e. all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the given
+ namespace(s)) that this pod should be co-located
+ (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node
+ whose value of the label with key
+ matches that of any node on which a pod of the
+ set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of resources,
+ in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label query over the set of namespaces
+ that the term applies to. The term is applied
+ to the union of the namespaces selected by
+ this field and the ones listed in the namespaces
+ field. null selector and null or empty namespaces
+ list means "this pod's namespace". An empty
+ selector ({}) matches all namespaces. This
+ field is beta-level and is only honored when
+ PodAffinityNamespaceSelector feature is enabled.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a
+ key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists
+ and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of
+ string values. If the operator is
+ In or NotIn, the values array must
+ be non-empty. If the operator is
+ Exists or DoesNotExist, the values
+ array must be empty. This array
+ is replaced during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ description: namespaces specifies a static list
+ of namespace names that the term applies to.
+ The term is applied to the union of the namespaces
+ listed in this field and the ones selected
+ by namespaceSelector. null or empty namespaces
+ list and null namespaceSelector means "this
+ pod's namespace"
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located (affinity)
+ or not co-located (anti-affinity) with the
+ pods matching the labelSelector in the specified
+ namespaces, where co-located is defined as
+ running on a node whose value of the label
+ with key topologyKey matches that of any node
+ on which any of the selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'nodeSelector is the node selector applied to
+ the relevant kind of pods It specifies a map of key-value
+ pairs: for the pod to be eligible to run on a node, the
+ node must have each of the indicated key-value pairs as
+ labels (it can have additional labels as well). See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector'
+ type: object
+ tolerations:
+ description: tolerations is a list of tolerations applied
+ to the relevant kind of pods See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ for more info. These are additional tolerations other than
+ default ones.
+ items:
+ description: The pod this Toleration is attached to tolerates
+ any taint that matches the triple using
+ the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to match.
+ Empty means match all taint effects. When specified,
+ allowed values are NoSchedule, PreferNoSchedule and
+ NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys. If the
+ key is empty, operator must be Exists; this combination
+ means to match all values and all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints of
+ a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period
+ of time the toleration (which must be of effect NoExecute,
+ otherwise this field is ignored) tolerates the taint.
+ By default, it is not set, which means tolerate the
+ taint forever (do not evict). Zero and negative values
+ will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration
+ matches to. If the operator is Exists, the value should
+ be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ replicas:
+ description: 'replicas indicates how many replicas should be created
+ for each KubeVirt infrastructure component (like virt-api or
+ virt-controller). Defaults to 2. WARNING: this is an advanced
+ feature that prevents auto-scaling for core kubevirt components.
+ Please use with caution!'
+ type: integer
+ type: object
+ type: object
+ status:
+ description: KubeVirtStatus represents information pertaining to a KubeVirt
+ deployment.
+ properties:
+ conditions:
+ items:
+ description: KubeVirtCondition represents a condition of a KubeVirt
+ deployment
+ properties:
+ lastProbeTime:
+ format: date-time
+ nullable: true
+ type: string
+ lastTransitionTime:
+ format: date-time
+ nullable: true
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ generations:
+ items:
+ description: GenerationStatus keeps track of the generation for
+ a given resource so that decisions about forced updates can be
+ made.
+ properties:
+ group:
+ description: group is the group of the thing you're tracking
+ type: string
+ hash:
+ description: hash is an optional field set for resources without
+ generation that are content sensitive like secrets and configmaps
+ type: string
+ lastGeneration:
+ description: lastGeneration is the last generation of the workload
+ controller involved
+ format: int64
+ type: integer
+ name:
+ description: name is the name of the thing you're tracking
+ type: string
+ namespace:
+ description: namespace is where the thing you're tracking is
+ type: string
+ resource:
+ description: resource is the resource type of the thing you're
+ tracking
+ type: string
+ required:
+ - group
+ - lastGeneration
+ - name
+ - resource
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ observedDeploymentConfig:
+ type: string
+ observedDeploymentID:
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ observedKubeVirtRegistry:
+ type: string
+ observedKubeVirtVersion:
+ type: string
+ operatorVersion:
+ type: string
+ outdatedVirtualMachineInstanceWorkloads:
+ type: integer
+ phase:
+ description: KubeVirtPhase is a label for the phase of a KubeVirt
+ deployment at the current time.
+ type: string
+ targetDeploymentConfig:
+ type: string
+ targetDeploymentID:
+ type: string
+ targetKubeVirtRegistry:
+ type: string
+ targetKubeVirtVersion:
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
\ No newline at end of file
diff --git a/kubevirt/kubevirt-operator-rbac.yaml b/kubevirt/kubevirt-operator-rbac.yaml
new file mode 100644
index 0000000..c7b3f07
--- /dev/null
+++ b/kubevirt/kubevirt-operator-rbac.yaml
@@ -0,0 +1,1197 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: kubevirt.io:operator
+ labels:
+ operator.kubevirt.io: ""
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+ - apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+ namespace: kubevirt
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+ namespace: kubevirt
+rules:
+- apiGroups:
+ - ""
+ resourceNames:
+ - kubevirt-ca
+ - kubevirt-export-ca
+ - kubevirt-virt-handler-certs
+ - kubevirt-virt-handler-server-certs
+ - kubevirt-operator-certs
+ - kubevirt-virt-api-certs
+ - kubevirt-controller-certs
+ - kubevirt-exportproxy-certs
+ resources:
+ - secrets
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+ - delete
+- apiGroups:
+ - route.openshift.io
+ resources:
+ - routes
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+ - delete
+- apiGroups:
+ - route.openshift.io
+ resources:
+ - routes/custom-host
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator-rolebinding
+ namespace: kubevirt
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kubevirt-operator
+subjects:
+- kind: ServiceAccount
+ name: kubevirt-operator
+ namespace: kubevirt
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+rules:
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+ - update
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ - services
+ - endpoints
+ - pods/exec
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - patch
+ - delete
+- apiGroups:
+ - batch
+ resources:
+ - jobs
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ verbs:
+ - watch
+ - list
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - daemonsets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterroles
+ - clusterrolebindings
+ - roles
+ - rolebindings
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+ - update
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - patch
+- apiGroups:
+ - security.openshift.io
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+- apiGroups:
+ - security.openshift.io
+ resourceNames:
+ - privileged
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - security.openshift.io
+ resourceNames:
+ - kubevirt-handler
+ - kubevirt-controller
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - delete
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - update
+ - patch
+- apiGroups:
+ - apiregistration.k8s.io
+ resources:
+ - apiservices
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - update
+ - patch
+- apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - servicemonitors
+ - prometheusrules
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - delete
+ - update
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups:
+ - flavor.kubevirt.io
+ resources:
+ - virtualmachineflavors
+ - virtualmachineclusterflavors
+ - virtualmachinepreferences
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - delete
+ - patch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines/status
+ verbs:
+ - patch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachineinstancemigrations
+ verbs:
+ - create
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachineinstancepresets
+ verbs:
+ - watch
+ - list
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - limitranges
+ verbs:
+ - watch
+ - list
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinerestores
+ - virtualmachinesnapshotcontents
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - datasources
+ - datavolumes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - instancetype.kubevirt.io
+ resources:
+ - virtualmachineinstancetypes
+ - virtualmachineclusterinstancetypes
+ - virtualmachinepreferences
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ verbs:
+ - create
+ - list
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - patch
+- apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - configmaps
+ - endpoints
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - delete
+ - update
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - update
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - pods/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods/eviction
+ verbs:
+ - create
+- apiGroups:
+ - ""
+ resources:
+ - pods/status
+ verbs:
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+- apiGroups:
+ - apps
+ resources:
+ - daemonsets
+ verbs:
+ - list
+- apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ verbs:
+ - watch
+ - list
+ - create
+ - delete
+ - get
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - persistentvolumeclaims
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+ - patch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - export.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ - virtualmachinepools/finalizers
+ - virtualmachinepools/status
+ - virtualmachinepools/scale
+ verbs:
+ - watch
+ - list
+ - create
+ - delete
+ - update
+ - patch
+ - get
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/addvolume
+ - virtualmachineinstances/removevolume
+ - virtualmachineinstances/freeze
+ - virtualmachineinstances/unfreeze
+ - virtualmachineinstances/softreboot
+ - virtualmachineinstances/addinterface
+ verbs:
+ - update
+- apiGroups:
+ - cdi.kubevirt.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - k8s.cni.cncf.io
+ resources:
+ - network-attachment-definitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - volumesnapshotclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - snapshot.storage.k8s.io
+ resources:
+ - volumesnapshots
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - instancetype.kubevirt.io
+ resources:
+ - virtualmachineinstancetypes
+ - virtualmachineclusterinstancetypes
+ - virtualmachinepreferences
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - clone.kubevirt.io
+ resources:
+ - virtualmachineclones
+ - virtualmachineclones/status
+ - virtualmachineclones/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+- apiGroups:
+ - route.openshift.io
+ resources:
+ - routes
+ verbs:
+ - list
+ - get
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - list
+ - get
+ - watch
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ verbs:
+ - list
+ - get
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachineinstances
+ verbs:
+ - update
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - patch
+ - list
+ - watch
+ - get
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - export.kubevirt.io
+ resources:
+ - virtualmachineexports
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resourceNames:
+ - kubevirt-export-ca
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - version
+ - guestfs
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/console
+ - virtualmachineinstances/vnc
+ - virtualmachineinstances/vnc/screenshot
+ - virtualmachineinstances/portforward
+ - virtualmachineinstances/guestosinfo
+ - virtualmachineinstances/filesystemlist
+ - virtualmachineinstances/userlist
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/pause
+ - virtualmachineinstances/unpause
+ - virtualmachineinstances/addvolume
+ - virtualmachineinstances/removevolume
+ - virtualmachineinstances/freeze
+ - virtualmachineinstances/unfreeze
+ - virtualmachineinstances/softreboot
+ - virtualmachineinstances/addinterface
+ verbs:
+ - update
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/expand-spec
+ - virtualmachines/portforward
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/start
+ - virtualmachines/stop
+ - virtualmachines/restart
+ - virtualmachines/addvolume
+ - virtualmachines/removevolume
+ - virtualmachines/migrate
+ - virtualmachines/memorydump
+ - virtualmachines/addinterface
+ verbs:
+ - update
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - expand-vm-spec
+ verbs:
+ - update
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ - virtualmachineinstancepresets
+ - virtualmachineinstancereplicasets
+ - virtualmachineinstancemigrations
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinesnapshotcontents
+ - virtualmachinerestores
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - export.kubevirt.io
+ resources:
+ - virtualmachineexports
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - clone.kubevirt.io
+ resources:
+ - virtualmachineclones
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - instancetype.kubevirt.io
+ resources:
+ - virtualmachineinstancetypes
+ - virtualmachineclusterinstancetypes
+ - virtualmachinepreferences
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+ - deletecollection
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/console
+ - virtualmachineinstances/vnc
+ - virtualmachineinstances/vnc/screenshot
+ - virtualmachineinstances/portforward
+ - virtualmachineinstances/guestosinfo
+ - virtualmachineinstances/filesystemlist
+ - virtualmachineinstances/userlist
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachineinstances/pause
+ - virtualmachineinstances/unpause
+ - virtualmachineinstances/addvolume
+ - virtualmachineinstances/removevolume
+ - virtualmachineinstances/freeze
+ - virtualmachineinstances/unfreeze
+ - virtualmachineinstances/softreboot
+ - virtualmachineinstances/addinterface
+ verbs:
+ - update
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/expand-spec
+ - virtualmachines/portforward
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/start
+ - virtualmachines/stop
+ - virtualmachines/restart
+ - virtualmachines/addvolume
+ - virtualmachines/removevolume
+ - virtualmachines/migrate
+ - virtualmachines/memorydump
+ - virtualmachines/addinterface
+ verbs:
+ - update
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - expand-vm-spec
+ verbs:
+ - update
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ - virtualmachineinstancepresets
+ - virtualmachineinstancereplicasets
+ - virtualmachineinstancemigrations
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinesnapshotcontents
+ - virtualmachinerestores
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - export.kubevirt.io
+ resources:
+ - virtualmachineexports
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - clone.kubevirt.io
+ resources:
+ - virtualmachineclones
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - instancetype.kubevirt.io
+ resources:
+ - virtualmachineinstancetypes
+ - virtualmachineclusterinstancetypes
+ - virtualmachinepreferences
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ verbs:
+ - get
+ - delete
+ - create
+ - update
+ - patch
+ - list
+ - watch
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - kubevirts
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - virtualmachines/expand-spec
+ - virtualmachineinstances/guestosinfo
+ - virtualmachineinstances/filesystemlist
+ - virtualmachineinstances/userlist
+ verbs:
+ - get
+- apiGroups:
+ - subresources.kubevirt.io
+ resources:
+ - expand-vm-spec
+ verbs:
+ - update
+- apiGroups:
+ - kubevirt.io
+ resources:
+ - virtualmachines
+ - virtualmachineinstances
+ - virtualmachineinstancepresets
+ - virtualmachineinstancereplicasets
+ - virtualmachineinstancemigrations
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - snapshot.kubevirt.io
+ resources:
+ - virtualmachinesnapshots
+ - virtualmachinesnapshotcontents
+ - virtualmachinerestores
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - export.kubevirt.io
+ resources:
+ - virtualmachineexports
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - clone.kubevirt.io
+ resources:
+ - virtualmachineclones
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - instancetype.kubevirt.io
+ resources:
+ - virtualmachineinstancetypes
+ - virtualmachineclusterinstancetypes
+ - virtualmachinepreferences
+ - virtualmachineclusterpreferences
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - pool.kubevirt.io
+ resources:
+ - virtualmachinepools
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - migrations.kubevirt.io
+ resources:
+ - migrationpolicies
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ kubevirt.io: ""
+ name: kubevirt-operator
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kubevirt-operator
+subjects:
+- kind: ServiceAccount
+ name: kubevirt-operator
+ namespace: kubevirt
+
+---
\ No newline at end of file
diff --git a/kubevirt/kubevirt-operator.yaml b/kubevirt/kubevirt-operator.yaml
new file mode 100644
index 0000000..b797347
--- /dev/null
+++ b/kubevirt/kubevirt-operator.yaml
@@ -0,0 +1,111 @@
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+ name: kubevirt-cluster-critical
+value: 1000000000
+globalDefault: false
+description: "This priority class should be used for core kubevirt components only."
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ kubevirt.io: virt-operator
+ name: virt-operator
+ namespace: kubevirt
+spec:
+ replicas: 2
+ selector:
+ matchLabels:
+ kubevirt.io: virt-operator
+ strategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ kubevirt.io: virt-operator
+ name: virt-operator
+ prometheus.kubevirt.io: "true"
+ name: virt-operator
+ spec:
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: kubevirt.io
+ operator: In
+ values:
+ - virt-operator
+ topologyKey: kubernetes.io/hostname
+ weight: 1
+ containers:
+ - args:
+ - --port
+ - "8443"
+ - -v
+ - "2"
+ command:
+ - virt-operator
+ env:
+ - name: VIRT_OPERATOR_IMAGE
+ value: quay.io/kubevirt/virt-operator:v0.60.0-alpha.0
+ - name: WATCH_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.annotations['olm.targetNamespaces']
+ - name: KUBEVIRT_VERSION
+ value: v0.60.0-alpha.0
+ image: quay.io/kubevirt/virt-operator:v0.60.0-alpha.0
+ imagePullPolicy: IfNotPresent
+ name: virt-operator
+ ports:
+ - containerPort: 8443
+ name: metrics
+ protocol: TCP
+ - containerPort: 8444
+ name: webhooks
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: 8443
+ scheme: HTTPS
+ initialDelaySeconds: 5
+ timeoutSeconds: 10
+ resources:
+ requests:
+ cpu: 10m
+ memory: 450Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ seccompProfile:
+ type: RuntimeDefault
+ volumeMounts:
+ - mountPath: /etc/virt-operator/certificates
+ name: kubevirt-operator-certs
+ readOnly: true
+ - mountPath: /profile-data
+ name: profile-data
+ nodeSelector:
+ kubernetes.io/os: linux
+ priorityClassName: kubevirt-cluster-critical
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ serviceAccountName: kubevirt-operator
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+ volumes:
+ - name: kubevirt-operator-certs
+ secret:
+ optional: true
+ secretName: kubevirt-operator-certs
+ - emptyDir: {}
+ name: profile-data
diff --git a/kubevirt/kubevirt.yaml b/kubevirt/kubevirt.yaml
new file mode 100644
index 0000000..986357c
--- /dev/null
+++ b/kubevirt/kubevirt.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: kubevirt.io/v1
+kind: KubeVirt
+metadata:
+ name: kubevirt
+ namespace: kubevirt
+spec:
+ certificateRotateStrategy: {}
+ configuration:
+ developerConfiguration:
+ featureGates: []
+ customizeComponents: {}
+ imagePullPolicy: IfNotPresent
+ workloadUpdateStrategy: {}
\ No newline at end of file
diff --git a/kubevirt/namespace.yaml b/kubevirt/namespace.yaml
new file mode 100644
index 0000000..78640f4
--- /dev/null
+++ b/kubevirt/namespace.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: kubevirt
+ labels:
+ prometheus: prometheus
+ kubevirt.io: ""
+ pod-security.kubernetes.io/enforce: "privileged"
\ No newline at end of file
diff --git a/logging/.DS_Store b/logging/.DS_Store
new file mode 100644
index 0000000..5008ddf
Binary files /dev/null and b/logging/.DS_Store differ
diff --git a/logging/README.md b/logging/README.md
new file mode 100644
index 0000000..0a401ac
--- /dev/null
+++ b/logging/README.md
@@ -0,0 +1,28 @@
+# logging
+## beats, elasticsearch, kibana
+
+jeez...
+
+beats collects logs and sends them to logstash
+(fluentd or fluentbit would be an elternative)
+
+logstash is the database that stores the data
+
+elasticsearch is the search engine for the data
+
+kibana is the web interface for elasticsearch
+
+there are multiple ways to deploy all of that
+the most k8 way is ECK (elastic cloud on kubernetes)
+ECK is a operator and CRDs (like rook)
+it includes crds for beats, elasticsearch and kibana
+
+BUT NOT LOGSTASH!
+ logstash might not be needed if one uses filebeat (part of beats) ???
+
+
+improvements:
+get working!
+metrics
+liveness probes
+resource limits
\ No newline at end of file
diff --git a/logging/beats.yaml b/logging/beats.yaml
new file mode 100644
index 0000000..18c1e1b
--- /dev/null
+++ b/logging/beats.yaml
@@ -0,0 +1,329 @@
+---
+apiVersion: beat.k8s.elastic.co/v1beta1
+kind: Beat
+metadata:
+ name: metricbeat
+ namespace: logging
+spec:
+ type: metricbeat
+ version: 8.5.0
+ elasticsearchRef:
+ name: cluster
+ kibanaRef:
+ name: kibana
+ config:
+ metricbeat:
+ autodiscover:
+ providers:
+ - hints:
+ default_config: {}
+ enabled: "true"
+ node: ${NODE_NAME}
+ type: kubernetes
+ modules:
+ - module: system
+ period: 10s
+ metricsets:
+ - cpu
+ - load
+ - memory
+ - network
+ - process
+ - process_summary
+ process:
+ include_top_n:
+ by_cpu: 5
+ by_memory: 5
+ processes:
+ - .*
+ - module: system
+ period: 1m
+ metricsets:
+ - filesystem
+ - fsstat
+ processors:
+ - drop_event:
+ when:
+ regexp:
+ system:
+ filesystem:
+ mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib)($|/)
+ - module: kubernetes
+ period: 10s
+ node: ${NODE_NAME}
+ hosts:
+ - https://${NODE_NAME}:10250
+ bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
+ ssl:
+ verification_mode: none
+ metricsets:
+ - node
+ - system
+ - pod
+ - container
+ - volume
+ processors:
+ - add_cloud_metadata: {}
+ - add_host_metadata: {}
+ daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: metricbeat
+ automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
+ containers:
+ - args:
+ - -e
+ - -c
+ - /etc/beat.yml
+ - -system.hostfs=/hostfs
+ name: metricbeat
+ volumeMounts:
+ - mountPath: /hostfs/sys/fs/cgroup
+ name: cgroup
+ - mountPath: /var/run/docker.sock
+ name: dockersock
+ - mountPath: /hostfs/proc
+ name: proc
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true # Allows to provide richer host metadata
+ securityContext:
+ runAsUser: 0
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - hostPath:
+ path: /sys/fs/cgroup
+ name: cgroup
+ - hostPath:
+ path: /var/run/docker.sock
+ name: dockersock
+ - hostPath:
+ path: /proc
+ name: proc
+---
+# permissions needed for metricbeat
+# source: https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-module-kubernetes.html
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: metricbeat
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ - namespaces
+ - events
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - "extensions"
+ resources:
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ - deployments
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - nodes/stats
+ verbs:
+ - get
+- nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: metricbeat
+ namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: metricbeat
+subjects:
+- kind: ServiceAccount
+ name: metricbeat
+ namespace: default
+roleRef:
+ kind: ClusterRole
+ name: metricbeat
+ apiGroup: rbac.authorization.k8s.io
+---
+
+
+
+
+
+---
+apiVersion: beat.k8s.elastic.co/v1beta1
+kind: Beat
+metadata:
+ name: filebeat
+spec:
+ type: filebeat
+ version: 8.5.0
+ elasticsearchRef:
+ name: elasticsearch
+ kibanaRef:
+ name: kibana
+ config:
+ filebeat:
+ autodiscover:
+ providers:
+ - type: kubernetes
+ node: ${NODE_NAME}
+ hints:
+ enabled: true
+ default_config:
+ type: container
+ paths:
+ - /var/log/containers/*${data.kubernetes.container.id}.log
+ processors:
+ - add_cloud_metadata: {}
+ - add_host_metadata: {}
+ daemonSet:
+ podTemplate:
+ spec:
+ serviceAccountName: filebeat
+ automountServiceAccountToken: true
+ terminationGracePeriodSeconds: 30
+ dnsPolicy: ClusterFirstWithHostNet
+ hostNetwork: true # Allows to provide richer host metadata
+ containers:
+ - name: filebeat
+ securityContext:
+ runAsUser: 0
+ # If using Red Hat OpenShift uncomment this:
+ #privileged: true
+ volumeMounts:
+ - name: varlogcontainers
+ mountPath: /var/log/containers
+ - name: varlogpods
+ mountPath: /var/log/pods
+ - name: varlibdockercontainers
+ mountPath: /var/lib/docker/containers
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ volumes:
+ - name: varlogcontainers
+ hostPath:
+ path: /var/log/containers
+ - name: varlogpods
+ hostPath:
+ path: /var/log/pods
+ - name: varlibdockercontainers
+ hostPath:
+ path: /var/lib/docker/containers
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: filebeat
+rules:
+- apiGroups: [""] # "" indicates the core API group
+ resources:
+ - namespaces
+ - pods
+ - nodes
+ verbs:
+ - get
+ - watch
+ - list
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: filebeat
+ namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: filebeat
+subjects:
+- kind: ServiceAccount
+ name: filebeat
+ namespace: default
+roleRef:
+ kind: ClusterRole
+ name: filebeat
+ apiGroup: rbac.authorization.k8s.io
+---
+
+
+
+
+
+
+---
+apiVersion: beat.k8s.elastic.co/v1beta1
+kind: Beat
+metadata:
+ name: journalbeat
+ namespace: logging
+spec:
+ type: journalbeat
+ version: 7.15.2 # last release of Journalbeat
+ elasticsearchRef:
+ name: cluster
+ config:
+ journalbeat.inputs:
+ - paths: []
+ seek: cursor
+ cursor_seek_fallback: tail
+ processors:
+ - add_cloud_metadata: {}
+ - add_host_metadata: {}
+ daemonSet:
+ podTemplate:
+ spec:
+ automountServiceAccountToken: true # some older Beat versions are depending on this settings presence in k8s context
+ dnsPolicy: ClusterFirstWithHostNet
+ containers:
+ - name: journalbeat
+ volumeMounts:
+ - mountPath: /var/log/journal
+ name: var-journal
+ - mountPath: /run/log/journal
+ name: run-journal
+ - mountPath: /etc/machine-id
+ name: machine-id
+ hostNetwork: true # Allows to provide richer host metadata
+ securityContext:
+ runAsUser: 0
+ terminationGracePeriodSeconds: 30
+ volumes:
+ - hostPath:
+ path: /var/log/journal
+ name: var-journal
+ - hostPath:
+ path: /run/log/journal
+ name: run-journal
+ - hostPath:
+ path: /etc/machine-id
+ name: machine-id
\ No newline at end of file
diff --git a/logging/configmaps.yaml b/logging/configmaps.yaml
new file mode 100644
index 0000000..0d8fc76
--- /dev/null
+++ b/logging/configmaps.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: logstash-configmap
+ namespace: logging
+data:
+ logstash.yml: |
+ http.host: "0.0.0.0"
+ path.config: /usr/share/logstash/pipeline
+ logstash.conf: |
+ # all input will come from filebeat, no local logs
+ input {
+ beats {
+ port => 5044
+ }
+ }
+ filter {
+ }
+ output {
+ elasticsearch {
+ index => "logstash-%{[@metadata][beat]}"
+ hosts => [ "${ES_HOSTS}" ]
+ user => "${ES_USER}"
+ password => "${ES_PASSWORD}"
+ cacert => '/etc/logstash/certificates/ca.crt'
+ }
+ }
\ No newline at end of file
diff --git a/logging/crds.yaml b/logging/crds.yaml
new file mode 100644
index 0000000..541fed0
--- /dev/null
+++ b/logging/crds.yaml
@@ -0,0 +1,5185 @@
+# Source: eck-operator-crds/templates/all-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ app.kubernetes.io/instance: 'elastic-operator'
+ app.kubernetes.io/name: 'eck-operator-crds'
+ app.kubernetes.io/version: '2.6.1'
+ name: agents.agent.k8s.elastic.co
+spec:
+ group: agent.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Agent
+ listKind: AgentList
+ plural: agents
+ shortNames:
+ - agent
+ singular: agent
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: available
+ type: integer
+ - description: Expected nodes
+ jsonPath: .status.expectedNodes
+ name: expected
+ type: integer
+ - description: Agent version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Agent is the Schema for the Agents API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AgentSpec defines the desired state of the Agent
+ properties:
+ config:
+ description: Config holds the Agent configuration. At most one of [`Config`, `ConfigRef`] can be specified.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: ConfigRef contains a reference to an existing Kubernetes Secret holding the Agent configuration. Agent settings must be specified as yaml, under a single "agent.yml" entry. At most one of [`Config`, `ConfigRef`] can be specified.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ daemonSet:
+ description: DaemonSet specifies the Agent should be deployed as a DaemonSet, and allows providing its spec. Cannot be used along with `deployment`.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ updateStrategy:
+ description: DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
+ properties:
+ rollingUpdate:
+ description: 'Rolling update config params. Present only if type = "RollingUpdate". --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345'
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption.'
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ deployment:
+ description: Deployment specifies the Agent should be deployed as a Deployment, and allows providing its spec. Cannot be used along with `daemonSet`.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ replicas:
+ format: int32
+ type: integer
+ strategy:
+ description: DeploymentStrategy describes how to replace existing pods with new ones.
+ properties:
+ rollingUpdate:
+ description: 'Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.'
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.'
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ elasticsearchRefs:
+ description: ElasticsearchRefs is a reference to a list of Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single ES cluster is currently supported.
+ items:
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ outputName:
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ fleetServerEnabled:
+ description: FleetServerEnabled determines whether this Agent will launch Fleet Server. Don't set unless `mode` is set to `fleet`.
+ type: boolean
+ fleetServerRef:
+ description: FleetServerRef is a reference to Fleet Server that this Agent should connect to to obtain it's configuration. Don't set unless `mode` is set to `fleet`.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for the Agent in Fleet mode with Fleet Server enabled.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ clusterIPs:
+ description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field."
+ items:
+ description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Agent Docker image to deploy. Version has to match the Agent in the image.
+ type: string
+ kibanaRef:
+ description: KibanaRef is a reference to Kibana where Fleet should be set up and this Agent should be enrolled. Don't set unless `mode` is set to `fleet`.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ mode:
+ description: Mode specifies the source of configuration for the Agent. The configuration can be specified locally through `config` or `configRef` (`standalone` mode), or come from Fleet during runtime (`fleet` mode). Defaults to `standalone` mode.
+ enum:
+ - standalone
+ - fleet
+ type: string
+ policyID:
+ description: PolicyID optionally determines into which Agent Policy this Agent will be enrolled. If left empty the default policy will be used.
+ type: string
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain to allow rollback in the underlying DaemonSet or Deployment.
+ format: int32
+ type: integer
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Agent. Secrets data can be then referenced in the Agent config using the Secret's keys or as specified in `Entries` field of each SecureSetting.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current resource to an Elasticsearch resource in a different namespace. Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of the Agent.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: AgentStatus defines the observed state of the Agent
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ elasticsearchAssociationsStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that have a single Association of a given type (for ex. single ES reference), this map contains a single entry.
+ type: object
+ expectedNodes:
+ format: int32
+ type: integer
+ fleetServerAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ health:
+ type: string
+ kibanaAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the most recent generation observed for this Elastic Agent. It corresponds to the metadata generation, which is updated on mutation by the API Server. If the generation observed in status diverges from the generation in metadata, the Elastic Agent controller has not yet processed the changes contained in the Elastic Agent specification.
+ format: int64
+ type: integer
+ version:
+ description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.'
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+# Source: eck-operator-crds/templates/all-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ app.kubernetes.io/instance: 'elastic-operator'
+ app.kubernetes.io/name: 'eck-operator-crds'
+ app.kubernetes.io/version: '2.6.1'
+ name: apmservers.apm.k8s.elastic.co
+spec:
+ group: apm.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: ApmServer
+ listKind: ApmServerList
+ plural: apmservers
+ shortNames:
+ - apm
+ singular: apmserver
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: APM version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: ApmServer represents an APM Server resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ApmServerSpec holds the specification of an APM Server.
+ properties:
+ config:
+ description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of APM Server instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the output Elasticsearch cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for the APM Server resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ clusterIPs:
+ description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field."
+ items:
+ description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the APM Server Docker image to deploy.
+ type: string
+ kibanaRef:
+ description: KibanaRef is a reference to a Kibana instance running in the same Kubernetes cluster. It allows APM agent central configuration management in Kibana.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the APM Server pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for APM Server.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of the APM Server.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: ApmServerStatus defines the observed state of ApmServer
+ properties:
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ elasticsearchAssociationStatus:
+ description: ElasticsearchAssociationStatus is the status of any auto-linking to Elasticsearch clusters.
+ type: string
+ health:
+ description: Health of the deployment.
+ type: string
+ kibanaAssociationStatus:
+ description: KibanaAssociationStatus is the status of any auto-linking to Kibana.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration represents the .metadata.generation that the status is based upon. It corresponds to the metadata generation, which is updated on mutation by the API Server. If the generation observed in status diverges from the generation in metadata, the APM Server controller has not yet processed the changes contained in the APM Server specification.
+ format: int64
+ type: integer
+ secretTokenSecret:
+ description: SecretTokenSecretName is the name of the Secret that contains the secret token
+ type: string
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ service:
+ description: ExternalService is the name of the service the agents should connect to.
+ type: string
+ version:
+ description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.'
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: APM version
+ jsonPath: .spec.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ApmServer represents an APM Server resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ApmServerSpec holds the specification of an APM Server.
+ properties:
+ config:
+ description: 'Config holds the APM Server configuration. See: https://www.elastic.co/guide/en/apm/server/current/configuring-howto-apm-server.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of APM Server instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the output Elasticsearch cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for the APM Server resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ clusterIPs:
+ description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field."
+ items:
+ description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the APM Server Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the APM Server pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for APM Server.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ version:
+ description: Version of the APM Server.
+ type: string
+ type: object
+ status:
+ description: ApmServerStatus defines the observed state of ApmServer
+ properties:
+ associationStatus:
+ description: Association is the status of any auto-linking to Elasticsearch clusters.
+ type: string
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: ApmServerHealth expresses the status of the Apm Server instances.
+ type: string
+ secretTokenSecret:
+ description: SecretTokenSecretName is the name of the Secret that contains the secret token
+ type: string
+ service:
+ description: ExternalService is the name of the service the agents should connect to.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: to not break compatibility when upgrading from previous versions of the CRD
+ type: object
+ served: false
+ storage: false
+---
+# Source: eck-operator-crds/templates/all-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ app.kubernetes.io/instance: 'elastic-operator'
+ app.kubernetes.io/name: 'eck-operator-crds'
+ app.kubernetes.io/version: '2.6.1'
+ name: beats.beat.k8s.elastic.co
+spec:
+ group: beat.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Beat
+ listKind: BeatList
+ plural: beats
+ shortNames:
+ - beat
+ singular: beat
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: available
+ type: integer
+ - description: Expected nodes
+ jsonPath: .status.expectedNodes
+ name: expected
+ type: integer
+ - description: Beat type
+ jsonPath: .spec.type
+ name: type
+ type: string
+ - description: Beat version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Beat is the Schema for the Beats API.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: BeatSpec defines the desired state of a Beat.
+ properties:
+ config:
+ description: Config holds the Beat configuration. At most one of [`Config`, `ConfigRef`] can be specified.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: ConfigRef contains a reference to an existing Kubernetes Secret holding the Beat configuration. Beat settings must be specified as yaml, under a single "beat.yml" entry. At most one of [`Config`, `ConfigRef`] can be specified.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ daemonSet:
+ description: DaemonSet specifies the Beat should be deployed as a DaemonSet, and allows providing its spec. Cannot be used along with `deployment`. If both are absent a default for the Type is used.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ updateStrategy:
+ description: DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
+ properties:
+ rollingUpdate:
+ description: 'Rolling update config params. Present only if type = "RollingUpdate". --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be. Same as Deployment `strategy.rollingUpdate`. See https://github.com/kubernetes/kubernetes/issues/35345'
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of nodes with an existing available DaemonSet pod that can have an updated DaemonSet pod during during an update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up to a minimum of 1. Default value is 0. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their a new pod created before the old pod is marked as deleted. The update starts by launching new pods on 30% of nodes. Once an updated pod is available (Ready for at least minReadySeconds) the old DaemonSet pod on that node is marked deleted. If the old pod becomes unavailable for any reason (Ready transitions to false, is evicted, or is drained) an updated pod is immediatedly created on that node without considering surge limits. Allowing surge implies the possibility that the resources consumed by the daemonset on any given node can double if the readiness check fails, and so resource intensive daemonsets should take into account that they may cause evictions during disruption.'
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of DaemonSet pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total number of DaemonSet pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up. This cannot be 0 if MaxSurge is 0 Default value is 1. Example: when this is set to 30%, at most 30% of the total number of nodes that should be running the daemon pod (i.e. status.desiredNumberScheduled) can have their pods stopped for an update at any given time. The update starts by stopping at most 30% of those DaemonSet pods and then brings up new DaemonSet pods in their place. Once the new pods are available, it then proceeds onto other DaemonSet pods, thus ensuring that at least 70% of original number of DaemonSet pods are available at all times during the update.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ deployment:
+ description: Deployment specifies the Beat should be deployed as a Deployment, and allows providing its spec. Cannot be used along with `daemonSet`. If both are absent a default for the Type is used.
+ properties:
+ podTemplate:
+ description: PodTemplateSpec describes the data a pod should have when created from a template
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ replicas:
+ format: int32
+ type: integer
+ strategy:
+ description: DeploymentStrategy describes how to replace existing pods with new ones.
+ properties:
+ rollingUpdate:
+ description: 'Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.'
+ properties:
+ maxSurge:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.'
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.'
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
+ type: string
+ type: object
+ type: object
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ image:
+ description: Image is the Beat Docker image to deploy. Version and Type have to match the Beat in the image.
+ type: string
+ kibanaRef:
+ description: KibanaRef is a reference to a Kibana instance running in the same Kubernetes cluster. It allows automatic setup of dashboards and visualizations.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ monitoring:
+ description: Monitoring enables you to collect and ship logs and metrics for this Beat. Metricbeat and/or Filebeat sidecars are configured and send monitoring data to an Elasticsearch monitoring cluster running in the same Kubernetes cluster.
+ properties:
+ logs:
+ description: Logs holds references to Elasticsearch clusters which receive log data from an associated resource.
+ properties:
+ elasticsearchRefs:
+ description: ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ metrics:
+ description: Metrics holds references to Elasticsearch clusters which receive monitoring data from this resource.
+ properties:
+ elasticsearchRefs:
+ description: ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain to allow rollback in the underlying DaemonSet or Deployment.
+ format: int32
+ type: integer
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes Secrets containing sensitive configuration options for the Beat. Secrets data can be then referenced in the Beat config using the Secret's keys or as specified in `Entries` field of each SecureSetting.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current resource to Elasticsearch resource in a different namespace. Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ type:
+ description: Type is the type of the Beat to deploy (filebeat, metricbeat, heartbeat, auditbeat, journalbeat, packetbeat, and so on). Any string can be used, but well-known types will have the image field defaulted and have the appropriate Elasticsearch roles created automatically. It also allows for dashboard setup when combined with a `KibanaRef`.
+ maxLength: 20
+ pattern: '[a-zA-Z0-9-]+'
+ type: string
+ version:
+ description: Version of the Beat.
+ type: string
+ required:
+ - type
+ - version
+ type: object
+ status:
+ description: BeatStatus defines the observed state of a Beat.
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ elasticsearchAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ expectedNodes:
+ format: int32
+ type: integer
+ health:
+ type: string
+ kibanaAssociationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ monitoringAssociationStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that have a single Association of a given type (for ex. single ES reference), this map contains a single entry.
+ type: object
+ observedGeneration:
+ description: ObservedGeneration represents the .metadata.generation that the status is based upon. It corresponds to the metadata generation, which is updated on mutation by the API Server. If the generation observed in status diverges from the generation in metadata, the Beats controller has not yet processed the changes contained in the Beats specification.
+ format: int64
+ type: integer
+ version:
+ description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.'
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+# Source: eck-operator-crds/templates/all-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ app.kubernetes.io/instance: 'elastic-operator'
+ app.kubernetes.io/name: 'eck-operator-crds'
+ app.kubernetes.io/version: '2.6.1'
+ name: elasticmapsservers.maps.k8s.elastic.co
+spec:
+ group: maps.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: ElasticMapsServer
+ listKind: ElasticMapsServerList
+ plural: elasticmapsservers
+ shortNames:
+ - ems
+ singular: elasticmapsserver
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: ElasticMapsServer version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ElasticMapsServer represents an Elastic Map Server resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MapsSpec holds the specification of an Elastic Maps Server instance.
+ properties:
+ config:
+ description: 'Config holds the ElasticMapsServer configuration. See: https://www.elastic.co/guide/en/kibana/current/maps-connect-to-ems.html#elastic-maps-server-configuration'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: ConfigRef contains a reference to an existing Kubernetes Secret holding the Elastic Maps Server configuration. Configuration settings are merged and have precedence over settings specified in `config`.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ description: Count of Elastic Maps Server instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Elastic Maps Server.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ clusterIPs:
+ description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field."
+ items:
+ description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Elastic Maps Server Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Elastic Maps Server pods
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Elastic Maps Server.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: MapsStatus defines the observed state of Elastic Maps Server
+ properties:
+ associationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ health:
+ description: Health of the deployment.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the most recent generation observed for this Elastic Maps Server. It corresponds to the metadata generation, which is updated on mutation by the API Server. If the generation observed in status diverges from the generation in metadata, the Elastic Maps controller has not yet processed the changes contained in the Elastic Maps specification.
+ format: int64
+ type: integer
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ version:
+ description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.'
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+---
+# Source: eck-operator-crds/templates/all-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ app.kubernetes.io/instance: 'elastic-operator'
+ app.kubernetes.io/name: 'eck-operator-crds'
+ app.kubernetes.io/version: '2.6.1'
+ name: elasticsearchautoscalers.autoscaling.k8s.elastic.co
+spec:
+ group: autoscaling.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: ElasticsearchAutoscaler
+ listKind: ElasticsearchAutoscalerList
+ plural: elasticsearchautoscalers
+ shortNames:
+ - esa
+ singular: elasticsearchautoscaler
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.elasticsearchRef.name
+ name: Target
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Active')].status
+ name: Active
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Healthy')].status
+ name: Healthy
+ type: string
+ - jsonPath: .status.conditions[?(@.type=='Limited')].status
+ name: Limited
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ElasticsearchAutoscaler represents an ElasticsearchAutoscaler resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ElasticsearchAutoscalerSpec holds the specification of an Elasticsearch autoscaler resource.
+ properties:
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster that exists in the same namespace.
+ properties:
+ name:
+ description: Name is the name of the Elasticsearch resource to scale automatically.
+ minLength: 1
+ type: string
+ type: object
+ policies:
+ items:
+ description: AutoscalingPolicySpec holds a named autoscaling policy and the associated resources limits (cpu, memory, storage).
+ properties:
+ deciders:
+ additionalProperties:
+ additionalProperties:
+ type: string
+ description: DeciderSettings allow the user to tweak autoscaling deciders. The map data structure complies with the format expected by Elasticsearch.
+ type: object
+ description: Deciders allow the user to override default settings for autoscaling deciders.
+ type: object
+ name:
+ description: Name identifies the autoscaling policy in the autoscaling specification.
+ type: string
+ resources:
+ description: AutoscalingResources model the limits, submitted by the user, for the supported resources in an autoscaling policy. Only the node count range is mandatory. For other resources, a limit range is required only if the Elasticsearch autoscaling capacity API returns a requirement for a given resource. For example, the memory limit range is only required if the autoscaling API response contains a memory requirement. If there is no limit range for a resource, and if that resource is not mandatory, then the resources in the NodeSets managed by the autoscaling policy are left untouched.
+ properties:
+ cpu:
+ description: QuantityRange models a resource limit range for resources which can be expressed with resource.Quantity.
+ properties:
+ max:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Max represents the upper limit for the resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ min:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Min represents the lower limit for the resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ requestsToLimitsRatio:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RequestsToLimitsRatio allows to customize Kubernetes resource Limit based on the Request.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - max
+ - min
+ type: object
+ memory:
+ description: QuantityRange models a resource limit range for resources which can be expressed with resource.Quantity.
+ properties:
+ max:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Max represents the upper limit for the resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ min:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Min represents the lower limit for the resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ requestsToLimitsRatio:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RequestsToLimitsRatio allows to customize Kubernetes resource Limit based on the Request.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - max
+ - min
+ type: object
+ nodeCount:
+ description: NodeCountRange is used to model the minimum and the maximum number of nodes over all the NodeSets managed by the same autoscaling policy.
+ properties:
+ max:
+ description: Max represents the maximum number of nodes in a tier.
+ format: int32
+ type: integer
+ min:
+ description: Min represents the minimum number of nodes in a tier.
+ format: int32
+ type: integer
+ required:
+ - max
+ - min
+ type: object
+ storage:
+ description: QuantityRange models a resource limit range for resources which can be expressed with resource.Quantity.
+ properties:
+ max:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Max represents the upper limit for the resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ min:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Min represents the lower limit for the resources managed by the autoscaler.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ requestsToLimitsRatio:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RequestsToLimitsRatio allows to customize Kubernetes resource Limit based on the Request.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - max
+ - min
+ type: object
+ required:
+ - nodeCount
+ type: object
+ roles:
+ description: An autoscaling policy must target a unique set of roles.
+ items:
+ type: string
+ type: array
+ required:
+ - resources
+ type: object
+ type: array
+ pollingPeriod:
+ description: PollingPeriod is the period at which to synchronize with the Elasticsearch autoscaling API.
+ type: string
+ required:
+ - policies
+ type: object
+ status:
+ properties:
+ conditions:
+ description: Conditions holds the current service state of the autoscaling controller.
+ items:
+ description: Condition represents Elasticsearch resource's condition. **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ status:
+ type: string
+ type:
+ description: ConditionType defines the condition of an Elasticsearch resource.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ observedGeneration:
+ description: ObservedGeneration is the last observed generation by the controller.
+ format: int64
+ type: integer
+ policies:
+ description: AutoscalingPolicyStatuses is used to expose state messages to user or external system.
+ items:
+ properties:
+ lastModificationTime:
+ description: LastModificationTime is the last time the resources have been updated, used by the cooldown algorithm.
+ format: date-time
+ type: string
+ name:
+ description: Name is the name of the autoscaling policy
+ type: string
+ nodeSets:
+ description: NodeSetNodeCount holds the number of nodes for each nodeSet.
+ items:
+ description: NodeSetNodeCount models the number of nodes expected in a given NodeSet.
+ properties:
+ name:
+ description: Name of the Nodeset.
+ type: string
+ nodeCount:
+ description: NodeCount is the number of nodes, as computed by the autoscaler, expected in this NodeSet.
+ format: int32
+ type: integer
+ required:
+ - name
+ - nodeCount
+ type: object
+ type: array
+ resources:
+ description: ResourcesSpecification holds the resource values common to all the nodeSets managed by a same autoscaling policy. Only the resources managed by the autoscaling controller are saved in the Status.
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: ResourceList is a set of (resource name, quantity) pairs.
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: ResourceList is a set of (resource name, quantity) pairs.
+ type: object
+ type: object
+ state:
+ description: PolicyStates may contain various messages regarding the current state of this autoscaling policy.
+ items:
+ properties:
+ messages:
+ items:
+ type: string
+ type: array
+ type:
+ type: string
+ required:
+ - messages
+ - type
+ type: object
+ type: array
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+# Source: eck-operator-crds/templates/all-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ app.kubernetes.io/instance: 'elastic-operator'
+ app.kubernetes.io/name: 'eck-operator-crds'
+ app.kubernetes.io/version: '2.6.1'
+ name: elasticsearches.elasticsearch.k8s.elastic.co
+spec:
+ group: elasticsearch.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Elasticsearch
+ listKind: ElasticsearchList
+ plural: elasticsearches
+ shortNames:
+ - es
+ singular: elasticsearch
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Elasticsearch version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .status.phase
+ name: phase
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Elasticsearch represents an Elasticsearch resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ElasticsearchSpec holds the specification of an Elasticsearch cluster.
+ properties:
+ auth:
+ description: Auth contains user authentication and authorization security settings for Elasticsearch.
+ properties:
+ fileRealm:
+ description: FileRealm to propagate to the Elasticsearch cluster.
+ items:
+ description: FileRealmSource references users to create in the Elasticsearch cluster.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ type: array
+ roles:
+ description: Roles to propagate to the Elasticsearch cluster.
+ items:
+ description: RoleSource references roles to create in the Elasticsearch cluster.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ type: array
+ type: object
+ http:
+ description: HTTP holds HTTP layer settings for Elasticsearch.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ clusterIPs:
+ description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field."
+ items:
+ description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Elasticsearch Docker image to deploy.
+ type: string
+ monitoring:
+ description: Monitoring enables you to collect and ship log and monitoring data of this Elasticsearch cluster. See https://www.elastic.co/guide/en/elasticsearch/reference/current/monitor-elasticsearch-cluster.html. Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different Elasticsearch monitoring clusters running in the same Kubernetes cluster.
+ properties:
+ logs:
+ description: Logs holds references to Elasticsearch clusters which receive log data from an associated resource.
+ properties:
+ elasticsearchRefs:
+ description: ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ metrics:
+ description: Metrics holds references to Elasticsearch clusters which receive monitoring data from this resource.
+ properties:
+ elasticsearchRefs:
+ description: ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ nodeSets:
+ description: NodeSets allow specifying groups of Elasticsearch nodes sharing the same configuration and Pod templates.
+ items:
+ description: NodeSet is the specification for a group of Elasticsearch nodes sharing the same configuration and a Pod template.
+ properties:
+ config:
+ description: Config holds the Elasticsearch configuration.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of Elasticsearch nodes to deploy. If the node set is managed by an autoscaling policy the initial value is automatically set by the autoscaling controller.
+ format: int32
+ type: integer
+ name:
+ description: Name of this set of nodes. Becomes a part of the Elasticsearch node.name setting.
+ maxLength: 23
+ pattern: '[a-zA-Z0-9-]+'
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Pods belonging to this NodeSet.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ volumeClaimTemplates:
+ description: VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet. Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate. Items defined here take precedence over any default claims added by the operator with the same name.
+ items:
+ description: PersistentVolumeClaim is a user's request for and claim to a persistent volume
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ status:
+ description: 'status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ type: object
+ capacity:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: capacity represents the actual resources of the underlying volume.
+ type: object
+ conditions:
+ description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
+ items:
+ description: PersistentVolumeClaimCondition contails details about state of pvc
+ properties:
+ lastProbeTime:
+ description: lastProbeTime is the time we probed the condition.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime is the time the condition transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message is the human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized.
+ type: string
+ status:
+ type: string
+ type:
+ description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ phase:
+ description: phase represents the current phase of PersistentVolumeClaim.
+ type: string
+ resizeStatus:
+ description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ type: string
+ type: object
+ type: object
+ type: array
+ required:
+ - name
+ type: object
+ minItems: 1
+ type: array
+ podDisruptionBudget:
+ description: PodDisruptionBudget provides access to the default pod disruption budget for the Elasticsearch cluster. The default budget selects all cluster pods and sets `maxUnavailable` to 1. To disable, set `PodDisruptionBudget` to the empty value (`{}` in YAML).
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the PDB. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the PDB.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
+ x-kubernetes-int-or-string: true
+ minAvailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
+ x-kubernetes-int-or-string: true
+ selector:
+ description: Label query over pods whose evictions are managed by the disruption budget. A null selector will match no pods, while an empty ({}) selector will select all pods within the namespace.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ remoteClusters:
+ description: RemoteClusters enables you to establish uni-directional connections to a remote Elasticsearch cluster.
+ items:
+ description: RemoteCluster declares a remote Elasticsearch cluster connection.
+ properties:
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster running within the same k8s cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ name:
+ description: Name is the name of the remote cluster as it is set in the Elasticsearch settings. The name is expected to be unique for each remote clusters.
+ minLength: 1
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain to allow rollback in the underlying StatefulSets.
+ format: int32
+ type: integer
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Elasticsearch.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current resource to a resource (for ex. a remote Elasticsearch cluster) in a different namespace. Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ transport:
+ description: Transport holds transport layer settings for Elasticsearch.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ clusterIPs:
+ description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field."
+ items:
+ description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS on the transport layer.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret that contains the CA certificate and private key for generating node certificates. The referenced secret should contain the following: \n - `ca.crt`: The CA certificate in PEM format. - `ca.key`: The private key for the CA certificate in PEM format."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ otherNameSuffix:
+ description: 'OtherNameSuffix when defined will be prefixed with the Pod name and used as the common name, and the first DNSName, as well as an OtherName required by Elasticsearch in the Subject Alternative Name extension of each Elasticsearch node''s transport TLS certificate. Example: if set to "node.cluster.local", the generated certificate will have its otherName set to ".node.cluster.local".'
+ type: string
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to include in the generated node transport TLS certificates.
+ items:
+ description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ updateStrategy:
+ description: UpdateStrategy specifies how updates to the cluster should be performed.
+ properties:
+ changeBudget:
+ description: ChangeBudget defines the constraints to consider when applying changes to the Elasticsearch cluster.
+ properties:
+ maxSurge:
+ description: MaxSurge is the maximum number of new pods that can be created exceeding the original number of pods defined in the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will disable the restriction. Defaults to unbounded if not specified.
+ format: int32
+ type: integer
+ maxUnavailable:
+ description: MaxUnavailable is the maximum number of pods that can be unavailable (not ready) during the update due to circumstances under the control of the operator. Setting a negative value will disable this restriction. Defaults to 1 if not specified.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ version:
+ description: Version of Elasticsearch.
+ type: string
+ volumeClaimDeletePolicy:
+ description: VolumeClaimDeletePolicy sets the policy for handling deletion of PersistentVolumeClaims for all NodeSets. Possible values are DeleteOnScaledownOnly and DeleteOnScaledownAndClusterDeletion. Defaults to DeleteOnScaledownAndClusterDeletion.
+ enum:
+ - DeleteOnScaledownOnly
+ - DeleteOnScaledownAndClusterDeletion
+ type: string
+ required:
+ - nodeSets
+ - version
+ type: object
+ status:
+ description: ElasticsearchStatus represents the observed state of Elasticsearch.
+ properties:
+ availableNodes:
+ description: AvailableNodes is the number of available instances.
+ format: int32
+ type: integer
+ conditions:
+ description: Conditions holds the current service state of an Elasticsearch cluster. **This API is in technical preview and may be changed or removed in a future release.**
+ items:
+ description: Condition represents Elasticsearch resource's condition. **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastTransitionTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ status:
+ type: string
+ type:
+ description: ConditionType defines the condition of an Elasticsearch resource.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ health:
+ description: ElasticsearchHealth is the health of the cluster as returned by the health API.
+ type: string
+ inProgressOperations:
+ description: InProgressOperations represents changes being applied by the operator to the Elasticsearch cluster. **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ downscale:
+ description: DownscaleOperation provides details about in progress downscale operations. **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastUpdatedTime:
+ format: date-time
+ type: string
+ nodes:
+ description: Nodes which are scheduled to be removed from the cluster.
+ items:
+ description: DownscaledNode provides an overview of in progress changes applied by the operator to remove Elasticsearch nodes from the cluster. **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ explanation:
+ description: Explanation provides details about an in progress node shutdown. It is only available for clusters managed with the Elasticsearch shutdown API.
+ type: string
+ name:
+ description: Name of the Elasticsearch node that should be removed.
+ type: string
+ shutdownStatus:
+ description: Shutdown status as returned by the Elasticsearch shutdown API. If the Elasticsearch shutdown API is not available, the shutdown status is then inferred from the remaining shards on the nodes, as observed by the operator.
+ type: string
+ required:
+ - name
+ - shutdownStatus
+ type: object
+ type: array
+ stalled:
+ description: Stalled represents a state where no progress can be made. It is only available for clusters managed with the Elasticsearch shutdown API.
+ type: boolean
+ type: object
+ upgrade:
+ description: UpgradeOperation provides an overview of the pending or in progress changes applied by the operator to update the Elasticsearch nodes in the cluster. **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastUpdatedTime:
+ format: date-time
+ type: string
+ nodes:
+ description: Nodes that must be restarted for upgrade.
+ items:
+ description: UpgradedNode provides details about the status of nodes which are expected to be updated. **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ message:
+ description: Optional message to explain why a node may not be immediately restarted for upgrade.
+ type: string
+ name:
+ description: Name of the Elasticsearch node that should be upgraded.
+ type: string
+ predicate:
+ description: Predicate is the name of the predicate currently preventing this node from being deleted for an upgrade.
+ type: string
+ status:
+ description: Status states if the node is either in the process of being deleted for an upgrade, or blocked by a predicate or another condition stated in the message field.
+ type: string
+ required:
+ - name
+ - status
+ type: object
+ type: array
+ type: object
+ upscale:
+ description: UpscaleOperation provides an overview of in progress changes applied by the operator to add Elasticsearch nodes to the cluster. **This API is in technical preview and may be changed or removed in a future release.**
+ properties:
+ lastUpdatedTime:
+ format: date-time
+ type: string
+ nodes:
+ description: Nodes expected to be added by the operator.
+ items:
+ properties:
+ message:
+ description: Optional message to explain why a node may not be immediately added.
+ type: string
+ name:
+ description: Name of the Elasticsearch node that should be added to the cluster.
+ type: string
+ status:
+ description: NewNodeStatus states if a new node is being created, or if the upscale is delayed.
+ type: string
+ required:
+ - name
+ - status
+ type: object
+ type: array
+ type: object
+ required:
+ - downscale
+ - upgrade
+ - upscale
+ type: object
+ monitoringAssociationStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: AssociationStatusMap is the map of association's namespaced name string to its AssociationStatus. For resources that have a single Association of a given type (for ex. single ES reference), this map contains a single entry.
+ type: object
+ observedGeneration:
+ description: ObservedGeneration is the most recent generation observed for this Elasticsearch cluster. It corresponds to the metadata generation, which is updated on mutation by the API Server. If the generation observed in status diverges from the generation in metadata, the Elasticsearch controller has not yet processed the changes contained in the Elasticsearch specification.
+ format: int64
+ type: integer
+ phase:
+ description: ElasticsearchOrchestrationPhase is the phase Elasticsearch is in from the controller point of view.
+ type: string
+ version:
+ description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.'
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Elasticsearch version
+ jsonPath: .spec.version
+ name: version
+ type: string
+ - jsonPath: .status.phase
+ name: phase
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Elasticsearch represents an Elasticsearch resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ElasticsearchSpec holds the specification of an Elasticsearch cluster.
+ properties:
+ http:
+ description: HTTP holds HTTP layer settings for Elasticsearch.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ clusterIPs:
+ description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field."
+ items:
+ description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Elasticsearch Docker image to deploy.
+ type: string
+ nodeSets:
+ description: NodeSets allow specifying groups of Elasticsearch nodes sharing the same configuration and Pod templates.
+ items:
+ description: NodeSet is the specification for a group of Elasticsearch nodes sharing the same configuration and a Pod template.
+ properties:
+ config:
+ description: Config holds the Elasticsearch configuration.
+ type: object
+ count:
+ description: Count of Elasticsearch nodes to deploy.
+ format: int32
+ minimum: 1
+ type: integer
+ name:
+ description: Name of this set of nodes. Becomes a part of the Elasticsearch node.name setting.
+ maxLength: 23
+ pattern: '[a-zA-Z0-9-]+'
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Pods belonging to this NodeSet.
+ type: object
+ volumeClaimTemplates:
+ description: VolumeClaimTemplates is a list of persistent volume claims to be used by each Pod in this NodeSet. Every claim in this list must have a matching volumeMount in one of the containers defined in the PodTemplate. Items defined here take precedence over any default claims added by the operator with the same name.
+ items:
+ description: PersistentVolumeClaim is a user's request for and claim to a persistent volume
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: 'spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. If the AnyVolumeDataSource feature gate is enabled, this field will always have the same contents as the DataSourceRef field.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any local object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the DataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, both fields (DataSource and DataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. There are two important differences between DataSource and DataSourceRef: * While DataSource only allows two specific types of objects, DataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While DataSource ignores disallowed values (dropping them), DataSourceRef preserves all values, and generates an error if a disallowed value is specified. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ resources:
+ description: 'resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ status:
+ description: 'status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ accessModes:
+ description: 'accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ allocatedResources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: allocatedResources is the storage resource within AllocatedResources tracks the capacity allocated to a PVC. It may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ type: object
+ capacity:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: capacity represents the actual resources of the underlying volume.
+ type: object
+ conditions:
+ description: conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'ResizeStarted'.
+ items:
+ description: PersistentVolumeClaimCondition contails details about state of pvc
+ properties:
+ lastProbeTime:
+ description: lastProbeTime is the time we probed the condition.
+ format: date-time
+ type: string
+ lastTransitionTime:
+ description: lastTransitionTime is the time the condition transitioned from one status to another.
+ format: date-time
+ type: string
+ message:
+ description: message is the human-readable message indicating details about last transition.
+ type: string
+ reason:
+ description: reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports "ResizeStarted" that means the underlying persistent volume is being resized.
+ type: string
+ status:
+ type: string
+ type:
+ description: PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ phase:
+ description: phase represents the current phase of PersistentVolumeClaim.
+ type: string
+ resizeStatus:
+ description: resizeStatus stores status of resize operation. ResizeStatus is not set by default but when expansion is complete resizeStatus is set to empty string by resize controller or kubelet. This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ type: string
+ type: object
+ type: object
+ type: array
+ required:
+ - count
+ - name
+ type: object
+ minItems: 1
+ type: array
+ podDisruptionBudget:
+ description: PodDisruptionBudget provides access to the default pod disruption budget for the Elasticsearch cluster. The default budget selects all cluster pods and sets `maxUnavailable` to 1. To disable, set `PodDisruptionBudget` to the empty value (`{}` in YAML).
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the PDB. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the PDB.
+ properties:
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: An eviction is allowed if at most "maxUnavailable" pods selected by "selector" are unavailable after the eviction, i.e. even in absence of the evicted pod. For example, one can prevent all voluntary evictions by specifying 0. This is a mutually exclusive setting with "minAvailable".
+ x-kubernetes-int-or-string: true
+ minAvailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: An eviction is allowed if at least "minAvailable" pods selected by "selector" will still be available after the eviction, i.e. even in the absence of the evicted pod. So for example you can prevent all voluntary evictions by specifying "100%".
+ x-kubernetes-int-or-string: true
+ selector:
+ description: Label query over pods whose evictions are managed by the disruption budget. A null selector selects no pods. An empty selector ({}) also selects no pods, which differs from standard behavior of selecting all pods. In policy/v1, an empty selector will select all pods in the namespace.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Elasticsearch.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ updateStrategy:
+ description: UpdateStrategy specifies how updates to the cluster should be performed.
+ properties:
+ changeBudget:
+ description: ChangeBudget defines the constraints to consider when applying changes to the Elasticsearch cluster.
+ properties:
+ maxSurge:
+ description: MaxSurge is the maximum number of new pods that can be created exceeding the original number of pods defined in the specification. MaxSurge is only taken into consideration when scaling up. Setting a negative value will disable the restriction. Defaults to unbounded if not specified.
+ format: int32
+ type: integer
+ maxUnavailable:
+ description: MaxUnavailable is the maximum number of pods that can be unavailable (not ready) during the update due to circumstances under the control of the operator. Setting a negative value will disable this restriction. Defaults to 1 if not specified.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ version:
+ description: Version of Elasticsearch.
+ type: string
+ required:
+ - nodeSets
+ type: object
+ status:
+ description: ElasticsearchStatus defines the observed state of Elasticsearch
+ properties:
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: ElasticsearchHealth is the health of the cluster as returned by the health API.
+ type: string
+ phase:
+ description: ElasticsearchOrchestrationPhase is the phase Elasticsearch is in from the controller point of view.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: to not break compatibility when upgrading from previous versions of the CRD
+ type: object
+ served: false
+ storage: false
+---
+# Source: eck-operator-crds/templates/all-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ app.kubernetes.io/instance: 'elastic-operator'
+ app.kubernetes.io/name: 'eck-operator-crds'
+ app.kubernetes.io/version: '2.6.1'
+ name: enterprisesearches.enterprisesearch.k8s.elastic.co
+spec:
+ group: enterprisesearch.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: EnterpriseSearch
+ listKind: EnterpriseSearchList
+ plural: enterprisesearches
+ shortNames:
+ - ent
+ singular: enterprisesearch
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Enterprise Search version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise Search.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EnterpriseSearchSpec holds the specification of an Enterprise Search resource.
+ properties:
+ config:
+ description: Config holds the Enterprise Search configuration.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: ConfigRef contains a reference to an existing Kubernetes Secret holding the Enterprise Search configuration. Configuration settings are merged and have precedence over settings specified in `config`.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ description: Count of Enterprise Search instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the Elasticsearch cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Enterprise Search resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ clusterIPs:
+ description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field."
+ items:
+ description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Enterprise Search Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Enterprise Search pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Enterprise Search.
+ type: string
+ type: object
+ status:
+ description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch
+ properties:
+ associationStatus:
+ description: Association is the status of any auto-linking to Elasticsearch clusters.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ health:
+ description: Health of the deployment.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration represents the .metadata.generation that the status is based upon. It corresponds to the metadata generation, which is updated on mutation by the API Server. If the generation observed in status diverges from the generation in metadata, the Enterprise Search controller has not yet processed the changes contained in the Enterprise Search specification.
+ format: int64
+ type: integer
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ service:
+ description: ExternalService is the name of the service associated to the Enterprise Search Pods.
+ type: string
+ version:
+ description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.'
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Enterprise Search version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: EnterpriseSearch is a Kubernetes CRD to represent Enterprise Search.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: EnterpriseSearchSpec holds the specification of an Enterprise Search resource.
+ properties:
+ config:
+ description: Config holds the Enterprise Search configuration.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ configRef:
+ description: ConfigRef contains a reference to an existing Kubernetes Secret holding the Enterprise Search configuration. Configuration settings are merged and have precedence over settings specified in `config`.
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ count:
+ description: Count of Enterprise Search instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to the Elasticsearch cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Enterprise Search resource.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ clusterIPs:
+ description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field."
+ items:
+ description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Enterprise Search Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Enterprise Search pods.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Enterprise Search.
+ type: string
+ type: object
+ status:
+ description: EnterpriseSearchStatus defines the observed state of EnterpriseSearch
+ properties:
+ associationStatus:
+ description: Association is the status of any auto-linking to Elasticsearch clusters.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ health:
+ description: Health of the deployment.
+ type: string
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ service:
+ description: ExternalService is the name of the service associated to the Enterprise Search Pods.
+ type: string
+ version:
+ description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.'
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+---
+# Source: eck-operator-crds/templates/all-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ app.kubernetes.io/instance: 'elastic-operator'
+ app.kubernetes.io/name: 'eck-operator-crds'
+ app.kubernetes.io/version: '2.6.1'
+ name: kibanas.kibana.k8s.elastic.co
+spec:
+ group: kibana.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: Kibana
+ listKind: KibanaList
+ plural: kibanas
+ shortNames:
+ - kb
+ singular: kibana
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Kibana version
+ jsonPath: .status.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: Kibana represents a Kibana resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KibanaSpec holds the specification of a Kibana instance.
+ properties:
+ config:
+ description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of Kibana instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ enterpriseSearchRef:
+ description: EnterpriseSearchRef is a reference to an EnterpriseSearch running in the same Kubernetes cluster. Kibana provides the default Enterprise Search UI starting version 7.14.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Kibana.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ clusterIPs:
+ description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field."
+ items:
+ description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Kibana Docker image to deploy.
+ type: string
+ monitoring:
+ description: Monitoring enables you to collect and ship log and monitoring data of this Kibana. See https://www.elastic.co/guide/en/kibana/current/xpack-monitoring.html. Metricbeat and Filebeat are deployed in the same Pod as sidecars and each one sends data to one or two different Elasticsearch monitoring clusters running in the same Kubernetes cluster.
+ properties:
+ logs:
+ description: Logs holds references to Elasticsearch clusters which receive log data from an associated resource.
+ properties:
+ elasticsearchRefs:
+ description: ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ metrics:
+ description: Metrics holds references to Elasticsearch clusters which receive monitoring data from this resource.
+ properties:
+ elasticsearchRefs:
+ description: ElasticsearchRefs is a reference to a list of monitoring Elasticsearch clusters running in the same Kubernetes cluster. Due to existing limitations, only a single Elasticsearch cluster is currently supported.
+ items:
+ description: ObjectSelector defines a reference to a Kubernetes object which can be an Elastic resource managed by the operator or a Secret describing an external Elastic resource not managed by the operator.
+ properties:
+ name:
+ description: Name of an existing Kubernetes object corresponding to an Elastic resource managed by ECK.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ secretName:
+ description: 'SecretName is the name of an existing Kubernetes secret that contains connection information for associating an Elastic resource not managed by the operator. The referenced secret must contain the following: - `url`: the URL to reach the Elastic resource - `username`: the username of the user to be authenticated to the Elastic resource - `password`: the password of the user to be authenticated to the Elastic resource - `ca.crt`: the CA certificate in PEM format (optional). This field cannot be used in combination with the other fields name, namespace or serviceName.'
+ type: string
+ serviceName:
+ description: ServiceName is the name of an existing Kubernetes service which is used to make requests to the referenced object. It has to be in the same namespace as the referenced resource. If left empty, the default HTTP service of the referenced resource is used.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Kibana pods
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ revisionHistoryLimit:
+ description: RevisionHistoryLimit is the number of revisions to retain to allow rollback in the underlying Deployment.
+ format: int32
+ type: integer
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Kibana.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ serviceAccountName:
+ description: ServiceAccountName is used to check access from the current resource to a resource (for ex. Elasticsearch) in a different namespace. Can only be used if ECK is enforcing RBAC on references.
+ type: string
+ version:
+ description: Version of Kibana.
+ type: string
+ required:
+ - version
+ type: object
+ status:
+ description: KibanaStatus defines the observed state of Kibana
+ properties:
+ associationStatus:
+ description: AssociationStatus is the status of any auto-linking to Elasticsearch clusters. This field is deprecated and will be removed in a future release. Use ElasticsearchAssociationStatus instead.
+ type: string
+ availableNodes:
+ description: AvailableNodes is the number of available replicas in the deployment.
+ format: int32
+ type: integer
+ count:
+ description: Count corresponds to Scale.Status.Replicas, which is the actual number of observed instances of the scaled object.
+ format: int32
+ type: integer
+ elasticsearchAssociationStatus:
+ description: ElasticsearchAssociationStatus is the status of any auto-linking to Elasticsearch clusters.
+ type: string
+ enterpriseSearchAssociationStatus:
+ description: EnterpriseSearchAssociationStatus is the status of any auto-linking to Enterprise Search.
+ type: string
+ health:
+ description: Health of the deployment.
+ type: string
+ monitoringAssociationStatus:
+ additionalProperties:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ description: MonitoringAssociationStatus is the status of any auto-linking to monitoring Elasticsearch clusters.
+ type: object
+ observedGeneration:
+ description: ObservedGeneration is the most recent generation observed for this Kibana instance. It corresponds to the metadata generation, which is updated on mutation by the API Server. If the generation observed in status diverges from the generation in metadata, the Kibana controller has not yet processed the changes contained in the Kibana specification.
+ format: int64
+ type: integer
+ selector:
+ description: Selector is the label selector used to find all pods.
+ type: string
+ version:
+ description: 'Version of the stack resource currently running. During version upgrades, multiple versions may run in parallel: this value specifies the lowest version currently running.'
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ scale:
+ labelSelectorPath: .status.selector
+ specReplicasPath: .spec.count
+ statusReplicasPath: .status.count
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .status.health
+ name: health
+ type: string
+ - description: Available nodes
+ jsonPath: .status.availableNodes
+ name: nodes
+ type: integer
+ - description: Kibana version
+ jsonPath: .spec.version
+ name: version
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Kibana represents a Kibana resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: KibanaSpec holds the specification of a Kibana instance.
+ properties:
+ config:
+ description: 'Config holds the Kibana configuration. See: https://www.elastic.co/guide/en/kibana/current/settings.html'
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ count:
+ description: Count of Kibana instances to deploy.
+ format: int32
+ type: integer
+ elasticsearchRef:
+ description: ElasticsearchRef is a reference to an Elasticsearch cluster running in the same Kubernetes cluster.
+ properties:
+ name:
+ description: Name of the Kubernetes object.
+ type: string
+ namespace:
+ description: Namespace of the Kubernetes object. If empty, defaults to the current namespace.
+ type: string
+ required:
+ - name
+ type: object
+ http:
+ description: HTTP holds the HTTP layer configuration for Kibana.
+ properties:
+ service:
+ description: Service defines the template for the associated Kubernetes Service object.
+ properties:
+ metadata:
+ description: ObjectMeta is the metadata of the service. The name and namespace provided here are managed by ECK and will be ignored.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: Spec is the specification of the service.
+ properties:
+ allocateLoadBalancerNodePorts:
+ description: allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is "true". It may be set to "false" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.
+ type: boolean
+ clusterIP:
+ description: 'clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are "None", empty string (""), or a valid IP address. Setting this to "None" makes a "headless service" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ clusterIPs:
+ description: "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value. \n This field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies"
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ externalIPs:
+ description: externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.
+ items:
+ type: string
+ type: array
+ externalName:
+ description: externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be "ExternalName".
+ type: string
+ externalTrafficPolicy:
+ description: externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to "Local", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get "Cluster" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.
+ type: string
+ healthCheckNodePort:
+ description: healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.
+ format: int32
+ type: integer
+ internalTrafficPolicy:
+ description: InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to "Local", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, "Cluster", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).
+ type: string
+ ipFamilies:
+ description: "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName. \n This field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field."
+ items:
+ description: IPFamily represents the IP Family (IPv4 or IPv6). This type is used to express the family of an IP expressed by a type (e.g. service.spec.ipFamilies).
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ipFamilyPolicy:
+ description: IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be "SingleStack" (a single IP family), "PreferDualStack" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or "RequireDualStack" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.
+ type: string
+ loadBalancerClass:
+ description: loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. "internal-vip" or "example.com/internal-vip". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.
+ type: string
+ loadBalancerIP:
+ description: 'Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations, and it cannot support dual-stack. As of Kubernetes v1.24, users are encouraged to use implementation-specific annotations when available. This field may be removed in a future API version.'
+ type: string
+ loadBalancerSourceRanges:
+ description: 'If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature." More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/'
+ items:
+ type: string
+ type: array
+ ports:
+ description: 'The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ items:
+ description: ServicePort contains information on service's port.
+ properties:
+ appProtocol:
+ description: The application protocol for this port. This field follows standard Kubernetes label syntax. Un-prefixed names are reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names). Non-standard protocols should use prefixed names such as mycompany.com/my-custom-protocol.
+ type: string
+ name:
+ description: The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.
+ type: string
+ nodePort:
+ description: 'The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport'
+ format: int32
+ type: integer
+ port:
+ description: The port that will be exposed by this service.
+ format: int32
+ type: integer
+ protocol:
+ default: TCP
+ description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP.
+ type: string
+ targetPort:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod''s container ports. If this is not specified, the value of the ''port'' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the ''port'' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service'
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - port
+ - protocol
+ x-kubernetes-list-type: map
+ publishNotReadyAddresses:
+ description: publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered "ready" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.
+ type: boolean
+ selector:
+ additionalProperties:
+ type: string
+ description: 'Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/'
+ type: object
+ x-kubernetes-map-type: atomic
+ sessionAffinity:
+ description: 'Supports "ClientIP" and "None". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies'
+ type: string
+ sessionAffinityConfig:
+ description: sessionAffinityConfig contains the configurations of session affinity.
+ properties:
+ clientIP:
+ description: clientIP contains the configurations of Client IP based session affinity.
+ properties:
+ timeoutSeconds:
+ description: timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == "ClientIP". Default value is 10800(for 3 hours).
+ format: int32
+ type: integer
+ type: object
+ type: object
+ type:
+ description: 'type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. "ClusterIP" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is "None", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. "NodePort" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. "LoadBalancer" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. "ExternalName" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
+ type: string
+ type: object
+ type: object
+ tls:
+ description: TLS defines options for configuring TLS for HTTP.
+ properties:
+ certificate:
+ description: "Certificate is a reference to a Kubernetes secret that contains the certificate and private key for enabling TLS. The referenced secret should contain the following: \n - `ca.crt`: The certificate authority (optional). - `tls.crt`: The certificate (or a chain). - `tls.key`: The private key to the first certificate in the certificate chain."
+ properties:
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ type: object
+ selfSignedCertificate:
+ description: SelfSignedCertificate allows configuring the self-signed certificate generated by the operator.
+ properties:
+ disabled:
+ description: Disabled indicates that the provisioning of the self-signed certifcate should be disabled.
+ type: boolean
+ subjectAltNames:
+ description: SubjectAlternativeNames is a list of SANs to include in the generated HTTP TLS certificate.
+ items:
+ description: SubjectAlternativeName represents a SAN entry in a x509 certificate.
+ properties:
+ dns:
+ description: DNS is the DNS name of the subject.
+ type: string
+ ip:
+ description: IP is the IP address of the subject.
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ type: object
+ image:
+ description: Image is the Kibana Docker image to deploy.
+ type: string
+ podTemplate:
+ description: PodTemplate provides customisation options (labels, annotations, affinity rules, resource requests, and so on) for the Kibana pods
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ secureSettings:
+ description: SecureSettings is a list of references to Kubernetes secrets containing sensitive configuration options for Kibana.
+ items:
+ description: SecretSource defines a data source based on a Kubernetes Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ version:
+ description: Version of Kibana.
+ type: string
+ type: object
+ status:
+ description: KibanaStatus defines the observed state of Kibana
+ properties:
+ associationStatus:
+ description: AssociationStatus is the status of an association resource.
+ type: string
+ availableNodes:
+ format: int32
+ type: integer
+ health:
+ description: KibanaHealth expresses the status of the Kibana instances.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: to not break compatibility when upgrading from previous versions of the CRD
+ type: object
+ served: false
+ storage: false
+---
+# Source: eck-operator-crds/templates/all-crds.yaml
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.10.0
+ creationTimestamp: null
+ labels:
+ app.kubernetes.io/instance: 'elastic-operator'
+ app.kubernetes.io/name: 'eck-operator-crds'
+ app.kubernetes.io/version: '2.6.1'
+ name: stackconfigpolicies.stackconfigpolicy.k8s.elastic.co
+spec:
+ group: stackconfigpolicy.k8s.elastic.co
+ names:
+ categories:
+ - elastic
+ kind: StackConfigPolicy
+ listKind: StackConfigPolicyList
+ plural: stackconfigpolicies
+ shortNames:
+ - scp
+ singular: stackconfigpolicy
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Resources configured
+ jsonPath: .status.readyCount
+ name: Ready
+ type: string
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: StackConfigPolicy represents a StackConfigPolicy resource in a Kubernetes cluster.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ elasticsearch:
+ properties:
+ clusterSettings:
+ description: ClusterSettings holds the Elasticsearch cluster settings (/_cluster/settings)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ indexLifecyclePolicies:
+ description: IndexLifecyclePolicies holds the Index Lifecycle policies settings (/_ilm/policy)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ indexTemplates:
+ description: IndexTemplates holds the Index and Component Templates settings
+ properties:
+ componentTemplates:
+ description: ComponentTemplates holds the Component Templates settings (/_component_template)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ composableIndexTemplates:
+ description: ComposableIndexTemplates holds the Index Templates settings (/_index_template)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ ingestPipelines:
+ description: IngestPipelines holds the Ingest Pipelines settings (/_ingest/pipeline)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ securityRoleMappings:
+ description: SecurityRoleMappings holds the Role Mappings settings (/_security/role_mapping)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ snapshotLifecyclePolicies:
+ description: SnapshotLifecyclePolicies holds the Snapshot Lifecycle Policies settings (/_slm/policy)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ snapshotRepositories:
+ description: SnapshotRepositories holds the Snapshot Repositories settings (/_snapshot)
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ resourceSelector:
+ description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ secureSettings:
+ items:
+ description: SecretSource defines a data source based on a Kubernetes Secret.
+ properties:
+ entries:
+ description: Entries define how to project each key-value pair in the secret to filesystem paths. If not defined, all keys will be projected to similarly named paths in the filesystem. If defined, only the specified keys will be projected to the corresponding paths.
+ items:
+ description: KeyToPath defines how to map a key in a Secret object to a filesystem path.
+ properties:
+ key:
+ description: Key is the key contained in the secret.
+ type: string
+ path:
+ description: Path is the relative file path to map the key to. Path must not be an absolute file path and must not contain any ".." components.
+ type: string
+ required:
+ - key
+ type: object
+ type: array
+ secretName:
+ description: SecretName is the name of the secret.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ type: object
+ status:
+ properties:
+ errors:
+ description: Errors is the number of resources which have an incorrect configuration
+ type: integer
+ observedGeneration:
+ description: ObservedGeneration is the most recent generation observed for this StackConfigPolicy.
+ format: int64
+ type: integer
+ phase:
+ description: Phase is the phase of the StackConfigPolicy.
+ type: string
+ ready:
+ description: Ready is the number of resources successfully configured.
+ type: integer
+ readyCount:
+ description: ReadyCount is a human representation of the number of resources successfully configured.
+ type: string
+ resources:
+ description: Resources is the number of resources to be configured.
+ type: integer
+ resourcesStatuses:
+ additionalProperties:
+ description: ResourcePolicyStatus models the status of the policy for one resource to be configured.
+ properties:
+ currentVersion:
+ format: int64
+ type: integer
+ error:
+ properties:
+ message:
+ type: string
+ version:
+ format: int64
+ type: integer
+ type: object
+ expectedVersion:
+ format: int64
+ type: integer
+ phase:
+ type: string
+ type: object
+ description: ResourcesStatuses holds the status for each resource to be configured.
+ type: object
+ required:
+ - resourcesStatuses
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
diff --git a/logging/elasticsearch.yaml b/logging/elasticsearch.yaml
new file mode 100644
index 0000000..eff5b6a
--- /dev/null
+++ b/logging/elasticsearch.yaml
@@ -0,0 +1,22 @@
+apiVersion: elasticsearch.k8s.elastic.co/v1
+kind: Elasticsearch
+metadata:
+ name: cluster
+spec:
+ version: 8.6.2
+ nodeSets:
+ - name: default
+ count: 1
+ volumeClaimTemplates:
+ - metadata:
+ name: elasticsearch-data # Do not change this name unless you set up a volume mount for the data path.
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 5Gi
+ storageClassName: logging
+ config:
+ node.store.allow_mmap: false
+
diff --git a/logging/filesystem.yaml b/logging/filesystem.yaml
new file mode 100644
index 0000000..ab46f94
--- /dev/null
+++ b/logging/filesystem.yaml
@@ -0,0 +1,42 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+ name: logging
+ namespace: rook-ceph
+spec:
+ metadataPool:
+ failureDomain: host
+ replicated:
+ size: 3
+ dataPools:
+ - name: replicated
+ failureDomain: host
+ replicated:
+ size: 3
+ preserveFilesystemOnDelete: false
+ metadataServer:
+ activeCount: 1
+ activeStandby: true
+ placement:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - mds-node
+ tolerations:
+ - key: node-role.kubernetes.io/storage-node
+ operator: Exists
+ effect: NoSchedule
+ # podAffinity:
+ # podAntiAffinity:
+ # topologySpreadConstraints:
+ #resources:
+ # limits:
+ # cpu: "80m"
+ # memory: "1024Mi"
+ # requests:
+ # cpu: "500m"
+ # memory: "1024Mi"
\ No newline at end of file
diff --git a/logging/ingress.yaml b/logging/ingress.yaml
new file mode 100644
index 0000000..6cca2ee
--- /dev/null
+++ b/logging/ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: kibana
+ namespace: logging
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+
+spec:
+ tls:
+ - hosts:
+ - kibana.undercloud.cf
+ secretName: kibana-tls
+ rules:
+ - host: kibana.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: kibana-kb-http
+ port:
+ number: 5601
\ No newline at end of file
diff --git a/logging/kibana.yaml b/logging/kibana.yaml
new file mode 100644
index 0000000..8242080
--- /dev/null
+++ b/logging/kibana.yaml
@@ -0,0 +1,9 @@
+apiVersion: kibana.k8s.elastic.co/v1
+kind: Kibana
+metadata:
+ name: kibana
+spec:
+ version: 8.6.2
+ count: 1
+ elasticsearchRef:
+ name: cluster
\ No newline at end of file
diff --git a/logging/logstash.yaml b/logging/logstash.yaml
new file mode 100644
index 0000000..769f07d
--- /dev/null
+++ b/logging/logstash.yaml
@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: logstash
+ namespace: logging
+ labels:
+ app: logstash
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: logstash
+ template:
+ metadata:
+ labels:
+ app: logstash
+ spec:
+ dnsConfig:
+ options:
+ - name: ndots
+ value: "1"
+ containers:
+ - image: logstash:8.6.2
+ name: logstash
+ ports:
+ - containerPort: 25826
+ - containerPort: 5044
+ env:
+ - name: ES_HOSTS
+ value: "https://cluster-es-http:9200"
+ - name: ES_USER
+ value: "elastic"
+ - name: ES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: cluster-es-elastic-user
+ key: elastic
+ resources: {}
+ volumeMounts:
+ - name: config-volume
+ mountPath: /usr/share/logstash/config
+ - name: logstash-pipeline-volume
+ mountPath: /usr/share/logstash/pipeline
+ - name: cert-ca
+ mountPath: "/etc/logstash/certificates"
+ readOnly: true
+ restartPolicy: Always
+ volumes:
+ - name: config-volume
+ configMap:
+ name: logstash-configmap
+ items:
+ - key: logstash.yml
+ path: logstash.yml
+ - name: logstash-pipeline-volume
+ configMap:
+ name: logstash-configmap
+ items:
+ - key: logstash.conf
+ path: logstash.conf
+ - name: cert-ca
+ secret:
+ secretName: cluster-es-http-certs-public
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: logstash
+ name: logstash
+spec:
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ type: ClusterIP
+ ports:
+ - name: "25826"
+ port: 25826
+ targetPort: 25826
+ - name: "5044"
+ port: 5044
+ targetPort: 5044
+ selector:
+ app: logstash
\ No newline at end of file
diff --git a/logging/namespace.yaml b/logging/namespace.yaml
new file mode 100644
index 0000000..8cf9fc9
--- /dev/null
+++ b/logging/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: logging
+ #labels:
+ # undercloud.cf/cert: "ca"
\ No newline at end of file
diff --git a/logging/operator.yaml b/logging/operator.yaml
new file mode 100644
index 0000000..e7aa061
--- /dev/null
+++ b/logging/operator.yaml
@@ -0,0 +1,724 @@
+# Source: eck-operator/templates/operator-namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: elastic-system
+ labels:
+ name: elastic-system
+---
+# Source: eck-operator/templates/service-account.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: elastic-operator
+ namespace: elastic-system
+ labels:
+ control-plane: elastic-operator
+ app.kubernetes.io/version: "2.6.1"
+---
+# Source: eck-operator/templates/webhook.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: elastic-webhook-server-cert
+ namespace: elastic-system
+ labels:
+ control-plane: elastic-operator
+ app.kubernetes.io/version: "2.6.1"
+---
+# Source: eck-operator/templates/configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: elastic-operator
+ namespace: elastic-system
+ labels:
+ control-plane: elastic-operator
+ app.kubernetes.io/version: "2.6.1"
+data:
+ eck.yaml: "log-verbosity: 0\nmetrics-port: 0\ncontainer-registry: docker.elastic.co\ncontainer-suffix: \nmax-concurrent-reconciles: 3\nca-cert-validity: 8760h\nca-cert-rotate-before: 24h\ncert-validity: 8760h\ncert-rotate-before: 24h\nexposed-node-labels: [topology.kubernetes.io/.*,failure-domain.beta.kubernetes.io/.*]\nset-default-security-context: auto-detect\nkube-client-timeout: 60s\nelasticsearch-client-timeout: 180s\ndisable-telemetry: false\ndistribution-channel: all-in-one\nvalidate-storage-class: true\nenable-webhook: true\nwebhook-name: elastic-webhook.k8s.elastic.co\nenable-leader-election: true\nelasticsearch-observation-interval: 10s"
+---
+# Source: eck-operator/templates/cluster-roles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: elastic-operator
+ labels:
+ control-plane: elastic-operator
+ app.kubernetes.io/version: "2.6.1"
+rules:
+- apiGroups:
+ - "authorization.k8s.io"
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ resourceNames:
+ - elastic-operator-leader
+ verbs:
+ - get
+ - watch
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - endpoints
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - events
+ - persistentvolumeclaims
+ - secrets
+ - services
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - statefulsets
+ - daemonsets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - elasticsearch.k8s.elastic.co
+ resources:
+ - elasticsearches
+ - elasticsearches/status
+ - elasticsearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - autoscaling.k8s.elastic.co
+ resources:
+ - elasticsearchautoscalers
+ - elasticsearchautoscalers/status
+ - elasticsearchautoscalers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - kibana.k8s.elastic.co
+ resources:
+ - kibanas
+ - kibanas/status
+ - kibanas/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - apm.k8s.elastic.co
+ resources:
+ - apmservers
+ - apmservers/status
+ - apmservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - enterprisesearch.k8s.elastic.co
+ resources:
+ - enterprisesearches
+ - enterprisesearches/status
+ - enterprisesearches/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - beat.k8s.elastic.co
+ resources:
+ - beats
+ - beats/status
+ - beats/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - agent.k8s.elastic.co
+ resources:
+ - agents
+ - agents/status
+ - agents/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - maps.k8s.elastic.co
+ resources:
+ - elasticmapsservers
+ - elasticmapsservers/status
+ - elasticmapsservers/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - stackconfigpolicy.k8s.elastic.co
+ resources:
+ - stackconfigpolicies
+ - stackconfigpolicies/status
+ - stackconfigpolicies/finalizers # needed for ownerReferences with blockOwnerDeletion on OCP
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+- apiGroups:
+ - storage.k8s.io
+ resources:
+ - storageclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+---
+# Source: eck-operator/templates/cluster-roles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: "elastic-operator-view"
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ control-plane: elastic-operator
+ app.kubernetes.io/version: "2.6.1"
+rules:
+- apiGroups: ["elasticsearch.k8s.elastic.co"]
+ resources: ["elasticsearches"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["autoscaling.k8s.elastic.co"]
+ resources: ["elasticsearchautoscalers"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["apm.k8s.elastic.co"]
+ resources: ["apmservers"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["kibana.k8s.elastic.co"]
+ resources: ["kibanas"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["enterprisesearch.k8s.elastic.co"]
+ resources: ["enterprisesearches"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["beat.k8s.elastic.co"]
+ resources: ["beats"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["agent.k8s.elastic.co"]
+ resources: ["agents"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["maps.k8s.elastic.co"]
+ resources: ["elasticmapsservers"]
+ verbs: ["get", "list", "watch"]
+- apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
+ resources: ["stackconfigpolicies"]
+ verbs: ["get", "list", "watch"]
+---
+# Source: eck-operator/templates/cluster-roles.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: "elastic-operator-edit"
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ control-plane: elastic-operator
+ app.kubernetes.io/version: "2.6.1"
+rules:
+- apiGroups: ["elasticsearch.k8s.elastic.co"]
+ resources: ["elasticsearches"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- apiGroups: ["autoscaling.k8s.elastic.co"]
+ resources: ["elasticsearchautoscalers"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- apiGroups: ["apm.k8s.elastic.co"]
+ resources: ["apmservers"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- apiGroups: ["kibana.k8s.elastic.co"]
+ resources: ["kibanas"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- apiGroups: ["enterprisesearch.k8s.elastic.co"]
+ resources: ["enterprisesearches"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- apiGroups: ["beat.k8s.elastic.co"]
+ resources: ["beats"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- apiGroups: ["agent.k8s.elastic.co"]
+ resources: ["agents"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- apiGroups: ["maps.k8s.elastic.co"]
+ resources: ["elasticmapsservers"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+- apiGroups: ["stackconfigpolicy.k8s.elastic.co"]
+ resources: ["stackconfigpolicies"]
+ verbs: ["create", "delete", "deletecollection", "patch", "update"]
+---
+# Source: eck-operator/templates/role-bindings.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: elastic-operator
+ labels:
+ control-plane: elastic-operator
+ app.kubernetes.io/version: "2.6.1"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: elastic-operator
+subjects:
+- kind: ServiceAccount
+ name: elastic-operator
+ namespace: elastic-system
+---
+# Source: eck-operator/templates/webhook.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ labels:
+ control-plane: elastic-operator
+ app.kubernetes.io/version: "2.6.1"
+spec:
+ ports:
+ - name: https
+ port: 443
+ targetPort: 9443
+ selector:
+ control-plane: elastic-operator
+---
+# Source: eck-operator/templates/statefulset.yaml
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: elastic-operator
+ namespace: elastic-system
+ labels:
+ control-plane: elastic-operator
+ app.kubernetes.io/version: "2.6.1"
+spec:
+ selector:
+ matchLabels:
+ control-plane: elastic-operator
+ serviceName: elastic-operator
+ replicas: 1
+ template:
+ metadata:
+ annotations:
+ # Rename the fields "error" to "error.message" and "source" to "event.source"
+ # This is to avoid a conflict with the ECS "error" and "source" documents.
+ "co.elastic.logs/raw": "[{\"type\":\"container\",\"json.keys_under_root\":true,\"paths\":[\"/var/log/containers/*${data.kubernetes.container.id}.log\"],\"processors\":[{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"error\",\"to\":\"_error\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_error\",\"to\":\"error.message\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"source\",\"to\":\"_source\"}]}},{\"convert\":{\"mode\":\"rename\",\"ignore_missing\":true,\"fields\":[{\"from\":\"_source\",\"to\":\"event.source\"}]}}]}]"
+ "checksum/config": 0167077654d0c8023b9201c09b02b9213c73d47b50aab990b1e2e8cd41653ca7
+ labels:
+ control-plane: elastic-operator
+ spec:
+ terminationGracePeriodSeconds: 10
+ serviceAccountName: elastic-operator
+ securityContext:
+ runAsNonRoot: true
+ containers:
+ - image: "docker.elastic.co/eck/eck-operator:2.6.1"
+ imagePullPolicy: IfNotPresent
+ name: manager
+ args:
+ - "manager"
+ - "--config=/conf/eck.yaml"
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ env:
+ - name: OPERATOR_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: WEBHOOK_SECRET
+ value: elastic-webhook-server-cert
+ resources:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 150Mi
+ ports:
+ - containerPort: 9443
+ name: https-webhook
+ protocol: TCP
+ volumeMounts:
+ - mountPath: "/conf"
+ name: conf
+ readOnly: true
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ volumes:
+ - name: conf
+ configMap:
+ name: elastic-operator
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: elastic-webhook-server-cert
+---
+# Source: eck-operator/templates/webhook.yaml
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: elastic-webhook.k8s.elastic.co
+ labels:
+ control-plane: elastic-operator
+ app.kubernetes.io/version: "2.6.1"
+webhooks:
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-agent-k8s-elastic-co-v1alpha1-agent
+ failurePolicy: Ignore
+ name: elastic-agent-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - agent.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - agents
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-apm-k8s-elastic-co-v1-apmserver
+ failurePolicy: Ignore
+ name: elastic-apm-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - apm.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - apmservers
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-apm-k8s-elastic-co-v1beta1-apmserver
+ failurePolicy: Ignore
+ name: elastic-apm-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - apm.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - apmservers
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-beat-k8s-elastic-co-v1beta1-beat
+ failurePolicy: Ignore
+ name: elastic-beat-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - beat.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - beats
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-enterprisesearch-k8s-elastic-co-v1-enterprisesearch
+ failurePolicy: Ignore
+ name: elastic-ent-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - enterprisesearch.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - enterprisesearches
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-enterprisesearch-k8s-elastic-co-v1beta1-enterprisesearch
+ failurePolicy: Ignore
+ name: elastic-ent-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - enterprisesearch.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - enterprisesearches
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-elasticsearch-k8s-elastic-co-v1-elasticsearch
+ failurePolicy: Ignore
+ name: elastic-es-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - elasticsearch.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - elasticsearches
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-elasticsearch-k8s-elastic-co-v1beta1-elasticsearch
+ failurePolicy: Ignore
+ name: elastic-es-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - elasticsearch.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - elasticsearches
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-kibana-k8s-elastic-co-v1-kibana
+ failurePolicy: Ignore
+ name: elastic-kb-validation-v1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - kibana.k8s.elastic.co
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kibanas
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-kibana-k8s-elastic-co-v1beta1-kibana
+ failurePolicy: Ignore
+ name: elastic-kb-validation-v1beta1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - kibana.k8s.elastic.co
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - kibanas
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-autoscaling-k8s-elastic-co-v1alpha1-elasticsearchautoscaler
+ failurePolicy: Ignore
+ name: elastic-esa-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - autoscaling.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - elasticsearchautoscalers
+- clientConfig:
+ caBundle: Cg==
+ service:
+ name: elastic-webhook-server
+ namespace: elastic-system
+ path: /validate-scp-k8s-elastic-co-v1alpha1-stackconfigpolicies
+ failurePolicy: Ignore
+ name: elastic-scp-validation-v1alpha1.k8s.elastic.co
+ matchPolicy: Exact
+ admissionReviewVersions: [v1, v1beta1]
+ sideEffects: None
+ rules:
+ - apiGroups:
+ - stackconfigpolicy.k8s.elastic.co
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - stackconfigpolicies
+
diff --git a/logging/secrets.yaml b/logging/secrets.yaml
new file mode 100644
index 0000000..7f66ecb
--- /dev/null
+++ b/logging/secrets.yaml
@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: elasticsearch
+ namespace: logging
+type: Opaque
+data:
+ pw: ZWxhc3RpY3B3U2FmZQ==
+---
+apiVersion: v1
+data:
+ elastic: NElzVGhlTWluZEtpbGxlcg==
+kind: Secret
+metadata:
+ labels:
+ common.k8s.elastic.co/type: elasticsearch
+ eck.k8s.elastic.co/credentials: "true"
+ eck.k8s.elastic.co/owner-kind: Elasticsearch
+ eck.k8s.elastic.co/owner-name: cluster
+ eck.k8s.elastic.co/owner-namespace: logging
+ elasticsearch.k8s.elastic.co/cluster-name: cluster
+ name: cluster-es-elastic-user
+ namespace: logging
+type: Opaque
\ No newline at end of file
diff --git a/logging/storageclass.yaml b/logging/storageclass.yaml
new file mode 100644
index 0000000..8d5ec34
--- /dev/null
+++ b/logging/storageclass.yaml
@@ -0,0 +1,28 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: logging
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: logging
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: logging-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
\ No newline at end of file
diff --git a/mail/README.md b/mail/README.md
new file mode 100644
index 0000000..7eb5f0a
--- /dev/null
+++ b/mail/README.md
@@ -0,0 +1,54 @@
+# docker-mailserver
+## mailserver
+
+### A production-ready fullstack but simple containerized mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.). Only configuration files, no SQL database. Keep it simple and versioned. Easy to deploy and upgrade. Originally created by @tomav, this project is now maintained by volunteers since January 2021.
+
+remember:
+there are special settings for nginx-ingress:
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: tcp-services
+ namespace: ingress-nginx
+ data:
+ 636: "openldap/ldap:636"
+ 389: "openldap/ldap:389"
+ 25: "docker-mailserver/docker-mailserver:25::PROXY"
+ 465: "docker-mailserver/docker-mailserver:465::PROXY"
+ 587: "docker-mailserver/docker-mailserver:587::PROXY"
+ 993: "docker-mailserver/docker-mailserver:993::PROXY"
+ 143: "docker-mailserver/docker-mailserver:143::PROXY"
+and cert-manager:
+ hostAliases:
+ - ip: "2001:470:72f0:f:1::b492"
+ hostnames:
+ - "ldap.undercloud.cf"
+ - "mail.undercloud.cf"
+ - "smtp.undercloud.cf"
+ - "imap.undercloud.cf"
+ - ip: "10.0.91.211"
+ hostnames:
+ - "ldap.undercloud.cf"
+ - "mail.undercloud.cf"
+ - "smtp.undercloud.cf"
+ - "imap.undercloud.cf"
+
+improvements:
+get working!
+metrics
+liveness probes
+resource limits
+
+
+# roundcube
+## web mail client
+
+### Simple, modern, lightweight & fast web-based email client.
+
+supposedly its abandond and snappy makil is a modern fork
+
+improvements:
+get it working!
+metrics
+liveness probes
+resource limits
\ No newline at end of file
diff --git a/mail/autodiscover.yaml b/mail/autodiscover.yaml
new file mode 100644
index 0000000..a3e735a
--- /dev/null
+++ b/mail/autodiscover.yaml
@@ -0,0 +1,98 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: autodiscover.environment
+ namespace: mail
+immutable: false
+data:
+ COMPANY_NAME: 'Undercloud'
+ SUPPORT_URL: 'https://autodiscover.undercloud.cf'
+ DOMAIN: 'undercloud.cf'
+ # IMAP configuration (host mandatory to enable)
+ IMAP_HOST: 'mail.undercloud.cf'
+ IMAP_PORT: '993'
+ IMAP_SOCKET: 'SSL'
+ # POP configuration (host mandatory to enable)
+ POP_HOST: 'mail.undercloud.cf'
+ POP_PORT: '995'
+ POP_SOCKET: 'SSL'
+ # SMTP configuration (host mandatory to enable)
+ SMTP_HOST: 'mail.undercloud.cf'
+ SMTP_PORT: '587'
+ SMTP_SOCKET: 'STARTTLS'
+ # MobileSync/ActiveSync configuration (url mandatory to enable)
+ MOBILESYNC_URL: 'https://sync.undercloud.cf'
+ MOBILESYNC_NAME: 'sync.undercloud.cf'
+ # LDAP configuration (host mandatory to enable)
+ LDAP_HOST: 'ldap.undercloud.cf'
+ LDAP_PORT: '636'
+ LDAP_SOCKET: 'SSL'
+ LDAP_BASE: 'dc=undercloud,dc=cf'
+ LDAP_USER_FIELD: 'uid'
+ LDAP_USER_BASE: 'ou=users,dc=undercloud,dc=cf'
+ LDAP_SEARCH: '(|(objectClass=inetOrgPerson))'
+ # Apple mobile config identifiers (identifier mandatory to enable)
+ #PROFILE_IDENTIFIER: 'com.example.autodiscover'
+ #PROFILE_UUID: '92943D26-CAB3-4086-897D-DC6C0D8B1E86'
+ #MAIL_UUID: '7A981A9E-D5D0-4EF8-87FE-39FD6A506FAC'
+ #LDAP_UUID: '6ECB6BA9-2208-4ABF-9E60-4E9F4CD7309E'
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: autodiscover
+ namespace: mail
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: autodiscover
+ template:
+ metadata:
+ labels:
+ app: autodiscover
+ spec:
+ containers:
+ - name: autodiscover
+ image: monogramm/autodiscover-email-settings:a7aee0d
+ imagePullPolicy: IfNotPresent
+ ports:
+ - name: transfer
+ containerPort: 8000
+ protocol: TCP
+ envFrom:
+ - configMapRef:
+ name: autodiscover.environment
+ env:
+ - name: LDAP_BIND_PW
+ valueFrom:
+ secretKeyRef:
+ name: mailserver-ldap
+ key: pw
+ restartPolicy: Always
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: autodiscover
+ namespace: mail
+spec:
+ clusterIP: '2001:470:72f0:f:1::51'
+ clusterIPs:
+ - '2001:470:72f0:f:1::51'
+ - 10.0.91.51
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ # Transfer
+ - name: transfer
+ port: 8000
+ targetPort: 8000
+ protocol: TCP
+ selector:
+ app: autodiscover
+ #sessionAffinity: None
+ type: ClusterIP
diff --git a/mail/backupSchedule.yaml b/mail/backupSchedule.yaml
new file mode 100644
index 0000000..955c3e0
--- /dev/null
+++ b/mail/backupSchedule.yaml
@@ -0,0 +1,140 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: mail-backup-csi-hourly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 15-22 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - mail
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 8h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: mail-backup-csi-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - mail
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: mail-backup-csi-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - mail
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: mail-backup-restic-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - mail
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: mail-backup-restic-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - mail
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: mail-backup-restic-monthly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 1 * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - mail
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 4380h0m0s
\ No newline at end of file
diff --git a/mail/certificates.yaml b/mail/certificates.yaml
new file mode 100644
index 0000000..5e55c13
--- /dev/null
+++ b/mail/certificates.yaml
@@ -0,0 +1,42 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: mail
+ namespace: mail
+spec:
+ # Secret names are always required.
+ secretName: docker-mailserver-tls
+
+ duration: 2160h0m0s # 90d
+ renewBefore: 360h0m0s # 15d
+ subject:
+ organizations:
+ - undercloud
+ # The use of the common name field has been deprecated since 2000 and is
+ # discouraged from being used.
+ commonName: mail.undercloud.cf
+ #isCA: false
+ privateKey:
+ algorithm: RSA
+ encoding: PKCS1
+ size: 2048
+ usages:
+ - server auth
+ - client auth
+ # At least one of a DNS Name, URI, or IP address is required.
+ dnsNames:
+ - mail.undercloud.cf
+ - imap.undercloud.cf
+ - smtp.undercloud.cf
+ #- ldap.openldap.svc.k8aux.undercloud.cf
+ #ipAddresses:
+ # - 192.168.0.5
+ # Issuer references are always required.
+ issuerRef:
+ name: letsencrypt
+ # We can reference ClusterIssuers by changing the kind here.
+ # The default value is Issuer (i.e. a locally namespaced Issuer)
+ kind: ClusterIssuer
+ # This is optional since cert-manager will default to this value however
+ # if you are using an external issuer, change this to that issuer group.
+ #group: cert-manager.io
\ No newline at end of file
diff --git a/mail/docker-mailserver.yaml b/mail/docker-mailserver.yaml
new file mode 100644
index 0000000..507b746
--- /dev/null
+++ b/mail/docker-mailserver.yaml
@@ -0,0 +1,367 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: mailserver.environment
+ namespace: mail
+immutable: false
+data:
+ TLS_LEVEL: modern
+ POSTSCREEN_ACTION: drop
+ OVERRIDE_HOSTNAME: mail.undercloud.cf
+ FAIL2BAN_BLOCKTYPE: drop
+ POSTMASTER_ADDRESS: postmaster@undercloud.cf
+ UPDATE_CHECK_INTERVAL: 10d
+ POSTFIX_INET_PROTOCOLS: ipv6, ipv4
+ ONE_DIR: '0'
+ ENABLE_CLAMAV: '0'
+ ENABLE_POSTGREY: '0'
+ ENABLE_FAIL2BAN: '1'
+ AMAVIS_LOGLEVEL: '-1'
+ SPOOF_PROTECTION: '1'
+ MOVE_SPAM_TO_JUNK: '1'
+ ENABLE_UPDATE_CHECK: '1'
+ ENABLE_SPAMASSASSIN: '1'
+ SUPERVISOR_LOGLEVEL: warn
+ SPAMASSASSIN_SPAM_TO_INBOX: '1'
+ DMS_DEBUG: '1'
+ ENABLE_POP3: '1'
+
+ # here, we provide an example for the SSL configuration
+ SSL_TYPE: manual
+ SSL_CERT_PATH: /secrets/ssl/rsa/tls.crt
+ SSL_KEY_PATH: /secrets/ssl/rsa/tls.key
+
+ #ldap
+ ACCOUNT_PROVISIONER: LDAP
+ LDAP_SERVER_HOST: ldap.undercloud.cf
+ LDAP_SEARCH_BASE: dc=undercloud,dc=cf
+ LDAP_BIND_DN: cn=mailserver,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf
+ #LDAP_BIND_PW: 'mypassword' # from secret
+ SPOOF_PROTECTION: '1'
+
+ LDAP_QUERY_FILTER_DOMAIN: (|(mail=*@%s)(mailAlias=*@%s)(mailGroupMember=*@%s))
+ LDAP_QUERY_FILTER_USER: (&(objectClass=inetOrgPerson)(mail=%s))
+ LDAP_QUERY_FILTER_ALIAS: (&(objectClass=inetOrgPerson)(mailAlias=%s))
+ LDAP_QUERY_FILTER_GROUP: (&(objectClass=groupOfUniqueNames)(mail=%s))
+ LDAP_QUERY_FILTER_SENDERS: (&(objectClass=inetOrgPerson)(|(mail=%s)))
+
+ DOVECOT_PASS_ATTRS: uid=user,userPassword=password
+ #DOVECOT_USER_ATTRS: home=/var/mail/%{ldap:uid},=mail=maildir:~/Maildir,uidNumber=uid,gidNumber=gid
+ DOVECOT_USER_ATTRS: =home=/var/mail/%{ldap:uid},=mail=maildir:~/Maildir,uidNumber=uid,gidNumber=5000
+ DOVECOT_USER_FILTER: (&(objectClass=person)(|(mail=%u)(uid=%u)))
+
+ SASLAUTHD_MECHANISMS: rimap
+ SASLAUTHD_MECH_OPTIONS: '::1'
+
+ #LDAP_START_TLS: 'yes'
+ #DOVECOT_TLS: 'yes'
+ #SASLAUTHD_LDAP_START_TLS: 'yes'
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: mailserver.files
+ namespace: mail
+data:
+# postfix-accounts.cf: |
+# sebastian@undercloud.cf|{SHA512-CRYPT}$6$ACOZB1B.2yHv8ePj$9vIW46wFqHfIMlP9.sDE1xtk1XN5OhS6etnvv5AxDPVPMFXXx55dVNwybLAaS/YEKahPg56vE9d6CIl7pYDw41
+# glodas@undercloud.cf|{SHA512-CRYPT}$6$ACOZB1B.2yHv8ePj$9vIW46wFqHfIMlP9.sDE1xtk1XN5OhS6etnvv5AxDPVPMFXXx55dVNwybLAaS/YEKahPg56vE9d6CIl7pYDw41
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: mailserver.config
+ namespace: mail
+ labels:
+ app: docker-mailserver
+#data:
+# postfix-main.cf: |
+# postscreen_upstream_proxy_protocol = haproxy
+# postfix-master.cf: |
+# smtp/inet/postscreen_upstream_proxy_protocol=haproxy
+# submission/inet/smtpd_upstream_proxy_protocol=haproxy
+# smtps/inet/smtpd_upstream_proxy_protocol=haproxy
+# dovecot.cf: |
+# # Assuming your ingress controller is bound to 10.0.0.0/8
+# haproxy_trusted_networks = 10.0.0.0/8, 127.0.0.0/8, 2001:470:72f0::/48, fd00::/48
+# service imap-login {
+# inet_listener imap {
+# haproxy = yes
+# }
+# inet_listener imaps {
+# haproxy = yes
+# }
+# }
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: docker-mailserver
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: docker-mailserver
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: docker-mailserver-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: data
+ namespace: mail
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 25G
+ storageClassName: docker-mailserver
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: docker-mailserver
+ namespace: mail
+ annotations:
+ ignore-check.kube-linter.io/run-as-non-root: >-
+ 'mailserver' needs to run as root
+ ignore-check.kube-linter.io/privileged-ports: >-
+ 'mailserver' needs privilegdes ports
+ ignore-check.kube-linter.io/no-read-only-root-fs: >-
+ There are too many files written to make The
+ root FS read-only
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: docker-mailserver
+ template:
+ metadata:
+ labels:
+ app: docker-mailserver
+
+ #annotations:
+ # container.apparmor.security.beta.kubernetes.io/docker-mailserver: runtime/default
+ spec:
+ securityContext:
+ runAsUser: 0
+ runAsGroup: 5000
+ fsGroup: 5000
+ hostname: mail
+ #initContainers:
+ #- name: changeowner
+ # image: busybox
+ # command: ["sh", "-c", "chmod +w /var/mail"]
+ # volumeMounts:
+ # - name: data
+ # mountPath: /var/mail
+ # subPath: data
+ # readOnly: false
+ containers:
+ - name: docker-mailserver
+ image: docker.io/mailserver/docker-mailserver:latest
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ allowPrivilegeEscalation: true
+ readOnlyRootFilesystem: false
+ runAsUser: 0
+ runAsGroup: 5000
+ runAsNonRoot: false
+ privileged: true
+ capabilities:
+ add:
+ # file permission capabilities
+ - CHOWN
+ - FOWNER
+ - MKNOD
+ - SETGID
+ - SETUID
+ - DAC_OVERRIDE
+ # network capabilities
+ - NET_ADMIN # needed for F2B
+ - NET_RAW # needed for F2B
+ - NET_BIND_SERVICE
+ # miscellaneous capabilities
+ - SYS_CHROOT
+ - KILL
+ drop: [ALL]
+ seccompProfile:
+ type: RuntimeDefault
+ # You want to tune this to your needs. If you disable ClamAV,
+ # you can use less RAM and CPU. This becomes important in
+ # case you're low on resources and Kubernetes refuses to
+ # schedule new pods.
+ resources:
+ limits:
+ memory: 2Gi
+ cpu: 1500m
+ requests:
+ memory: 500Mi
+ cpu: 600m
+ volumeMounts:
+ - name: files
+ subPath: postfix-accounts.cf
+ mountPath: /tmp/docker-mailserver/postfix-accounts.cf
+ readOnly: true
+ # PVCs
+ - name: data
+ mountPath: /var/mail
+ subPath: data
+ readOnly: false
+ - name: data
+ mountPath: /var/mail-state
+ subPath: state
+ readOnly: false
+ - name: data
+ mountPath: /var/log/mail
+ subPath: log
+ readOnly: false
+ # certificates
+ - name: certificates-rsa
+ mountPath: /secrets/ssl/rsa/
+ readOnly: true
+ # other
+ - name: tmp-files
+ mountPath: /tmp
+ readOnly: false
+
+ - name: config
+ subPath: postfix-main.cf
+ mountPath: /tmp/docker-mailserver/postfix-main.cf
+ readOnly: true
+ - name: config
+ subPath: postfix-master.cf
+ mountPath: /tmp/docker-mailserver/postfix-master.cf
+ readOnly: true
+ - name: config
+ subPath: dovecot.cf
+ mountPath: /tmp/docker-mailserver/dovecot.cf
+ readOnly: true
+ ports:
+ - name: transfer
+ containerPort: 25
+ protocol: TCP
+ - name: esmtp-implicit
+ containerPort: 465
+ protocol: TCP
+ - name: esmtp-explicit
+ containerPort: 587
+ - name: imap-implicit
+ containerPort: 993
+ protocol: TCP
+ - name: imap
+ containerPort: 143
+ protocol: TCP
+ - name: pop3
+ containerPort: 110
+ protocol: TCP
+ - name: pop3s
+ containerPort: 995
+ protocol: TCP
+ envFrom:
+ - configMapRef:
+ name: mailserver.environment
+ env:
+ - name: LDAP_BIND_PW
+ valueFrom:
+ secretKeyRef:
+ name: mailserver-ldap
+ key: pw
+ restartPolicy: Always
+ volumes:
+ # configuration files
+ - name: files
+ configMap:
+ name: mailserver.files
+ - name: config
+ configMap:
+ name: mailserver.config
+ # PVCs
+ - name: data
+ persistentVolumeClaim:
+ claimName: data
+ # certificates
+ - name: certificates-rsa
+ secret:
+ secretName: docker-mailserver-tls
+ items:
+ - key: tls.key
+ path: tls.key
+ - key: tls.crt
+ path: tls.crt
+
+ # other
+ - name: tmp-files
+ emptyDir: {}
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: docker-mailserver
+ namespace: mail
+spec:
+ clusterIP: '2001:470:72f0:f:1::50'
+ clusterIPs:
+ - '2001:470:72f0:f:1::50'
+ - 10.0.91.50
+ ipFamilies:
+ - IPv6
+ - IPv4
+ #ipFamilyPolicy: SingleStack
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ # Transfer
+ - name: transfer
+ port: 25
+ targetPort: transfer
+ protocol: TCP
+ # ESMTP with implicit TLS
+ - name: esmtp-implicit
+ port: 465
+ targetPort: esmtp-implicit
+ protocol: TCP
+ # ESMTP with explicit TLS (STARTTLS)
+ - name: esmtp-explicit
+ port: 587
+ targetPort: esmtp-explicit
+ protocol: TCP
+ # IMAPS with implicit TLS
+ - name: imap-implicit
+ port: 993
+ targetPort: imap-implicit
+ protocol: TCP
+ - name: imap
+ port: 143
+ targetPort: imap
+ protocol: TCP
+ - name: pop3
+ port: 110
+ targetPort: pop3
+ protocol: TCP
+ - name: pop3s
+ port: 995
+ targetPort: pop3s
+ protocol: TCP
+ selector:
+ app: docker-mailserver
+ #sessionAffinity: None
+ type: ClusterIP
diff --git a/mail/filesystem.yaml b/mail/filesystem.yaml
new file mode 100644
index 0000000..d9feec0
--- /dev/null
+++ b/mail/filesystem.yaml
@@ -0,0 +1,42 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+ name: docker-mailserver
+ namespace: rook-ceph
+spec:
+ metadataPool:
+ failureDomain: host
+ replicated:
+ size: 3
+ dataPools:
+ - name: replicated
+ failureDomain: host
+ replicated:
+ size: 3
+ preserveFilesystemOnDelete: false
+ metadataServer:
+ activeCount: 1
+ activeStandby: true
+ placement:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - mds-node
+ tolerations:
+ - key: node-role.kubernetes.io/storage-node
+ operator: Exists
+ effect: NoSchedule
+ # podAffinity:
+ # podAntiAffinity:
+ # topologySpreadConstraints:
+ #resources:
+ # limits:
+ # cpu: "80m"
+ # memory: "1024Mi"
+ # requests:
+ # cpu: "500m"
+ # memory: "1024Mi"
\ No newline at end of file
diff --git a/mail/ingress.yaml b/mail/ingress.yaml
new file mode 100644
index 0000000..1da86bb
--- /dev/null
+++ b/mail/ingress.yaml
@@ -0,0 +1,97 @@
+---
+#apiVersion: networking.k8s.io/v1
+#kind: Ingress
+#metadata:
+# labels:
+# app: docker-mailserver
+# name: mail
+# namespace: mail
+# annotations:
+# nginx.ingress.kubernetes.io/rewrite-target: /
+# cert-manager.io/cluster-issuer: "letsencrypt-staging"
+# #acme.cert-manager.io/http01-edit-in-place: "true"
+#spec:
+# tls:
+# - hosts:
+# - mail.undercloud.cf
+# secretName: docker-mailserver-tls
+# rules:
+# - host: mail.undercloud.cf
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: autoconfig
+ namespace: mail
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - autoconfig.undercloud.cf
+ secretName: autoconfig-tls
+ rules:
+ - host: autoconfig.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: autodiscover
+ port:
+ number: 8000
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: autodiscover
+ namespace: mail
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - autodiscover.undercloud.cf
+ secretName: autodiscover-tls
+ rules:
+ - host: autodiscover.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: autodiscover
+ port:
+ number: 8000
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: roundcube
+ namespace: mail
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - roundcube.undercloud.cf
+ secretName: roundcube-tls
+ rules:
+ - host: roundcube.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: roundcubenginx
+ port:
+ number: 80
\ No newline at end of file
diff --git a/mail/namespace.yaml b/mail/namespace.yaml
new file mode 100644
index 0000000..244f30c
--- /dev/null
+++ b/mail/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: mail
+ labels:
+ undercloud.cf/cert: "ca"
\ No newline at end of file
diff --git a/mail/roundcube.yaml b/mail/roundcube.yaml
new file mode 100644
index 0000000..a187842
--- /dev/null
+++ b/mail/roundcube.yaml
@@ -0,0 +1,291 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: roundcubemail-www
+ namespace: mail
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 200Mi
+ storageClassName: docker-mailserver
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: roundcubemail-temp
+ namespace: mail
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 2Gi
+ storageClassName: docker-mailserver
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: roundcubemail-db
+ namespace: mail
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 2Gi
+ storageClassName: docker-mailserver
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: roundcubenginx-config
+ namespace: mail
+data:
+ default.conf: |
+ server {
+ listen [::]:80 default_server;
+ server_name _;
+ root /var/www/html;
+ location / {
+ try_files $uri /index.php$is_args$args;
+ }
+ location ~ \.php(/|$) {
+ try_files $uri =404;
+ fastcgi_pass roundcubemail:9000;
+ fastcgi_read_timeout 300;
+ proxy_read_timeout 300;
+ fastcgi_split_path_info ^(.+\.php)(/.*)$;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+ fastcgi_param DOCUMENT_ROOT $realpath_root;
+ internal;
+ }
+ client_max_body_size 6m;
+ error_log /var/log/nginx/error.log;
+ access_log /var/log/nginx/access.log;
+ }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: roundcubedb
+ namespace: mail
+ labels:
+ service: roundcubedb
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ service: roundcubedb
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ service: roundcubedb
+ spec:
+ containers:
+ - name: roundcubedb
+ image: postgres:alpine
+ imagePullPolicy: ""
+ env:
+ - name: POSTGRES_DB
+ value: roundcube
+ - name: POSTGRES_USER
+ valueFrom:
+ secretKeyRef:
+ name: roundcubemail-shared-secret
+ key: DB_USER
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: roundcubemail-shared-secret
+ key: DB_PASSWORD
+ ports:
+ - containerPort: 5432
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: roundcubemail-db
+ restartPolicy: Always
+ serviceAccountName: ""
+ volumes:
+ - name: roundcubemail-db
+ persistentVolumeClaim:
+ claimName: roundcubemail-db
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: roundcubemail
+ namespace: mail
+ labels:
+ service: roundcubemail
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ service: roundcubemail
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ service: roundcubemail
+ spec:
+ containers:
+ - name: roundcubemail
+ image: roundcube/roundcubemail:1.6.1-fpm-alpine
+ imagePullPolicy: ""
+ env:
+ - name: ROUNDCUBEMAIL_DB_TYPE
+ value: pgsql
+ - name: ROUNDCUBEMAIL_DB_HOST
+ value: roundcubedb
+ - name: ROUNDCUBEMAIL_DB_NAME
+ value: roundcube
+ - name: ROUNDCUBEMAIL_DB_USER
+ valueFrom:
+ secretKeyRef:
+ name: roundcubemail-shared-secret
+ key: DB_USER
+ - name: ROUNDCUBEMAIL_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: roundcubemail-shared-secret
+ key: DB_PASSWORD
+ - name: ROUNDCUBEMAIL_DES_KEY
+ valueFrom:
+ secretKeyRef:
+ name: roundcubemail-shared-secret
+ key: DES_KEY
+ - name: ROUNDCUBEMAIL_DEFAULT_HOST
+ value: tls://imap.undercloud.cf.
+ - name: ROUNDCUBEMAIL_SMTP_SERVER
+ value: tls://smtp.undercloud.cf.
+ - name: ROUNDCUBEMAIL_SKIN
+ value: elastic
+ - name: ROUNDCUBEMAIL_PLUGINS
+ value: archive,zipdownload,newmail_notifier
+ ports:
+ - containerPort: 9000
+ volumeMounts:
+ - mountPath: /var/www/html
+ name: www-data
+ - mountPath: /tmp/roundcube-temp
+ name: temp-data
+ restartPolicy: Always
+ # serviceAccountName: ""
+ volumes:
+ - name: www-data
+ persistentVolumeClaim:
+ claimName: roundcubemail-www
+ - name: temp-data
+ persistentVolumeClaim:
+ claimName: roundcubemail-temp
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: roundcubenginx
+ namespace: mail
+ labels:
+ app: roundcubenginx
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: roundcubenginx
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app: roundcubenginx
+ spec:
+ containers:
+ - name: roundcubenginx
+ image: nginx
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: NGINX_HOST
+ value: localhost
+ - name: NGINX_PHP_CGI
+ value: roundcubemail:9000
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - name: www-data
+ mountPath: /var/www/html
+ - name: nginx-config
+ mountPath: /etc/nginx/conf.d/default.conf
+ subPath: default.conf
+ restartPolicy: Always
+ serviceAccountName: ""
+ volumes:
+ - name: www-data
+ persistentVolumeClaim:
+ claimName: roundcubemail-www
+ - name: nginx-config
+ configMap:
+ name: roundcubenginx-config
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: roundcubedb
+ namespace: mail
+ labels:
+ service: roundcubedb
+spec:
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ type: ClusterIP
+ ports:
+ - port: 5432
+ targetPort: 5432
+ protocol: TCP
+ selector:
+ service: roundcubedb
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: roundcubemail
+ namespace: mail
+ labels:
+ service: roundcubemail
+spec:
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ type: ClusterIP
+ ports:
+ - port: 9000
+ targetPort: 9000
+ protocol: TCP
+ selector:
+ service: roundcubemail
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: roundcubenginx
+ namespace: mail
+ labels:
+ app: roundcubenginx
+spec:
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ type: ClusterIP
+ ports:
+ - name: http
+ port: 80
+ targetPort: 80
+ selector:
+ app: roundcubenginx
\ No newline at end of file
diff --git a/mail/secrets.yaml b/mail/secrets.yaml
new file mode 100644
index 0000000..3fe4ad5
--- /dev/null
+++ b/mail/secrets.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mailserver-ldap
+ namespace: mail
+type: Opaque
+data:
+ pw: c2VjdXJlUFdtYWlsc2VydmVy
+---
+---
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+ name: roundcubemail-shared-secret
+ namespace: mail
+stringData:
+ DES_KEY: 'a-super-random-value56'
+ DB_USER: roundcube
+ DB_PASSWORD: roundcubePwd2
\ No newline at end of file
diff --git a/matrix/README.md b/matrix/README.md
new file mode 100644
index 0000000..b380188
--- /dev/null
+++ b/matrix/README.md
@@ -0,0 +1,17 @@
+# Matrix
+## Synapse + Element
+
+Matrix is an open standard and communication protocol for real-time communication.
+
+### Synapse
+Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. We began rapid development in 2014, reaching v1.0.0 in 2019. Development on Synapse and the Matrix protocol itself continues in earnest today.
+
+### Element
+Element is a Matrix-based end-to-end encrypted messenger and secure collaboration app
+
+
+improvements:
+metrics
+resource limits
+email
+enable capcha
\ No newline at end of file
diff --git a/matrix/backupSchedule.yaml b/matrix/backupSchedule.yaml
new file mode 100644
index 0000000..82bbe88
--- /dev/null
+++ b/matrix/backupSchedule.yaml
@@ -0,0 +1,140 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: matrix-backup-csi-hourly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 15-22 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - matrix
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 8h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: matrix-backup-csi-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - matrix
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: matrix-backup-csi-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - matrix
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: matrix-backup-restic-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - matrix
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: matrix-backup-restic-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - matrix
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: matrix-backup-restic-monthly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 1 * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - matrix
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 4380h0m0s
\ No newline at end of file
diff --git a/matrix/db.yaml b/matrix/db.yaml
new file mode 100644
index 0000000..8a5d2f7
--- /dev/null
+++ b/matrix/db.yaml
@@ -0,0 +1,226 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: matrix-db
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: matrix
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: matrix-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db
+ namespace: matrix
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 4Gi
+ storageClassName: matrix-db
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db
+ namespace: matrix
+ labels:
+ app: db
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db
+ template:
+ metadata:
+ labels:
+ app: db
+ spec:
+ containers:
+ - name: db
+ image: postgres
+ imagePullPolicy: "IfNotPresent"
+ ports:
+ - name: mysql
+ containerPort: 5432
+ env:
+ - name: MARIADB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: matrix-db
+ key: root.pw
+ - name: POSTGRES_USER
+ valueFrom:
+ secretKeyRef:
+ name: matrix-db
+ key: username
+ optional: false
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: matrix-db
+ key: user.pw
+ optional: false
+ - name: POSTGRES_DB
+ value: synapse
+ - name: POSTGRES_INITDB_ARGS
+ value: "--lc-collate=C --lc-ctype=C --encoding=UTF8"
+ #livenessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 120
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ #readinessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 30
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: data
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: db
+ readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: db
+ namespace: matrix
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ ports:
+ - name: postgres
+ port: 5432
+ protocol: TCP
+ targetPort: 5432
+ selector:
+ app: db
+ sessionAffinity: None
+ type: ClusterIP
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: matrix-db-backup
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: matrix
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: matrix-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db-backup
+ namespace: matrix
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 4Gi
+ storageClassName: matrix-db-backup
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db-backup
+ namespace: matrix
+ labels:
+ app: db-backup
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db-backup
+ template:
+ metadata:
+ labels:
+ app: db-backup
+ spec:
+ containers:
+ - name: db-backup
+ image: prodrigestivill/postgres-backup-local
+ imagePullPolicy: "IfNotPresent"
+ env:
+ - name: SCHEDULE
+ value: "@daily"
+ - name: BACKUP_KEEP_DAYS
+ value: "7"
+ - name: POSTGRES_DB
+ value: "synapse"
+ - name: POSTGRES_HOST
+ value: db
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: matrix-db
+ key: root.pw
+ - name: POSTGRES_USER
+ valueFrom:
+ secretKeyRef:
+ name: matrix-db
+ key: username
+ optional: false
+ - name: HEALTHCHECK_PORT
+ value: "8080"
+ volumeMounts:
+ - mountPath: /backups
+ name: backup
+ volumes:
+ - name: backup
+ persistentVolumeClaim:
+ claimName: db-backup
+ readOnly: false
\ No newline at end of file
diff --git a/matrix/element.yaml b/matrix/element.yaml
new file mode 100644
index 0000000..df16511
--- /dev/null
+++ b/matrix/element.yaml
@@ -0,0 +1,130 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config-element
+ namespace: matrix
+data:
+ config.json: |
+ {
+ "default_server_config": {
+ "m.homeserver": {
+ "base_url": "https://matrix.undercloud.cf:443",
+ "server_name": "matrix.undercloud.cf"
+ },
+ "m.identity_server": {
+ "base_url": "https://vector.im"
+ }
+ },
+ "disable_custom_urls": false,
+ "disable_guests": false,
+ "disable_login_language_selector": false,
+ "disable_3pid_login": false,
+ "brand": "Undercloud Communication",
+ "integrations_ui_url": "https://scalar.vector.im/",
+ "integrations_rest_url": "https://scalar.vector.im/api",
+ "integrations_widgets_urls": [
+ "https://scalar.vector.im/_matrix/integrations/v1",
+ "https://scalar.vector.im/api",
+ "https://scalar-staging.vector.im/_matrix/integrations/v1",
+ "https://scalar-staging.vector.im/api",
+ "https://scalar-staging.riot.im/scalar/api"
+ ],
+ "bug_report_endpoint_url": "https://element.io/bugreports/submit",
+ "uisi_autorageshake_app": "element-auto-uisi",
+ "default_country_code": "GB",
+ "show_labs_settings": true,
+ "features": {},
+ "default_federate": true,
+ "default_theme": "dark",
+ "room_directory": {
+ "servers": ["matrix.org","matrix.undercloud.cf"]
+ },
+ "enable_presence_by_hs_url": {
+ "https://matrix.org": false,
+ "https://matrix-client.matrix.org": false,
+ "https://matrix.undercloud.cf": true
+ },
+ "setting_defaults": {
+ "breadcrumbs": true
+ },
+ "jitsi": {
+ "preferred_domain": "jitsi.undercloud.cf"
+ },
+ "element_call": {
+ "url": "https://call.element.io",
+ "participant_limit": 8,
+ "brand": "Element Call"
+ },
+ "map_style_url": "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"
+ }
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: element
+ namespace: matrix
+ labels:
+ app: element
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: element
+ template:
+ metadata:
+ labels:
+ app: element
+ spec:
+ containers:
+ - name: element
+ image: vectorim/element-web:v1.11.20
+ imagePullPolicy: IfNotPresent
+ readinessProbe:
+ httpGet:
+ path: /
+ port: element
+ initialDelaySeconds: 2
+ periodSeconds: 3
+ livenessProbe:
+ httpGet:
+ path: /
+ port: element
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ ports:
+ - containerPort: 80
+ name: element
+ volumeMounts:
+ - mountPath: "/app/config.json"
+ name: config-element
+ subPath: config.json
+ volumes:
+ - name: config-element
+ configMap:
+ name: config-element
+ items:
+ - key: "config.json"
+ path: "config.json"
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: element
+ namespace: matrix
+ labels:
+ app: element
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 80
+ selector:
+ app: element
+ sessionAffinity: None
+ type: ClusterIP
diff --git a/matrix/filesystem.yaml b/matrix/filesystem.yaml
new file mode 100644
index 0000000..62be72e
--- /dev/null
+++ b/matrix/filesystem.yaml
@@ -0,0 +1,42 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+ name: matrix
+ namespace: rook-ceph
+spec:
+ metadataPool:
+ failureDomain: host
+ replicated:
+ size: 3
+ dataPools:
+ - name: replicated
+ failureDomain: host
+ replicated:
+ size: 3
+ preserveFilesystemOnDelete: false
+ metadataServer:
+ activeCount: 1
+ activeStandby: true
+ placement:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - mds-node
+ tolerations:
+ - key: node-role.kubernetes.io/storage-node
+ operator: Exists
+ effect: NoSchedule
+ # podAffinity:
+ # podAntiAffinity:
+ # topologySpreadConstraints:
+ #resources:
+ # limits:
+ # cpu: "80m"
+ # memory: "1024Mi"
+ # requests:
+ # cpu: "500m"
+ # memory: "1024Mi"
\ No newline at end of file
diff --git a/matrix/ingress.yaml b/matrix/ingress.yaml
new file mode 100644
index 0000000..05d3d5c
--- /dev/null
+++ b/matrix/ingress.yaml
@@ -0,0 +1,51 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: matrix
+ namespace: matrix
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - matrix.undercloud.cf
+ secretName: matrix-tls
+ rules:
+ - host: matrix.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: synapse
+ port:
+ number: 80
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: element
+ namespace: matrix
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - element.undercloud.cf
+ secretName: element-tls
+ rules:
+ - host: element.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: element
+ port:
+ number: 80
\ No newline at end of file
diff --git a/matrix/namespace.yaml b/matrix/namespace.yaml
new file mode 100644
index 0000000..b711501
--- /dev/null
+++ b/matrix/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: matrix
+ labels:
+ prometheus: prometheus
\ No newline at end of file
diff --git a/matrix/secrets.yaml b/matrix/secrets.yaml
new file mode 100644
index 0000000..4ffdfea
--- /dev/null
+++ b/matrix/secrets.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: matrix-db
+ namespace: matrix
+type: Opaque
+data:
+ root.pw: bWF0cml4Um9vdFBX
+ username: bWF0cml4
+ user.pw: bWF0cml4VXNlclBX
\ No newline at end of file
diff --git a/matrix/synapse.yaml b/matrix/synapse.yaml
new file mode 100644
index 0000000..143bacd
--- /dev/null
+++ b/matrix/synapse.yaml
@@ -0,0 +1,224 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: config
+ namespace: matrix
+data:
+ homeserver.yaml: |
+ # Configuration file for Synapse.
+ #
+ # This is a YAML file: see [1] for a quick introduction. Note in particular
+ # that *indentation is important*: all the elements of a list or dictionary
+ # should have the same indentation.
+ #
+ # [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
+ #
+ # For more information on how to configure Synapse, including a complete accounting of
+ # each option, go to docs/usage/configuration/config_documentation.md or
+ # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html
+ server_name: "undercloud.cf"
+ pid_file: /data/homeserver.pid
+ public_baseurl: "https://undercloud.cf"
+
+ #allow_public_rooms_without_auth: true
+ #allow_public_rooms_over_federation: true
+ enable_registration: true
+ enable_registration_without_verification: true
+ #allow_guest_access: true
+ enable_metrics: true
+
+
+ modules:
+ - module: "ldap_auth_provider.LdapAuthProviderModule"
+ config:
+ enabled: true
+ #mode: "search"
+ uri: "ldap://ldap.undercloud.cf:389"
+ start_tls: true
+ base: "ou=users,dc=undercloud,dc=cf"
+ attributes:
+ uid: "cn"
+ mail: "mail"
+ name: "displayName"
+ bind_dn: cn=synapse,ou=serviceaccounts,ou=users,dc=undercloud,dc=cf
+ bind_password: aPasswordForTheSynapseUser5
+ filter: "(objectClass=inetOrgPerson)"
+ tls_options:
+ validate: false
+
+ listeners:
+ - port: 8008
+ tls: false
+ type: http
+ x_forwarded: true
+ resources:
+ - names: [client, federation]
+ compress: false
+ #database:
+ # name: sqlite3
+ # args:
+ # database: /data/homeserver.db
+ database:
+ name: psycopg2
+ args:
+ user: matrix
+ password: matrixUserPW
+ database: synapse
+ host: db
+ cp_min: 5
+ cp_max: 10
+ log_config: "/data/matrix.undercloud.cf.log.config"
+ media_store_path: /data/media_store
+ registration_shared_secret: ",=UrbCS67WrW1&&3Xi&*Q17AE@QZ1ni0@BFHviDD+sE=aFfc;Y"
+ report_stats: true
+ macaroon_secret_key: "QbLPh;thU&X_mZ~Cf+BqBLEzfDN9yMc-Kf.bB6HA5yTiH_7@:-"
+ form_secret: "u5EhY4vAm1-qLOVQJPzsu7zwGeBkC:=PSJizLERyv#G.5R,2L@"
+ signing_key_path: "/data/matrix.undercloud.cf.signing.key"
+ trusted_key_servers:
+ - server_name: "matrix.org"
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: synapse
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: matrix
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: matrix-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: data
+ namespace: matrix
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 4Gi
+ storageClassName: synapse
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: synapse
+ namespace: matrix
+ labels:
+ app: synapse
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: synapse
+ template:
+ metadata:
+ labels:
+ app: synapse
+ spec:
+ initContainers:
+ - name: gen-config
+ image: matrixdotorg/synapse:v1.83.0
+ args: ["generate"]
+ ports:
+ - containerPort: 8008
+ env:
+ - name: SYNAPSE_SERVER_NAME
+ value: "matrix.undercloud.cf"
+ - name: SYNAPSE_REPORT_STATS
+ value: "yes"
+ volumeMounts:
+ - mountPath: "/data"
+ name: data
+ - mountPath: "/data/homeserver.yaml"
+ name: homeserver
+ subPath: homeserver.yaml
+ containers:
+ - name: synapse
+ image: matrixdotorg/synapse
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 8008
+ #lifecycle:
+ # postStart:
+ # exec:
+ # command:
+ # - "/bin/startup.sh"
+ livenessProbe:
+ httpGet:
+ path: /_matrix/client/versions
+ port: 8008
+ scheme: HTTP
+ initialDelaySeconds: 120
+ name: matrix-synapse
+ readinessProbe:
+ httpGet:
+ path: /_matrix/client/versions
+ port: 8008
+ scheme: HTTP
+ initialDelaySeconds: 10
+ volumeMounts:
+ - mountPath: "/data"
+ name: data
+ - mountPath: "/data/homeserver.yaml"
+ name: homeserver
+ subPath: homeserver.yaml
+ readinessProbe:
+ httpGet:
+ path: /_matrix/client/versions
+ port: 8008
+ scheme: HTTP
+ initialDelaySeconds: 10
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: data
+ - name: homeserver
+ configMap:
+ name: config
+ items:
+ - key: "homeserver.yaml"
+ path: "homeserver.yaml"
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: synapse
+ namespace: matrix
+ labels:
+ app: synapse
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 8008
+ selector:
+ app: synapse
+ sessionAffinity: None
+ type: ClusterIP
diff --git a/nextcloud/README.md b/nextcloud/README.md
new file mode 100644
index 0000000..629a43f
--- /dev/null
+++ b/nextcloud/README.md
@@ -0,0 +1,4 @@
+# Nextcloud
+## varioud cloud services
+
+Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud provides functionality similar to Dropbox
diff --git a/nextcloud/adminer.yaml b/nextcloud/adminer.yaml
new file mode 100644
index 0000000..3e32885
--- /dev/null
+++ b/nextcloud/adminer.yaml
@@ -0,0 +1,47 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: adminer
+ namespace: nextcloud
+ labels:
+ app: adminer
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: adminer
+ template:
+ metadata:
+ labels:
+ app: adminer
+ spec:
+ containers:
+ - name: adminer
+ image: adminer
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: ADMINER_DEFAULT_SERVER
+ value: db
+ ports:
+ - containerPort: 8080
+ protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: adminer
+ namespace: nextcloud
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 8080
+ selector:
+ app: adminer
+ sessionAffinity: None
+ type: ClusterIP
diff --git a/nextcloud/backupSchedule.yaml b/nextcloud/backupSchedule.yaml
new file mode 100644
index 0000000..35d31b4
--- /dev/null
+++ b/nextcloud/backupSchedule.yaml
@@ -0,0 +1,140 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: nextcloud-backup-csi-hourly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 15-22 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - nextcloud
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 8h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: nextcloud-backup-csi-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - nextcloud
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: nextcloud-backup-csi-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - nextcloud
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: nextcloud-backup-restic-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - nextcloud
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: nextcloud-backup-restic-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - nextcloud
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: nextcloud-backup-restic-monthly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 1 * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - nextcloud
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 4380h0m0s
\ No newline at end of file
diff --git a/nextcloud/db.yaml b/nextcloud/db.yaml
new file mode 100644
index 0000000..4feb3a7
--- /dev/null
+++ b/nextcloud/db.yaml
@@ -0,0 +1,216 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: nextcloud-db
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: nextcloud
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: nextcloud-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db
+ namespace: nextcloud
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 16Gi
+ storageClassName: nextcloud-db
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db
+ namespace: nextcloud
+ labels:
+ app: db
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db
+ template:
+ metadata:
+ labels:
+ app: db
+ spec:
+ containers:
+ - name: db
+ image: mariadb:10.5
+ imagePullPolicy: "IfNotPresent"
+ ports:
+ - name: mysql
+ containerPort: 3306
+ env:
+ - name: MARIADB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: nextcloud-db
+ key: root.pw
+ - name: MARIADB_USER
+ valueFrom:
+ secretKeyRef:
+ name: nextcloud-db
+ key: username
+ optional: false
+ - name: MARIADB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: nextcloud-db
+ key: user.pw
+ optional: false
+ - name: MARIADB_DATABASE
+ value: nextcloud
+ #livenessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 120
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ #readinessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 30
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ volumeMounts:
+ - mountPath: /var/lib/mysql
+ name: data
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: db
+ readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: db
+ namespace: nextcloud
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ ports:
+ - name: mysql
+ port: 3306
+ protocol: TCP
+ targetPort: 3306
+ selector:
+ app: db
+ sessionAffinity: None
+ type: ClusterIP
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: nextcloud-db-backup
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: nextcloud
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: nextcloud-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db-backup
+ namespace: nextcloud
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 10Gi
+ storageClassName: nextcloud-db-backup
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db-backup
+ namespace: nextcloud
+ labels:
+ app: db-backup
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db-backup
+ template:
+ metadata:
+ labels:
+ app: db-backup
+ spec:
+ containers:
+ - name: db-backup
+ image: rsprta/mariadb-backup
+ imagePullPolicy: "IfNotPresent"
+ env:
+ - name: CRON_TIMER
+ value: "@daily"
+ - name: MARIADB_HOST
+ value: db
+ - name: MARIADB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: nextcloud-db
+ key: root.pw
+ - name: MARIADB_USER
+ value: root
+ - name: MARIADB_PORT
+ value: "3306"
+ volumeMounts:
+ - mountPath: /backup
+ name: backup
+ volumes:
+ - name: backup
+ persistentVolumeClaim:
+ claimName: db-backup
+ readOnly: false
\ No newline at end of file
diff --git a/nextcloud/filesystem.yaml b/nextcloud/filesystem.yaml
new file mode 100644
index 0000000..43cfbe3
--- /dev/null
+++ b/nextcloud/filesystem.yaml
@@ -0,0 +1,42 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+ name: nextcloud
+ namespace: rook-ceph
+spec:
+ metadataPool:
+ failureDomain: host
+ replicated:
+ size: 3
+ dataPools:
+ - name: replicated
+ failureDomain: host
+ replicated:
+ size: 3
+ preserveFilesystemOnDelete: false
+ metadataServer:
+ activeCount: 1
+ activeStandby: true
+ placement:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - mds-node
+ tolerations:
+ - key: node-role.kubernetes.io/storage-node
+ operator: Exists
+ effect: NoSchedule
+ # podAffinity:
+ # podAntiAffinity:
+ # topologySpreadConstraints:
+ #resources:
+ # limits:
+ # cpu: "80m"
+ # memory: "1024Mi"
+ # requests:
+ # cpu: "500m"
+ # memory: "1024Mi"
\ No newline at end of file
diff --git a/nextcloud/ingress.yaml b/nextcloud/ingress.yaml
new file mode 100644
index 0000000..9a2bc07
--- /dev/null
+++ b/nextcloud/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: nextcloud
+ namespace: nextcloud
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - nextcloud.undercloud.cf
+ secretName: nextcloud-tls
+ rules:
+ - host: nextcloud.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: nextcloud
+ port:
+ number: 80
\ No newline at end of file
diff --git a/nextcloud/namespace.yaml b/nextcloud/namespace.yaml
new file mode 100644
index 0000000..b4428b3
--- /dev/null
+++ b/nextcloud/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: nextcloud
+ labels:
+ prometheus: prometheus
\ No newline at end of file
diff --git a/nextcloud/nextcloud.yaml b/nextcloud/nextcloud.yaml
new file mode 100644
index 0000000..cc5f3f3
--- /dev/null
+++ b/nextcloud/nextcloud.yaml
@@ -0,0 +1,226 @@
+#apiVersion: v1
+#kind: ConfigMap
+#metadata:
+# name: env
+# namespace: nextcloud
+#data:
+# # file-like keys
+# .env: |
+# #from configmap
+#
+#---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: startup
+ namespace: nextcloud
+data:
+ startup.sh: |
+ #!/bin/sh
+ echo "startup..."
+ #if test ! -f "/data/startup.ran"; then
+ # echo "waiting 60s for startup..."
+ #else
+ # echo "startup ran already!"
+ #fi
+ apt update
+ docker-php-ext-install bz2
+ apt install smbclient libsmbclient-dev pecl install smbclient docker-php-ext-enable smbclient
+ apt install libgmp3-dev docker-php-ext-install gmp
+ apt install ffmpeg
+ apt install libmagickcore-6.q16-6-extra
+ echo "startup done."
+ #exit 123
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: after-ready
+ namespace: nextcloud
+data:
+ script.sh: |
+ #!/bin/sh
+ echo "startup..."
+ #if test ! -f "/data/startup.ran"; then
+ # echo "waiting 60s for startup..."
+ #else
+ # echo "startup ran already!"
+ #fi
+
+ echo "startup done."
+ #exit 123
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: nextcloud
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: nextcloud
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: nextcloud-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: nextcloud
+ namespace: nextcloud
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 64Gi
+ storageClassName: nextcloud
+---
+#apiVersion: v1
+#kind: PersistentVolumeClaim
+#metadata:
+# name: nextcloud-config
+# namespace: nextcloud
+#spec:
+# accessModes:
+# - ReadWriteMany
+# resources:
+# requests:
+# storage: 128Mi
+# storageClassName: nextcloud
+#---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nextcloud
+ namespace: nextcloud
+ labels:
+ app: nextcloud
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: nextcloud
+ template:
+ metadata:
+ labels:
+ app: nextcloud
+ spec:
+ #initContainers:
+ #- name: copyappini
+ # image: linuxserver/bookstack:23.02.3
+ # command: ["bash", "-c", "mkdir -p /data/gitea/conf && cp -f /copy/app.ini /data/gitea/conf/app.ini"]
+ # volumeMounts:
+ # - mountPath: /data
+ # name: data
+ # - mountPath: /copy
+ # name: app-ini
+ containers:
+ - name: nextcloud
+ image: evokom/nextcloud-full
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 443
+ #lifecycle:
+ # postStart:
+ # exec:
+ # command:
+ # - "/bin/startup.sh"
+ env:
+ - name: PUID
+ value: "1000"
+ - name: PGID
+ value: "1000"
+ - name: MYSQL_DATABASE
+ value: "nextcloud"
+ - name: MYSQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: nextcloud-db
+ key: username
+ optional: false
+ - name: MYSQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: nextcloud-db
+ key: user.pw
+ optional: false
+ - name: MYSQL_HOST
+ value: "db"
+ - name: NEXTCLOUD_ADMIN_USER
+ value: admin
+ - name: NEXTCLOUD_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: nextcloud-admin
+ key: pw
+ optional: false
+ - name: NEXTCLOUD_DATA_DIR
+ value: "/var/www/html/data"
+ - name: NEXTCLOUD_TRUSTED_DOMAINS
+ value: "nextcloud.undercloud.cf nextcloud.nextcloud.svc.k8aux.undercloud.cf"
+ volumeMounts:
+ - mountPath: "/var/www/html"
+ name: nextcloud
+ #- mountPath: /startup.sh
+ # name: startup
+ # subPath: startup.sh
+ #- mountPath: "/config/www/.env"
+ # name: env
+ # subPath: .env
+ volumes:
+ - name: nextcloud
+ persistentVolumeClaim:
+ claimName: nextcloud
+ #- name: env
+ # configMap:
+ # name: env
+ # items:
+ # - key: ".env"
+ # path: ".env"
+ - name: startup
+ configMap:
+ name: startup
+ defaultMode: 0700
+ items:
+ - key: "startup.sh"
+ path: "startup.sh"
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: nextcloud
+ namespace: nextcloud
+ labels:
+ app: nextcloud
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 80
+ selector:
+ app: nextcloud
+ sessionAffinity: None
+ type: ClusterIP
diff --git a/nextcloud/secrets.yaml b/nextcloud/secrets.yaml
new file mode 100644
index 0000000..dbb006a
--- /dev/null
+++ b/nextcloud/secrets.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: nextcloud-db
+ namespace: nextcloud
+type: Opaque
+data:
+ root.pw: bmV4dGNsb3Vkcm9vdHB3
+ username: bmV4dGNsb3Vk
+ user.pw: bmV4dGNsb3VkbmV4dGNsb3VkUFc=
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: nextcloud-admin
+ namespace: nextcloud
+type: Opaque
+data:
+ pw: NElzVGhlTWluZEtpbGxlcg==
\ No newline at end of file
diff --git a/paperless/README.md b/paperless/README.md
new file mode 100644
index 0000000..7824515
--- /dev/null
+++ b/paperless/README.md
@@ -0,0 +1,11 @@
+# Paperless
+## Document Management
+
+Paperless-ngx is a document management system that transforms your physical documents into a searchable online archive so you can keep, well, less paper.
+
+improvements:
+install tika
+automate stuff
+healthcheck
+metrics
+resource limits
\ No newline at end of file
diff --git a/paperless/backupSchedule.yaml b/paperless/backupSchedule.yaml
new file mode 100644
index 0000000..0478409
--- /dev/null
+++ b/paperless/backupSchedule.yaml
@@ -0,0 +1,140 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: paperless-backup-csi-hourly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 15-22 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - paperless
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 8h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: paperless-backup-csi-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - paperless
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: paperless-backup-csi-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - paperless
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: paperless-backup-restic-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - paperless
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: paperless-backup-restic-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - paperless
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: paperless-backup-restic-monthly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 1 * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - paperless
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 4380h0m0s
\ No newline at end of file
diff --git a/paperless/db.yaml b/paperless/db.yaml
new file mode 100644
index 0000000..fd32ffe
--- /dev/null
+++ b/paperless/db.yaml
@@ -0,0 +1,226 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: paperless-db
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: paperless
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: paperless-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db
+ namespace: paperless
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 8Gi
+ storageClassName: paperless-db
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db
+ namespace: paperless
+ labels:
+ app: db
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db
+ template:
+ metadata:
+ labels:
+ app: db
+ spec:
+ containers:
+ - name: db
+ image: postgres
+ imagePullPolicy: "IfNotPresent"
+ ports:
+ - name: mysql
+ containerPort: 5432
+ env:
+ - name: MARIADB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: paperless-db
+ key: root.pw
+ - name: POSTGRES_USER
+ valueFrom:
+ secretKeyRef:
+ name: paperless-db
+ key: username
+ optional: false
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: paperless-db
+ key: user.pw
+ optional: false
+ - name: POSTGRES_DB
+ value: paperless
+ - name: POSTGRES_INITDB_ARGS
+ value: "--lc-collate=C --lc-ctype=C --encoding=UTF8"
+ #livenessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 120
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ #readinessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 30
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: data
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: db
+ readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: db
+ namespace: paperless
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ ports:
+ - name: postgres
+ port: 5432
+ protocol: TCP
+ targetPort: 5432
+ selector:
+ app: db
+ sessionAffinity: None
+ type: ClusterIP
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: paperless-db-backup
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: paperless
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: paperless-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db-backup
+ namespace: paperless
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 4Gi
+ storageClassName: paperless-db-backup
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db-backup
+ namespace: paperless
+ labels:
+ app: db-backup
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db-backup
+ template:
+ metadata:
+ labels:
+ app: db-backup
+ spec:
+ containers:
+ - name: db-backup
+ image: prodrigestivill/postgres-backup-local
+ imagePullPolicy: "IfNotPresent"
+ env:
+ - name: SCHEDULE
+ value: "@daily"
+ - name: BACKUP_KEEP_DAYS
+ value: "7"
+ - name: POSTGRES_DB
+ value: "paperless"
+ - name: POSTGRES_HOST
+ value: db
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: paperless-db
+ key: root.pw
+ - name: POSTGRES_USER
+ valueFrom:
+ secretKeyRef:
+ name: paperless-db
+ key: username
+ optional: false
+ - name: HEALTHCHECK_PORT
+ value: "8080"
+ volumeMounts:
+ - mountPath: /backups
+ name: backup
+ volumes:
+ - name: backup
+ persistentVolumeClaim:
+ claimName: db-backup
+ readOnly: false
\ No newline at end of file
diff --git a/paperless/filesystem.yaml b/paperless/filesystem.yaml
new file mode 100644
index 0000000..5ac6dfe
--- /dev/null
+++ b/paperless/filesystem.yaml
@@ -0,0 +1,42 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+ name: paperless
+ namespace: rook-ceph
+spec:
+ metadataPool:
+ failureDomain: host
+ replicated:
+ size: 3
+ dataPools:
+ - name: replicated
+ failureDomain: host
+ replicated:
+ size: 3
+ preserveFilesystemOnDelete: false
+ metadataServer:
+ activeCount: 1
+ activeStandby: true
+ placement:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - mds-node
+ tolerations:
+ - key: node-role.kubernetes.io/storage-node
+ operator: Exists
+ effect: NoSchedule
+ # podAffinity:
+ # podAntiAffinity:
+ # topologySpreadConstraints:
+ #resources:
+ # limits:
+ # cpu: "80m"
+ # memory: "1024Mi"
+ # requests:
+ # cpu: "500m"
+ # memory: "1024Mi"
\ No newline at end of file
diff --git a/paperless/ingress.yaml b/paperless/ingress.yaml
new file mode 100644
index 0000000..93059f2
--- /dev/null
+++ b/paperless/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: paperless
+ namespace: paperless
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - paperless.undercloud.cf
+ secretName: paperless-tls
+ rules:
+ - host: paperless.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: paperless
+ port:
+ number: 80
\ No newline at end of file
diff --git a/paperless/namespace.yaml b/paperless/namespace.yaml
new file mode 100644
index 0000000..c550f52
--- /dev/null
+++ b/paperless/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: paperless
+ labels:
+ prometheus: prometheus
\ No newline at end of file
diff --git a/paperless/paperless.yaml b/paperless/paperless.yaml
new file mode 100644
index 0000000..61e8d64
--- /dev/null
+++ b/paperless/paperless.yaml
@@ -0,0 +1,145 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: paperless
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: paperless
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: paperless-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: data
+ namespace: paperless
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 8Gi
+ storageClassName: paperless
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: paperless
+ namespace: paperless
+ labels:
+ app: paperless
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: paperless
+ template:
+ metadata:
+ labels:
+ app: paperless
+ spec:
+ containers:
+ - name: paperless
+ image: paperlessngx/paperless-ngx:1.15
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 8000
+ env:
+ - name: PAPERLESS_ADMIN_USER
+ valueFrom:
+ secretKeyRef:
+ name: paperless-user
+ key: username
+ optional: false
+ - name: PAPERLESS_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: paperless-user
+ key: pw
+ optional: false
+ - name: PAPERLESS_ADMIN_MAIL
+ value: "thrawn235@gmail.com"
+ - name: PAPERLESS_PORT
+ value: "8000"
+ - name: PAPERLESS_DBPASS
+ valueFrom:
+ secretKeyRef:
+ name: paperless-db
+ key: user.pw
+ optional: false
+ - name: PAPERLESS_DBHOST
+ value: "db"
+ - name: PAPERLESS_REDIS
+ value: "redis://broker:6379"
+ - name: USERMAP_UID
+ value: "1000"
+ - name: USERMAP_GID
+ value: "1000"
+ - name: PAPERLESS_URL
+ value: "https://paperless.undercloud.cf"
+ - name: PAPERLESS_SECRET_KEY
+ value: lsakdhfehjhmsnDFK
+ - name: PAPERLESS_TIME_ZONE
+ value: "Europe/Berlin"
+ #- name: PAPERLESS_OCR_LANGUAGE
+ # value: "de"
+ volumeMounts:
+ - mountPath: "/usr/src/paperless/data"
+ name: data
+ subPath: data
+ - mountPath: "/usr/src/paperless/media"
+ name: data
+ subPath: media
+ - mountPath: "/usr/src/paperless/export"
+ name: data
+ subPath: export
+ - mountPath: "/usr/src/paperless/consume"
+ name: data
+ subPath: consumer
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: data
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: paperless
+ namespace: paperless
+ labels:
+ app: paperless
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv4
+ - IPv6
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 8000
+ selector:
+ app: paperless
+ sessionAffinity: None
+ type: ClusterIP
+---
diff --git a/paperless/redis.yaml b/paperless/redis.yaml
new file mode 100644
index 0000000..03794b4
--- /dev/null
+++ b/paperless/redis.yaml
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: redis
+ namespace: paperless
+ labels:
+ app: redis
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: redis
+ template:
+ metadata:
+ labels:
+ app: redis
+ spec:
+ containers:
+ - name: paperless
+ image: docker.io/library/redis:7
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 6379
+ volumeMounts:
+ - mountPath: "/data"
+ name: data
+ subPath: redis-data
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: data
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: broker
+ namespace: paperless
+ labels:
+ app: redis
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ - name: redis
+ port: 6379
+ protocol: TCP
+ targetPort: 6379
+ selector:
+ app: redis
+ sessionAffinity: None
+ type: ClusterIP
\ No newline at end of file
diff --git a/paperless/secrets.yaml b/paperless/secrets.yaml
new file mode 100644
index 0000000..7c9df48
--- /dev/null
+++ b/paperless/secrets.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: paperless-db
+ namespace: paperless
+type: Opaque
+data:
+ root.pw: cGFwZXJsZXNzREJSb290UFc=
+ username: cGFwZXJsZXNz
+ user.pw: cGFwZXJsZXNzREJQYXBlcmxlc3NQVw==
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: paperless-user
+ namespace: paperless
+type: Opaque
+data:
+ username: YWRtaW4=
+ pw: NElzVGhlTWluZEtpbGxlcg==
\ No newline at end of file
diff --git a/vaultwarden/README.md b/vaultwarden/README.md
new file mode 100644
index 0000000..d63e7c8
--- /dev/null
+++ b/vaultwarden/README.md
@@ -0,0 +1,13 @@
+# Vaultwarden
+## Bitwarden compatible open source Server
+
+after bootstrap:
+add all the passwords
+
+enhancement:
+external database
+database backup
+backup!!
+metrics
+liveness probes
+resource limits
\ No newline at end of file
diff --git a/vaultwarden/backupSchedule.yaml b/vaultwarden/backupSchedule.yaml
new file mode 100644
index 0000000..d9fb1c5
--- /dev/null
+++ b/vaultwarden/backupSchedule.yaml
@@ -0,0 +1,140 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: vaultwarden-backup-csi-hourly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 15-22 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - vaultwarden
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 8h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: vaultwarden-backup-csi-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - vaultwarden
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: vaultwarden-backup-csi-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - vaultwarden
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: vaultwarden-backup-restic-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - vaultwarden
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: vaultwarden-backup-restic-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - vaultwarden
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: vaultwarden-backup-restic-monthly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 1 * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - vaultwarden
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 4380h0m0s
\ No newline at end of file
diff --git a/vaultwarden/filesystem.yaml b/vaultwarden/filesystem.yaml
new file mode 100644
index 0000000..7b9a820
--- /dev/null
+++ b/vaultwarden/filesystem.yaml
@@ -0,0 +1,42 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+ name: vaultwarden
+ namespace: rook-ceph
+spec:
+ metadataPool:
+ failureDomain: host
+ replicated:
+ size: 3
+ dataPools:
+ - name: replicated
+ failureDomain: host
+ replicated:
+ size: 3
+ preserveFilesystemOnDelete: false
+ metadataServer:
+ activeCount: 1
+ activeStandby: true
+ placement:
+ # nodeAffinity:
+ # requiredDuringSchedulingIgnoredDuringExecution:
+ # nodeSelectorTerms:
+ # - matchExpressions:
+ # - key: role
+ # operator: In
+ # values:
+ # - mds-node
+ tolerations:
+ - key: node-role.kubernetes.io/storage-node
+ operator: Exists
+ effect: NoSchedule
+ # podAffinity:
+ # podAntiAffinity:
+ # topologySpreadConstraints:
+ #resources:
+ # limits:
+ # cpu: "80m"
+ # memory: "1024Mi"
+ # requests:
+ # cpu: "500m"
+ # memory: "1024Mi"
\ No newline at end of file
diff --git a/vaultwarden/ingress.yaml b/vaultwarden/ingress.yaml
new file mode 100644
index 0000000..86a782f
--- /dev/null
+++ b/vaultwarden/ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: vaultwarden
+ namespace: vaultwarden
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+ nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+
+spec:
+ tls:
+ - hosts:
+ - vaultwarden.undercloud.cf
+ secretName: vaultwarden-tls
+ rules:
+ - host: vaultwarden.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: vaultwarden
+ port:
+ number: 80
\ No newline at end of file
diff --git a/vaultwarden/namespace.yaml b/vaultwarden/namespace.yaml
new file mode 100644
index 0000000..deea145
--- /dev/null
+++ b/vaultwarden/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: vaultwarden
\ No newline at end of file
diff --git a/vaultwarden/vaultwarden.yaml b/vaultwarden/vaultwarden.yaml
new file mode 100644
index 0000000..034c527
--- /dev/null
+++ b/vaultwarden/vaultwarden.yaml
@@ -0,0 +1,106 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: vaultwarden
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: vaultwarden
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: vaultwarden-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: data
+ namespace: vaultwarden
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 64M
+ storageClassName: vaultwarden
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: vaultwarden
+ namespace: vaultwarden
+ labels:
+ app: vaultwarden
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: vaultwarden
+ template:
+ metadata:
+ labels:
+ app: vaultwarden
+ spec:
+ #securityContext:
+ # runAsUser: 1000
+ # runAsGroup: 1000
+ # fsGroup: 1000
+
+ containers:
+ - name: vaultwarden
+ image: vaultwarden/server:latest
+ imagePullPolicy: IfNotPresent
+ env:
+ #- name: WEBSOCKET_ADDRESS
+ # value: "[::]"
+ #- name: WEBSOCKET_ENABLED
+ # value: "true"
+ - name: ROCKET_ADDRESS
+ value: "::"
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - mountPath: /data
+ name: data
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: data
+ readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: vaultwarden
+ namespace: vaultwarden
+spec:
+ ipFamilies:
+ - IPv6
+ #- IPv4
+ #ipFamilyPolicy: PreferDualStack
+ ipFamilyPolicy: SingleStack
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 80
+ selector:
+ app: vaultwarden
+ sessionAffinity: None
+ type: ClusterIP
diff --git a/wordpress/README.md b/wordpress/README.md
new file mode 100644
index 0000000..0403911
--- /dev/null
+++ b/wordpress/README.md
@@ -0,0 +1,12 @@
+# Wordpress
+## Website and Blog
+
+Just for internal Undercloud Infos
+(and for fun)
+
+improvements:
+metrics
+liveness probes
+resource limits
+ldap login
+high availibility (mutliple worker pods)
\ No newline at end of file
diff --git a/wordpress/backupSchedule.yaml b/wordpress/backupSchedule.yaml
new file mode 100644
index 0000000..6c87661
--- /dev/null
+++ b/wordpress/backupSchedule.yaml
@@ -0,0 +1,140 @@
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: wordpress-backup-csi-hourly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 15-22 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - wordpress
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 8h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: wordpress-backup-csi-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - wordpress
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: wordpress-backup-csi-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: ceph-bucket
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ defaultVolumesToFsBackup: false
+ hooks: {}
+ includedNamespaces:
+ - wordpress
+ metadata: {}
+ storageLocation: ceph-bucket
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: wordpress-backup-restic-daily
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - wordpress
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 168h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: wordpress-backup-restic-weekly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 * * 1 # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - wordpress
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 730h0m0s
+---
+apiVersion: velero.io/v1
+kind: Schedule
+metadata:
+ name: wordpress-backup-restic-monthly
+ namespace: velero
+ labels:
+ velero.io/storage-location: aux-balancer-minio
+spec:
+ # Schedule is a Cron expression defining when to run the Backup
+ schedule: 0 0 1 * * # every hour
+ # Specifies whether to use OwnerReferences on backups created by this Schedule.
+ # Notice: if set to true, when schedule is deleted, backups will be deleted too. Optional.
+ useOwnerReferencesInBackup: true
+ template:
+ csiSnapshotTimeout: 10m0s
+ snapshotVolumes: false
+ defaultVolumesToFsBackup: true
+ hooks: {}
+ includedNamespaces:
+ - wordpress
+ metadata: {}
+ storageLocation: aux-balancer-minio
+ ttl: 4380h0m0s
\ No newline at end of file
diff --git a/wordpress/db.yaml b/wordpress/db.yaml
new file mode 100644
index 0000000..e19e38f
--- /dev/null
+++ b/wordpress/db.yaml
@@ -0,0 +1,216 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: wordpress-db
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: wordpress
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: wordpress-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db
+ namespace: wordpress
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 4Gi
+ storageClassName: wordpress-db
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db
+ namespace: wordpress
+ labels:
+ app: db
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db
+ template:
+ metadata:
+ labels:
+ app: db
+ spec:
+ containers:
+ - name: db
+ image: mariadb:10.5
+ imagePullPolicy: "IfNotPresent"
+ ports:
+ - name: mysql
+ containerPort: 3306
+ env:
+ - name: MARIADB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: wordpress-db
+ key: root.pw
+ - name: MARIADB_USER
+ valueFrom:
+ secretKeyRef:
+ name: wordpress-db
+ key: username
+ optional: false
+ - name: MARIADB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: wordpress-db
+ key: user.pw
+ optional: false
+ - name: MARIADB_DATABASE
+ value: wordpress
+ #livenessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 120
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ #readinessProbe:
+ # exec:
+ # command: ["sh", "-c", "exec mysqladmin status -uroot -p$MARIADB_ROOT_PASSWORD"]
+ # initialDelaySeconds: 30
+ # periodSeconds: 10
+ # timeoutSeconds: 1
+ # successThreshold: 1
+ # failureThreshold: 3
+ volumeMounts:
+ - mountPath: /var/lib/mysql
+ name: data
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: db
+ readOnly: false
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: db
+ namespace: wordpress
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ ports:
+ - name: mysql
+ port: 3306
+ protocol: TCP
+ targetPort: 3306
+ selector:
+ app: db
+ sessionAffinity: None
+ type: ClusterIP
+---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: wordpress-db-backup
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: wordpress
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: wordpress-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: db-backup
+ namespace: wordpress
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 4Gi
+ storageClassName: wordpress-db-backup
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: db-backup
+ namespace: wordpress
+ labels:
+ app: db-backup
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: db-backup
+ template:
+ metadata:
+ labels:
+ app: db-backup
+ spec:
+ containers:
+ - name: db-backup
+ image: rsprta/mariadb-backup
+ imagePullPolicy: "IfNotPresent"
+ env:
+ - name: CRON_TIMER
+ value: "@daily"
+ - name: MARIADB_HOST
+ value: db
+ - name: MARIADB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: wordpress-db
+ key: root.pw
+ - name: MARIADB_USER
+ value: root
+ - name: MARIADB_PORT
+ value: "3306"
+ volumeMounts:
+ - mountPath: /backup
+ name: backup
+ volumes:
+ - name: backup
+ persistentVolumeClaim:
+ claimName: db-backup
+ readOnly: false
\ No newline at end of file
diff --git a/wordpress/filesystem.yaml b/wordpress/filesystem.yaml
new file mode 100644
index 0000000..c464164
--- /dev/null
+++ b/wordpress/filesystem.yaml
@@ -0,0 +1,17 @@
+apiVersion: ceph.rook.io/v1
+kind: CephFilesystem
+metadata:
+ name: wordpress
+ namespace: rook-ceph
+spec:
+ metadataPool:
+ replicated:
+ size: 3
+ dataPools:
+ - name: replicated
+ replicated:
+ size: 3
+ preserveFilesystemOnDelete: false
+ metadataServer:
+ activeCount: 1
+ activeStandby: true
\ No newline at end of file
diff --git a/wordpress/ingress.yaml b/wordpress/ingress.yaml
new file mode 100644
index 0000000..308acf4
--- /dev/null
+++ b/wordpress/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: wordpress
+ namespace: wordpress
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ cert-manager.io/cluster-issuer: letsencrypt
+
+spec:
+ tls:
+ - hosts:
+ - wordpress.undercloud.cf
+ secretName: wordpress-tls
+ rules:
+ - host: wordpress.undercloud.cf
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: wordpress
+ port:
+ number: 80
\ No newline at end of file
diff --git a/wordpress/namespace.yaml b/wordpress/namespace.yaml
new file mode 100644
index 0000000..01a01eb
--- /dev/null
+++ b/wordpress/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: wordpress
+ labels:
+ prometheus: prometheus
\ No newline at end of file
diff --git a/wordpress/secrets.yaml b/wordpress/secrets.yaml
new file mode 100644
index 0000000..4cd6f32
--- /dev/null
+++ b/wordpress/secrets.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: wordpress-db
+ namespace: wordpress
+type: Opaque
+data:
+ root.pw: d29yZHByZXNzU2VjdXJlUm9vdFBX
+ username: d29yZHByZXNz
+ user.pw: d29yZHByZXNzU2VjdXJlV29yZHByZXNzdFBX
\ No newline at end of file
diff --git a/wordpress/wordpress.yaml b/wordpress/wordpress.yaml
new file mode 100644
index 0000000..28282fb
--- /dev/null
+++ b/wordpress/wordpress.yaml
@@ -0,0 +1,122 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+ name: wordpress
+# Change "rook-ceph" provisioner prefix to match the operator namespace if needed
+provisioner: rook-ceph.cephfs.csi.ceph.com
+parameters:
+ # clusterID is the namespace where the rook cluster is running
+ # If you change this namespace, also change the namespace below where the secret namespaces are defined
+ clusterID: rook-ceph
+
+ # CephFS filesystem name into which the volume shall be created
+ fsName: wordpress
+
+ # Ceph pool into which the volume shall be created
+ # Required for provisionVolume: "true"
+ pool: wordpress-replicated
+
+ # The secrets contain Ceph admin credentials. These are generated automatically by the operator
+ # in the same namespace as the cluster.
+ csi.storage.k8s.io/provisioner-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/provisioner-secret-namespace: rook-ceph
+ csi.storage.k8s.io/controller-expand-secret-name: rook-csi-cephfs-provisioner
+ csi.storage.k8s.io/controller-expand-secret-namespace: rook-ceph
+ csi.storage.k8s.io/node-stage-secret-name: rook-csi-cephfs-node
+ csi.storage.k8s.io/node-stage-secret-namespace: rook-ceph
+
+reclaimPolicy: Delete
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: wordpress
+ namespace: wordpress
+spec:
+ accessModes:
+ - ReadWriteMany
+ resources:
+ requests:
+ storage: 8Gi
+ storageClassName: wordpress
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: wordpress
+ namespace: wordpress
+ labels:
+ app: wordpress
+spec:
+
+ replicas: 1
+ selector:
+ matchLabels:
+ app: wordpress
+ template:
+ metadata:
+ labels:
+ app: wordpress
+ spec:
+ dnsConfig:
+ options:
+ - name: ndots
+ value: "1"
+ containers:
+ - name: wordpress
+ image: wordpress:6.2.0-php8.2
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 80
+ #lifecycle:
+ # postStart:
+ # exec:
+ # command:
+ # - "/bin/startup.sh"
+ env:
+ - name: WORDPRESS_DB_HOST
+ value: "db"
+ - name: WORDPRESS_DB_USER
+ valueFrom:
+ secretKeyRef:
+ name: wordpress-db
+ key: username
+ optional: false
+ - name: WORDPRESS_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: wordpress-db
+ key: user.pw
+ optional: false
+ - name: WORDPRESS_DB_NAME
+ value: "wordpress"
+ volumeMounts:
+ - mountPath: "/var/www/html"
+ name: wordpress
+ volumes:
+ - name: wordpress
+ persistentVolumeClaim:
+ claimName: wordpress
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: wordpress
+ namespace: wordpress
+ labels:
+ app: wordpress
+spec:
+ internalTrafficPolicy: Cluster
+ ipFamilies:
+ - IPv6
+ - IPv4
+ ipFamilyPolicy: PreferDualStack
+ ports:
+ - name: http
+ port: 80
+ protocol: TCP
+ targetPort: 80
+ selector:
+ app: wordpress
+ sessionAffinity: None
+ type: ClusterIP