[daos\_network\_storage\_scripts](#module\_daos\_network\_storage\_scripts) | ../../../../modules/scripts/startup-script | n/a |
| [nodeset\_cleanup](#module\_nodeset\_cleanup) | ./modules/cleanup_compute | n/a |
| [nodeset\_cleanup\_tpu](#module\_nodeset\_cleanup\_tpu) | ./modules/cleanup_tpu | n/a |
-| [slurm\_controller\_template](#module\_slurm\_controller\_template) | github.com/GoogleCloudPlatform/slurm-gcp.git//terraform/slurm_cluster/modules/slurm_instance_template | 6.8.6 |
+| [slurm\_controller\_template](#module\_slurm\_controller\_template) | ../../internal/slurm-gcp-v6/instance_template | n/a |
| [slurm\_files](#module\_slurm\_files) | ./modules/slurm_files | n/a |
-| [slurm\_login\_instance](#module\_slurm\_login\_instance) | github.com/GoogleCloudPlatform/slurm-gcp.git//terraform/slurm_cluster/modules/_slurm_instance | 6.8.6 |
-| [slurm\_login\_template](#module\_slurm\_login\_template) | github.com/GoogleCloudPlatform/slurm-gcp.git//terraform/slurm_cluster/modules/slurm_instance_template | 6.8.6 |
-| [slurm\_nodeset\_template](#module\_slurm\_nodeset\_template) | github.com/GoogleCloudPlatform/slurm-gcp.git//terraform/slurm_cluster/modules/slurm_instance_template | 6.8.6 |
-| [slurm\_nodeset\_tpu](#module\_slurm\_nodeset\_tpu) | github.com/GoogleCloudPlatform/slurm-gcp.git//terraform/slurm_cluster/modules/slurm_nodeset_tpu | 6.8.6 |
+| [slurm\_login\_instance](#module\_slurm\_login\_instance) | ../../internal/slurm-gcp-v6/instance | n/a |
+| [slurm\_login\_template](#module\_slurm\_login\_template) | ../../internal/slurm-gcp-v6/instance_template | n/a |
+| [slurm\_nodeset\_template](#module\_slurm\_nodeset\_template) | ../../internal/slurm-gcp-v6/instance_template | n/a |
+| [slurm\_nodeset\_tpu](#module\_slurm\_nodeset\_tpu) | ../../internal/slurm-gcp-v6/nodeset_tpu | n/a |
## Resources
@@ -336,7 +336,7 @@ limitations under the License.
| [metadata](#input\_metadata) | Metadata, provided as a map. | `map(string)` | `{}` | no |
| [min\_cpu\_platform](#input\_min\_cpu\_platform) | Specifies a minimum CPU platform. Applicable values are the friendly names of
CPU platforms, such as Intel Haswell or Intel Skylake. See the complete list:
https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform | `string` | `null` | no |
| [network\_storage](#input\_network\_storage) | An array of network attached storage mounts to be configured on all instances. | list(object({
server_ip = string,
remote_mount = string,
local_mount = string,
fs_type = string,
mount_options = string,
client_install_runner = optional(map(string))
mount_runner = optional(map(string))
})) | `[]` | no |
-| [nodeset](#input\_nodeset) | Define nodesets, as a list. | list(object({
node_count_static = optional(number, 0)
node_count_dynamic_max = optional(number, 1)
node_conf = optional(map(string), {})
nodeset_name = string
additional_disks = optional(list(object({
disk_name = optional(string)
device_name = optional(string)
disk_size_gb = optional(number)
disk_type = optional(string)
disk_labels = optional(map(string), {})
auto_delete = optional(bool, true)
boot = optional(bool, false)
})), [])
bandwidth_tier = optional(string, "platform_default")
can_ip_forward = optional(bool, false)
disable_smt = optional(bool, false)
disk_auto_delete = optional(bool, true)
disk_labels = optional(map(string), {})
disk_size_gb = optional(number)
disk_type = optional(string)
enable_confidential_vm = optional(bool, false)
enable_placement = optional(bool, false)
enable_oslogin = optional(bool, true)
enable_shielded_vm = optional(bool, false)
enable_maintenance_reservation = optional(bool, false)
enable_opportunistic_maintenance = optional(bool, false)
gpu = optional(object({
count = number
type = string
}))
dws_flex = object({
enabled = bool
max_run_duration = number
use_job_duration = bool
})
labels = optional(map(string), {})
machine_type = optional(string)
maintenance_interval = optional(string)
instance_properties_json = string
metadata = optional(map(string), {})
min_cpu_platform = optional(string)
network_tier = optional(string, "STANDARD")
network_storage = optional(list(object({
server_ip = string
remote_mount = string
local_mount = string
fs_type = string
mount_options = string
client_install_runner = optional(map(string))
mount_runner = optional(map(string))
})), [])
on_host_maintenance = optional(string)
preemptible = optional(bool, false)
region = optional(string)
service_account = optional(object({
email = optional(string)
scopes = optional(list(string), ["https://www.googleapis.com/auth/cloud-platform"])
}))
shielded_instance_config = optional(object({
enable_integrity_monitoring = optional(bool, true)
enable_secure_boot = optional(bool, true)
enable_vtpm = optional(bool, true)
}))
source_image_family = optional(string)
source_image_project = optional(string)
source_image = optional(string)
subnetwork_self_link = string
additional_networks = optional(list(object({
network = string
subnetwork = string
subnetwork_project = string
network_ip = string
nic_type = string
stack_type = string
queue_count = number
access_config = list(object({
nat_ip = string
network_tier = string
}))
ipv6_access_config = list(object({
network_tier = string
}))
alias_ip_range = list(object({
ip_cidr_range = string
subnetwork_range_name = string
}))
})))
access_config = optional(list(object({
nat_ip = string
network_tier = string
})))
spot = optional(bool, false)
tags = optional(list(string), [])
termination_action = optional(string)
reservation_name = optional(string)
startup_script = optional(list(object({
filename = string
content = string })), [])
zone_target_shape = string
zone_policy_allow = set(string)
zone_policy_deny = set(string)
})) | `[]` | no |
+| [nodeset](#input\_nodeset) | Define nodesets, as a list. | list(object({
node_count_static = optional(number, 0)
node_count_dynamic_max = optional(number, 1)
node_conf = optional(map(string), {})
nodeset_name = string
additional_disks = optional(list(object({
disk_name = optional(string)
device_name = optional(string)
disk_size_gb = optional(number)
disk_type = optional(string)
disk_labels = optional(map(string), {})
auto_delete = optional(bool, true)
boot = optional(bool, false)
})), [])
bandwidth_tier = optional(string, "platform_default")
can_ip_forward = optional(bool, false)
disable_smt = optional(bool, false)
disk_auto_delete = optional(bool, true)
disk_labels = optional(map(string), {})
disk_size_gb = optional(number)
disk_type = optional(string)
enable_confidential_vm = optional(bool, false)
enable_placement = optional(bool, false)
enable_oslogin = optional(bool, true)
enable_shielded_vm = optional(bool, false)
enable_maintenance_reservation = optional(bool, false)
enable_opportunistic_maintenance = optional(bool, false)
gpu = optional(object({
count = number
type = string
}))
dws_flex = object({
enabled = bool
max_run_duration = number
use_job_duration = bool
})
labels = optional(map(string), {})
machine_type = optional(string)
maintenance_interval = optional(string)
instance_properties_json = string
metadata = optional(map(string), {})
min_cpu_platform = optional(string)
network_tier = optional(string, "STANDARD")
network_storage = optional(list(object({
server_ip = string
remote_mount = string
local_mount = string
fs_type = string
mount_options = string
client_install_runner = optional(map(string))
mount_runner = optional(map(string))
})), [])
on_host_maintenance = optional(string)
preemptible = optional(bool, false)
region = optional(string)
service_account = optional(object({
email = optional(string)
scopes = optional(list(string), ["https://www.googleapis.com/auth/cloud-platform"])
}))
shielded_instance_config = optional(object({
enable_integrity_monitoring = optional(bool, true)
enable_secure_boot = optional(bool, true)
enable_vtpm = optional(bool, true)
}))
source_image_family = optional(string)
source_image_project = optional(string)
source_image = optional(string)
subnetwork_self_link = string
additional_networks = optional(list(object({
network = string
subnetwork = string
subnetwork_project = string
network_ip = string
nic_type = string
stack_type = string
queue_count = number
access_config = list(object({
nat_ip = string
network_tier = string
}))
ipv6_access_config = list(object({
network_tier = string
}))
alias_ip_range = list(object({
ip_cidr_range = string
subnetwork_range_name = string
}))
})))
access_config = optional(list(object({
nat_ip = string
network_tier = string
})))
spot = optional(bool, false)
tags = optional(list(string), [])
termination_action = optional(string)
reservation_name = optional(string)
future_reservation = string
startup_script = optional(list(object({
filename = string
content = string })), [])
zone_target_shape = string
zone_policy_allow = set(string)
zone_policy_deny = set(string)
})) | `[]` | no |
| [nodeset\_dyn](#input\_nodeset\_dyn) | Defines dynamic nodesets, as a list. | list(object({
nodeset_name = string
nodeset_feature = string
})) | `[]` | no |
| [nodeset\_tpu](#input\_nodeset\_tpu) | Define TPU nodesets, as a list. | list(object({
node_count_static = optional(number, 0)
node_count_dynamic_max = optional(number, 5)
nodeset_name = string
enable_public_ip = optional(bool, false)
node_type = string
accelerator_config = optional(object({
topology = string
version = string
}), {
topology = ""
version = ""
})
tf_version = string
preemptible = optional(bool, false)
preserve_tpu = optional(bool, false)
zone = string
data_disks = optional(list(string), [])
docker_image = optional(string, "")
network_storage = optional(list(object({
server_ip = string
remote_mount = string
local_mount = string
fs_type = string
mount_options = string
client_install_runner = optional(map(string))
mount_runner = optional(map(string))
})), [])
subnetwork = string
service_account = optional(object({
email = optional(string)
scopes = optional(list(string), ["https://www.googleapis.com/auth/cloud-platform"])
}))
project_id = string
reserved = optional(string, false)
})) | `[]` | no |
| [on\_host\_maintenance](#input\_on\_host\_maintenance) | Instance availability Policy. | `string` | `"MIGRATE"` | no |
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/controller.tf b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/controller.tf
index e43b5e5ae2..fa28b8728f 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/controller.tf
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/controller.tf
@@ -43,7 +43,7 @@ locals {
# INSTANCE TEMPLATE
module "slurm_controller_template" {
- source = "github.com/GoogleCloudPlatform/slurm-gcp.git//terraform/slurm_cluster/modules/slurm_instance_template?ref=6.8.6"
+ source = "../../internal/slurm-gcp-v6/instance_template"
project_id = var.project_id
region = var.region
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/login.tf b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/login.tf
index f167ad9947..1f492a1402 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/login.tf
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/login.tf
@@ -14,7 +14,7 @@
# TEMPLATE
module "slurm_login_template" {
- source = "github.com/GoogleCloudPlatform/slurm-gcp.git//terraform/slurm_cluster/modules/slurm_instance_template?ref=6.8.6"
+ source = "../../internal/slurm-gcp-v6/instance_template"
for_each = { for x in var.login_nodes : x.name_prefix => x }
@@ -56,7 +56,7 @@ module "slurm_login_template" {
# INSTANCE
module "slurm_login_instance" {
- source = "github.com/GoogleCloudPlatform/slurm-gcp.git//terraform/slurm_cluster/modules/_slurm_instance?ref=6.8.6"
+ source = "../../internal/slurm-gcp-v6/instance"
for_each = { for x in var.login_nodes : x.name_prefix => x }
access_config = each.value.access_config
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/conf.py b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/conf.py
index 7ee06332f1..c4bb37c579 100755
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/conf.py
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/conf.py
@@ -14,7 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-from typing import List, Optional, Iterable, Dict, Set
+from typing import List, Optional, Iterable, Dict, Set, Tuple
from itertools import chain
from collections import defaultdict
import json
@@ -436,6 +436,10 @@ def __init__(
self.tpu_nodes = set(tpu_nodes or [])
+ @classmethod
+ def path(cls, lkp: util.Lookup) -> Path:
+ return lkp.etc_dir / "cloud_topology.summary.json"
+
@classmethod
def loads(cls, s: str) -> "TopologySummary":
d = json.loads(s)
@@ -445,6 +449,13 @@ def loads(cls, s: str) -> "TopologySummary":
tpu_nodes=d.get("tpu_nodes"),
)
+ @classmethod
+ def load(cls, lkp: util.Lookup) -> "TopologySummary":
+ p = cls.path(lkp)
+ if not p.exists():
+ return cls() # Return empty instance
+ return cls.loads(p.read_text())
+
def dumps(self) -> str:
return json.dumps(
{
@@ -454,6 +465,9 @@ def dumps(self) -> str:
},
indent=2)
+ def dump(self, lkp: util.Lookup) -> None:
+ TopologySummary.path(lkp).write_text(self.dumps())
+
def _nodenames(self) -> Set[str]:
return set(self.physical_host) | self.down_nodes | self.tpu_nodes
@@ -572,8 +586,7 @@ def gen_topology(lkp: util.Lookup) -> TopologyBuilder:
add_nodeset_topology(ns, bldr, lkp)
return bldr
-
-def gen_topology_conf(lkp: util.Lookup) -> bool:
+def gen_topology_conf(lkp: util.Lookup) -> Tuple[bool, TopologySummary]:
"""
Generates slurm topology.conf.
Returns whether the topology.conf got updated.
@@ -581,7 +594,6 @@ def gen_topology_conf(lkp: util.Lookup) -> bool:
topo = gen_topology(lkp).compress()
conf_file = lkp.etc_dir / "cloud_topology.conf"
-
with open(conf_file, "w") as f:
f.writelines(FILE_PREAMBLE + "\n")
for line in topo.render_conf_lines():
@@ -589,13 +601,8 @@ def gen_topology_conf(lkp: util.Lookup) -> bool:
f.write("\n")
f.write("\n")
- summary_file = lkp.etc_dir / "cloud_topology.summary.json"
- prev_summary = TopologySummary()
- if summary_file.exists():
- prev_summary = TopologySummary.loads(summary_file.read_text())
- summary_file.write_text(topo.summary.dumps())
-
- return topo.summary.requires_reconfigure(prev_summary)
+ prev_summary = TopologySummary.load(lkp)
+ return topo.summary.requires_reconfigure(prev_summary), topo.summary
def install_topology_conf(lkp: util.Lookup) -> None:
conf_file = lkp.etc_dir / "cloud_topology.conf"
@@ -619,5 +626,6 @@ def gen_controller_configs(lkp: util.Lookup) -> None:
install_jobsubmit_lua(lkp)
if topology_plugin(lkp) == TOPOLOGY_PLUGIN_TREE:
- gen_topology_conf(lkp)
+ _, summary = gen_topology_conf(lkp)
+ summary.dump(lkp)
install_topology_conf(lkp)
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/get_tpu_vmcount.py b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/get_tpu_vmcount.py
index 354ec81ad3..1557d6020b 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/get_tpu_vmcount.py
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/get_tpu_vmcount.py
@@ -57,7 +57,7 @@ def get_vmcount_of_tpu_part(part):
valid = PART_INVALID
break
else:
- if util.part_is_tpu(part):
+ if util.lookup().partition_is_tpu(part):
vmcount = get_vmcount_of_tpu_part(part)
if vmcount == -1:
valid = DIFF_VMCOUNTS_SAME_PART
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/resume.py b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/resume.py
index 87ec84bd24..de2b358882 100755
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/resume.py
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/resume.py
@@ -15,22 +15,21 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-from typing import List, Optional, Dict
+from typing import List, Optional
import argparse
-import collections
from datetime import timedelta
import shlex
import json
import logging
import os
import yaml
-from itertools import chain
+import collections
from pathlib import Path
+from dataclasses import dataclass
import util
from util import (
chunked,
- dirs,
ensure_execute,
execute_with_futures,
get_insert_operations,
@@ -38,27 +37,52 @@
map_with_futures,
run,
separate,
- to_hostlist,
to_hostlist_fast,
trim_self_link,
wait_for_operation,
)
-from util import lookup, NSDict, TPU
+from util import lookup, NSDict
import slurm_gcp_plugins
log = logging.getLogger()
-
-global_resume_data = None
-
-PLACEMENT_MAX_CNT = 150
+PLACEMENT_MAX_CNT = 1500
# Placement group needs to be the same for an entire bulk_insert hence
# if placement is used the actual BULK_INSERT_LIMIT will be
# max([1000, PLACEMENT_MAX_CNT])
BULK_INSERT_LIMIT = 5000
+@dataclass(frozen=True)
+class ResumeJobData:
+ job_id: int
+ partition: str
+ nodes_alloc: List[str]
+
+@dataclass(frozen=True)
+class ResumeData:
+ jobs: List[ResumeJobData]
+
+def get_resume_file_data() -> Optional[ResumeData]:
+ if not (path := os.getenv("SLURM_RESUME_FILE")):
+ log.error("SLURM_RESUME_FILE was not in environment. Cannot get detailed job, node, partition allocation data.")
+ return None
+ blob = Path(path).read_text()
+ log.debug(f"Resume data: {blob}")
+ data = json.loads(blob)
+
+ jobs = []
+ for jo in data.get("jobs", []):
+
+ job = ResumeJobData(
+ job_id = jo.get("job_id"),
+ partition = jo.get("partition"),
+ nodes_alloc = util.to_hostnames(jo.get("nodes_alloc")),
+ )
+ jobs.append(job)
+ return ResumeData(jobs=jobs)
+
def instance_properties(nodeset:object, model:str, placement_group:Optional[str], labels:Optional[dict], job_id:Optional[int]):
props = NSDict()
@@ -75,31 +99,17 @@ def instance_properties(nodeset:object, model:str, placement_group:Optional[str]
props.disks = template_info.disks
if placement_group:
- props.scheduling.onHostMaintenance = "TERMINATE"
props.resourcePolicies = [placement_group]
if reservation := lookup().nodeset_reservation(nodeset):
- props.reservationAffinity = {
- "consumeReservationType": "SPECIFIC_RESERVATION",
- "key": f"compute.{util.universe_domain()}/reservation-name",
- "values": [reservation.bulk_insert_name],
- }
+ update_reservation_props(reservation, props, placement_group, False)
- if reservation.deployment_type == "DENSE":
- props.scheduling.provisioning_model = "RESERVATION_BOUND"
-
- if reservation.policies:
- props.scheduling.onHostMaintenance = "TERMINATE"
- props.resourcePolicies = reservation.policies
- log.info(
- f"reservation {reservation.bulk_insert_name} is being used with policies {props.resourcePolicies}"
- )
- else:
- props.resourcePolicies = []
- log.info(
- f"reservation {reservation.bulk_insert_name} is being used without any policies"
- )
+ if (fr := lookup().future_reservation(nodeset)) and fr.specific:
+ update_reservation_props(fr.active_reservation, props, placement_group, True)
+ if props.resourcePolicies:
+ props.scheduling.onHostMaintenance = "TERMINATE"
+
if nodeset.maintenance_interval:
props.scheduling.maintenanceInterval = nodeset.maintenance_interval
@@ -108,9 +118,28 @@ def instance_properties(nodeset:object, model:str, placement_group:Optional[str]
# Override with properties explicit specified in the nodeset
props.update(nodeset.get("instance_properties") or {})
-
return props
+def update_reservation_props(reservation:object, props:object, placement_group:Optional[str], reservation_from_fr:bool) -> None:
+ props.reservationAffinity = {
+ "consumeReservationType": "SPECIFIC_RESERVATION",
+ "key": f"compute.{util.universe_domain()}/reservation-name",
+ "values": [reservation.bulk_insert_name],
+ }
+
+ if reservation.dense or reservation_from_fr:
+ props.scheduling.provisioningModel = "RESERVATION_BOUND"
+
+ # Figure out `resourcePolicies`
+ if reservation.policies: # use ones already attached to reservations
+ props.resourcePolicies = reservation.policies
+ elif reservation.dense and placement_group: # use once created by Slurm
+ props.resourcePolicies = [placement_group]
+ else: # vanilla reservations don't support external policies
+ props.resourcePolicies = []
+ log.info(
+ f"reservation {reservation.bulk_insert_name} is being used with resourcePolicies: {props.resourcePolicies}")
+
def update_props_dws(props:object, dws_flex:object, job_id: Optional[int]) -> None:
props.scheduling.onHostMaintenance = "TERMINATE"
props.scheduling.instanceTerminationAction = "DELETE"
@@ -126,14 +155,13 @@ def dws_flex_duration(dws_flex:object, job_id: Optional[int]) -> int:
log.info("Job TimeLimit cannot be less than 30 seconds or exceed 2 weeks")
return max_duration
-
def per_instance_properties(node):
props = NSDict()
# No properties beyond name are supported yet.
return props
-def create_instances_request(nodes, partition_name, placement_group, job_id=None):
+def create_instances_request(nodes: List[str], placement_group: Optional[str], excl_job_id: Optional[int]):
"""Call regionInstances.bulkInsert to create instances"""
assert 0 < len(nodes) <= BULK_INSERT_LIMIT
@@ -141,7 +169,6 @@ def create_instances_request(nodes, partition_name, placement_group, job_id=None
model = next(iter(nodes))
nodeset = lookup().node_nodeset(model)
template = lookup().node_template(model)
- partition = lookup().cfg.partitions[partition_name]
log.debug(f"create_instances_request: {model} placement: {placement_group}")
body = NSDict()
@@ -157,14 +184,10 @@ def create_instances_request(nodes, partition_name, placement_group, job_id=None
# source of instance properties
body.sourceInstanceTemplate = template
- labels = (
- dict(slurm_job_id=job_id)
- if job_id is not None and partition.enable_job_exclusive
- else None
- )
+ labels = {"slurm_job_id": excl_job_id} if excl_job_id else None
# overwrites properties across all instances
body.instanceProperties = instance_properties(
- nodeset, model, placement_group, labels, job_id
+ nodeset, model, placement_group, labels, excl_job_id
)
# key is instance name, value overwrites properties
@@ -201,114 +224,74 @@ def create_instances_request(nodes, partition_name, placement_group, job_id=None
log_api_request(req)
return req
+@dataclass()
+class PlacementAndNodes:
+ placement: Optional[str]
+ nodes: List[str]
+
+@dataclass(frozen=True)
+class BulkChunk:
+ nodes: List[str]
+ prefix: str # -
+ chunk_idx: int
+ excl_job_id: Optional[int]
+ placement_group: Optional[str] = None
+
+ @property
+ def name(self):
+ if self.placement_group is not None:
+ return f"{self.prefix}:job{self.excl_job_id}:{self.placement_group}:{self.chunk_idx}"
+ if self.excl_job_id is not None:
+ return f"{self.prefix}:job{self.excl_job_id}:{self.chunk_idx}"
+ return f"{self.prefix}:{self.chunk_idx}"
+
-def group_nodes_bulk(nodes, resume_data=None):
- """group nodes by job_id, placement_group, node_group, and max bulkInsert size"""
- if resume_data is None:
- # all nodes will be considered jobless
- jobs = {}
- else:
- jobs = {job.job_id: job for job in resume_data.jobs}
-
- # expand all job nodelists
- for job in jobs.values():
- job.nodelist_alloc = job.nodes_alloc
- job.nodes_alloc = util.to_hostnames(job.nodelist_alloc)
- job.nodelist_resume = job.nodes_resume
- job.nodes_resume = util.to_hostnames(job.nodelist_resume)
- job.tpu = util.part_is_tpu(job.partition)
- if not job.tpu:
- # create placement groups if nodes for job need it
- job.placement_groups = create_placement_groups(
- node_list=job.nodes_alloc,
- job_id=job.job_id,
- )
- # placement group assignment is based on all allocated nodes, but we only want to
- # handle nodes in nodes_resume in this run.
- for pg, pg_nodes in job.placement_groups.items():
- job.placement_groups[pg] = list(
- set(pg_nodes).intersection(job.nodes_resume)
- )
- # a bit of a hack, but nodes resumed using scontrol instead of through job scheduling do not have a job
- jobless_nodes = list(
- set(nodes).difference(
- chain.from_iterable(job.nodes_resume for job in jobs.values())
- )
- )
- jobless_nodes_tpu = []
- for jobless_node in jobless_nodes[:]:
- if lookup().node_is_tpu(jobless_node):
- jobless_nodes.remove(jobless_node)
- jobless_nodes_tpu.append(jobless_node)
-
- jobs["Normal_None"] = NSDict(
- job_id=None,
- nodes_resume=jobless_nodes,
- nodes_alloc=jobless_nodes,
- placement_groups=create_placement_groups(node_list=jobless_nodes),
- partition=None,
- tpu=False,
- )
- jobs["TPU_None"] = NSDict(
- job_id=None,
- nodes_resume=jobless_nodes_tpu,
- nodes_alloc=jobless_nodes_tpu,
- partition=None,
- tpu=True,
- )
-
- BulkChunk = collections.namedtuple(
- "BulkChunk",
- ["prefix", "job_id", "partition_name", "placement_group", "nodes", "i"],
- )
- BulkChunkTPU = collections.namedtuple(
- "BulkChunkTPU",
- ["prefix", "job_id", "partition_name", "nodes", "i"],
- )
- grouped_nodes = [
+def group_nodes_bulk(nodes: List[str], resume_data: Optional[ResumeData], lkp: util.Lookup):
+ """group nodes by nodeset, placement_group, exclusive_job_id if any"""
+ if resume_data is None: # all nodes will be considered jobless
+ resume_data = ResumeData(jobs=[])
+
+ nodes = set(nodes) # turn into set to simplify intersection
+ non_excl = nodes.copy()
+ groups = {} # excl_job_id|none -> PlacementAndNodes
+
+ # expand all exclusive job nodelists
+ for job in resume_data.jobs:
+ if not lkp.cfg.partitions[job.partition].enable_job_exclusive:
+ continue
+
+ groups[job.job_id] = []
+ # placement group assignment is based on all allocated nodes, ...
+ for pn in create_placements(job.nodes_alloc, job.job_id, lkp):
+ groups[job.job_id].append(
+ PlacementAndNodes(
+ placement=pn.placement,
+ #... but we only want to handle nodes in nodes_resume in this run.
+ nodes = sorted(set(pn.nodes) & nodes)
+ ))
+ non_excl.difference_update(job.nodes_alloc)
+
+ groups[None] = create_placements(sorted(non_excl), excl_job_id=None, lkp=lkp)
+
+ def chunk_nodes(nodes: List[str]):
+ chunk_size = BULK_INSERT_LIMIT
+ if nodes and lkp.node_is_tpu(nodes[0]):
+ chunk_size = util.TPU(lkp.node_nodeset(nodes[0])).vmcount
+ return chunked(nodes, n=chunk_size)
+
+ chunks = [
BulkChunk(
- prefix,
- job_id if job_id != "Normal_None" else None,
- jobs[job_id].partition,
- placement_group,
- chunk_nodes,
- i,
- )
- for job_id, job in jobs.items()
- if not job.tpu
- for placement_group, pg_nodes in job.placement_groups.items()
- for prefix, nodes in util.groupby_unsorted(pg_nodes, lookup().node_prefix)
- for i, chunk_nodes in enumerate(chunked(nodes, n=BULK_INSERT_LIMIT))
- ]
- grouped_nodes_tpu = [
- BulkChunkTPU(
- prefix,
- job_id if job_id != "TPU_None" else None,
- jobs[job_id].partition,
- chunk_nodes,
- i,
- )
- for job_id, job in jobs.items()
- if job.tpu
- for prefix, nodes in util.groupby_unsorted(job.nodes_resume, lookup().node_prefix)
- for i, chunk_nodes in enumerate(lookup().chunk_tpu_nodes(list(nodes)))
+ nodes=nodes_chunk,
+ prefix=lkp.node_prefix(nodes_chunk[0]), # -
+ excl_job_id = job_id,
+ placement_group=pn.placement,
+ chunk_idx=i)
+
+ for job_id, placements in groups.items()
+ for pn in placements if pn.nodes
+ for i, nodes_chunk in enumerate(chunk_nodes(pn.nodes))
]
-
- def group_name(chunk: BulkChunk):
- if chunk.placement_group is not None:
- return f"{chunk.prefix}:job{chunk.job_id}:{chunk.placement_group}:{chunk.i}"
- if chunk.job_id is not None:
- return f"{chunk.prefix}:job{chunk.job_id}:{chunk.i}"
- return f"{chunk.prefix}:{chunk.i}"
-
- def group_name_tpu(chunk: BulkChunkTPU):
- if chunk.job_id is not None:
- return f"{chunk.prefix}:job{chunk.job_id}:{chunk.i}"
- return f"{chunk.prefix}:{chunk.i}"
-
- grouped_nodes = {group_name(chunk): chunk for chunk in grouped_nodes}
- grouped_nodes_tpu = {group_name_tpu(chunk): chunk for chunk in grouped_nodes_tpu}
- return grouped_nodes, grouped_nodes_tpu
+ return {chunk.name: chunk for chunk in chunks}
def start_tpu(data):
@@ -339,55 +322,49 @@ def start_tpu(data):
log.error("Error creating tpu node {node}")
-def resume_nodes(nodes: List[str], resume_data=None):
+def resume_nodes(nodes: List[str], resume_data: Optional[ResumeData]):
"""resume nodes in nodelist"""
+ # Prevent dormant nodes associated with a future reservation from being resumed
+ nodes, dormant_fr_nodes = util.separate(lookup().is_dormant_fr_node, nodes)
+
+ if dormant_fr_nodes:
+ log.warning(f"Resume was unable to resume future reservation nodes={dormant_fr_nodes}")
+ down_nodes_notify_jobs(dormant_fr_nodes, "Reservation is not active, nodes cannot be resumed", resume_data)
+
if not nodes:
log.info("No nodes to resume")
return
- if resume_data is None and global_resume_data is not None:
- resume_data = global_resume_data.deepcopy()
-
nodes = sorted(nodes, key=lookup().node_prefix)
- grouped_nodes, grouped_tpu_nodes = group_nodes_bulk(nodes, resume_data)
+ grouped_nodes = group_nodes_bulk(nodes, resume_data, lookup())
if log.isEnabledFor(logging.DEBUG):
- # grouped_nodelists is used in later debug logs too
grouped_nodelists = {
- group: to_hostlist(chunk.nodes) for group, chunk in grouped_nodes.items()
- }
- grouped_tpu_nodelists = {
- group: to_hostlist(chunk.nodes)
- for group, chunk in grouped_tpu_nodes.items()
+ group: to_hostlist_fast(chunk.nodes) for group, chunk in grouped_nodes.items()
}
log.debug(
"node bulk groups: \n{}".format(yaml.safe_dump(grouped_nodelists).rstrip())
)
- log.debug(
- "TPU node bulk groups: \n{}".format(
- yaml.safe_dump(grouped_tpu_nodelists).rstrip()
- )
- )
+
tpu_start_data = []
tpu_objs = {}
- for group, chunk in grouped_tpu_nodes.items():
- # do not create multiple tpu_objs if nodes with the same prefix are used
- if chunk.prefix not in tpu_objs.keys():
- model = chunk.nodes[0]
- tpu_objs[chunk.prefix] = TPU(lookup().node_nodeset(model))
-
- tpu_start_data.append({"tpu": tpu_objs[chunk.prefix], "node": chunk.nodes})
-
- # make all bulkInsert requests and execute with batch
- inserts = {
- group: create_instances_request(
- chunk.nodes, chunk.partition_name, chunk.placement_group, chunk.job_id
- )
- for group, chunk in grouped_nodes.items()
- }
+ bi_inserts = {}
+
+ for group, chunk in grouped_nodes.items():
+ model = chunk.nodes[0]
+ if lookup().node_is_tpu(model):
+ # do not create multiple tpu_objs if nodes with the same prefix are used
+ if chunk.prefix not in tpu_objs.keys():
+ tpu_objs[chunk.prefix] = util.TPU(lookup().node_nodeset(model))
+ tpu_start_data.append({"tpu": tpu_objs[chunk.prefix], "node": chunk.nodes})
+ else:
+ bi_inserts[group] = create_instances_request(
+ chunk.nodes, chunk.placement_group, chunk.excl_job_id
+ )
+ # execute all bulkInsert requests with batch
bulk_ops = dict(
- zip(inserts.keys(), map_with_futures(ensure_execute, inserts.values()))
+ zip(bi_inserts.keys(), map_with_futures(ensure_execute, bi_inserts.values()))
)
log.debug(f"bulk_ops={yaml.safe_dump(bulk_ops)}")
started = {
@@ -400,7 +377,7 @@ def resume_nodes(nodes: List[str], resume_data=None):
failed_reqs = [str(e) for e in failed.items()]
log.error("bulkInsert API failures: {}".format("; ".join(failed_reqs)))
for ident, exc in failed.items():
- down_nodes(grouped_nodes[ident].nodes, f"GCP Error: {exc._get_reason()}")
+ down_nodes_notify_jobs(grouped_nodes[ident].nodes, f"GCP Error: {exc._get_reason()}", resume_data)
if log.isEnabledFor(logging.DEBUG):
for group, op in started.items():
@@ -449,7 +426,7 @@ def resume_nodes(nodes: List[str], resume_data=None):
for err in failed_op["error"]["errors"]
)
if code != "RESOURCE_ALREADY_EXISTS":
- down_nodes(hostlist, f"GCP Error: {msg}")
+ down_nodes_notify_jobs(failed_nodes, f"GCP Error: {msg}", resume_data)
log.error(
f"errors from insert for node '{failed_node}' ({failed_op['name']}): {msg}"
)
@@ -461,33 +438,25 @@ def resume_nodes(nodes: List[str], resume_data=None):
all_successful_inserts.extend(successful_inserts)
-def update_job_comment(nodelist: str, comment: str):
- if global_resume_data is None:
- log.warning(
- "Cannot update and notify jobs with API failures as no valid resume file is present."
- )
- return
-
- nodes = util.to_hostnames(nodelist)
- job_list = (
- job
- for job in global_resume_data.jobs
- if any(map(lambda node: node in nodes, util.to_hostnames(job.nodelist_resume)))
- )
- for job in job_list:
- run(f"{lookup().scontrol} update jobid={job.job_id} admincomment='{comment}'")
- run(f"{lookup().scontrol} notify {job.job_id} '{comment}'")
-
-
-def down_nodes(nodelist, reason):
+def down_nodes_notify_jobs(nodes: List[str], reason: str, resume_data: Optional[ResumeData]) -> None:
"""set nodes down with reason"""
- if isinstance(nodelist, list):
- nodelist = util.to_hostlist(nodelist)
- update_job_comment(nodelist, reason)
+ nodelist = util.to_hostlist_fast(nodes)
reason_quoted = shlex.quote(reason)
+
log.error(f"Marking nodes {nodelist} as DOWN, reason: {reason}")
run(f"{lookup().scontrol} update nodename={nodelist} state=down reason={reason_quoted}")
+ if resume_data is None:
+ log.warning("Cannot update and notify jobs with API failures as no valid resume file is present.")
+ return
+
+ nodes = set(nodes) # turn into set to speed up intersection
+ for job in resume_data.jobs:
+ if not (set(job.nodes_alloc) & nodes):
+ continue
+ run(f"{lookup().scontrol} update jobid={job.job_id} admincomment='{reason_quoted}'")
+ run(f"{lookup().scontrol} notify {job.job_id} '{reason_quoted}'")
+
def hold_job(job_id, reason):
"""hold job, set comment to reason"""
@@ -514,42 +483,79 @@ def create_placement_request(pg_name, region):
return request
-def create_placement_groups(node_list: List[str], job_id:int=0) -> Dict[str, List[str]]:
- pgs = {}
- node_map = lookup().nodeset_map(node_list)
- for _, nodes in node_map.items():
- pgs.update(create_nodeset_placement_groups(nodes, job_id))
- return pgs
+def create_placements(nodes: List[str], excl_job_id:Optional[int], lkp: util.Lookup) -> List[PlacementAndNodes]:
+ nodeset_map = collections.defaultdict(list)
+ for node in nodes: # split nodes on nodesets
+ nodeset_map[lkp.node_nodeset_name(node)].append(node)
+ placements = []
+ for _, ns_nodes in nodeset_map.items():
+ placements.extend(create_nodeset_placements(ns_nodes, excl_job_id, lkp))
+ return placements
-def create_nodeset_placement_groups(node_list: List[str], job_id:int) -> Dict[str, List[str]]:
- no_pg = {None: node_list} # canned result for no placement policies created
- if len(node_list) < 2:
- return no_pg # don't create placement_policy for just one node
+def _allocate_nodes_to_placements(nodes: List[str], excl_job_id:Optional[int], lkp: util.Lookup) -> List[PlacementAndNodes]:
+ # canned result for no placement policies created
+ no_pp = [PlacementAndNodes(placement=None, nodes=nodes)]
- model = next(iter(node_list))
- nodeset = lookup().node_nodeset(model)
- if not (nodeset.enable_placement and valid_placement_nodes(node_list)):
- return no_pg
+ if excl_job_id and len(nodes) < 2:
+ return no_pp # don't create placement_policy for just one node
- region = lookup().node_region(model)
+ model = nodes[0]
+ nodeset = lkp.node_nodeset(model)
- groups = {
- f"{lookup().cfg.slurm_cluster_name}-slurmgcp-managed-{nodeset.nodeset_name}-{job_id}-{i}": nodes
- for i, nodes in enumerate(chunked(node_list, n=PLACEMENT_MAX_CNT))
- }
+ if lkp.node_is_tpu(model):
+ return no_pp
+ if not (nodeset.enable_placement and valid_placement_node(model)):
+ return no_pp
+
+ name_prefix = f"{lkp.cfg.slurm_cluster_name}-slurmgcp-managed-{nodeset.nodeset_name}"
+ if excl_job_id: # simply chunk given nodes by max size of placement
+ return [
+ PlacementAndNodes(placement=f"{name_prefix}-{excl_job_id}-{i}", nodes=chunk)
+ for i, chunk in enumerate(chunked(nodes, n=PLACEMENT_MAX_CNT))
+ ]
+
+ # split whole nodeset (not only nodes to resume) into chunks of max size of placement
+ # create placements (most likely already exists) placements for requested nodes
+ chunks = collections.defaultdict(list) # chunk_id -> nodes
+ invalid = []
+
+ for node in nodes:
+ try:
+ chunk = lkp.node_index(node) // PLACEMENT_MAX_CNT
+ chunks[chunk].append(node)
+ except:
+ invalid.append(node)
+
+ placements = [
+ # NOTE: use 0 instead of job_id for consistency with previous SlurmGCP behavior
+ PlacementAndNodes(placement=f"{name_prefix}-0-{c_id}", nodes=c_nodes)
+ for c_id, c_nodes in chunks.items()
+ ]
+
+ if invalid:
+ placements.append(PlacementAndNodes(placement=None, nodes=invalid))
+ log.error(f"Could not find placement for nodes with unexpected names: {to_hostlist_fast(invalid)}")
+
+ return placements
+
+def create_nodeset_placements(nodes: List[str], excl_job_id:Optional[int], lkp: util.Lookup) -> List[PlacementAndNodes]:
+ placements = _allocate_nodes_to_placements(nodes, excl_job_id, lkp)
+ region = lkp.node_region(nodes[0])
if log.isEnabledFor(logging.DEBUG):
- debug_groups = {
- group: to_hostlist_fast(nodes) for group, nodes in groups.items()
- }
+ debug_p = {p.placement: to_hostlist_fast(p.nodes) for p in placements}
log.debug(
- f"creating {len(groups)} placement groups: \n{yaml.safe_dump(debug_groups).rstrip()}"
+ f"creating {len(placements)} placement groups: \n{yaml.safe_dump(debug_p).rstrip()}"
)
+
requests = {
- group: create_placement_request(group, region) for group in groups.keys()
+ p.placement: create_placement_request(p.placement, region) for p in placements if p.placement
}
+ if not requests:
+ return placements
+ # TODO: aggregate all requests for whole resume and execute them at once (don't limit to nodeset/job)
ops = dict(
zip(requests.keys(), map_with_futures(ensure_execute, requests.values()))
)
@@ -587,68 +593,43 @@ def classify_result(item):
log.info(
f"created {len(operations)} placement groups ({to_hostlist_fast(operations.keys())})"
)
- return groups
+ return placements
-def valid_placement_nodes(nodelist):
+def valid_placement_node(node: str) -> bool:
invalid_types = frozenset(["e2", "t2d", "n1", "t2a", "m1", "m2", "m3"])
- for node in nodelist:
- mt = lookup().node_template_info(node).machineType
- if mt.split("-")[0] in invalid_types:
- log.warn(f"Unsupported machine type for placement policy: {mt}.")
- log.warn(
- f"Please do not use any the following machine types with placement policy: ({','.join(invalid_types)})"
- )
- return False
- return True
-
-
-def get_resume_file_data():
- SLURM_RESUME_FILE = os.getenv("SLURM_RESUME_FILE")
- if SLURM_RESUME_FILE is None:
- log.warning(
- "SLURM_RESUME_FILE was not in environment. Cannot get detailed job, node, partition allocation data."
+ mt = lookup().node_template_info(node).machineType
+ if mt.split("-")[0] in invalid_types:
+ log.warn(f"Unsupported machine type for placement policy: {mt}.")
+ log.warn(
+ f"Please do not use any the following machine types with placement policy: ({','.join(invalid_types)})"
)
- return None
- resume_file = Path(SLURM_RESUME_FILE)
- resume_json = resume_file.read_text()
- if log.isEnabledFor(logging.DEBUG):
- (dirs.scripts / "resume_data.json").write_text(resume_json)
- return NSDict(json.loads(resume_json))
+ return False
+ return True
-def main(nodelist):
+def main(nodelist: str) -> None:
"""main called when run as script"""
log.debug(f"ResumeProgram {nodelist}")
# Filter out nodes not in config.yaml
- other_nodes, pm_nodes = separate(
+ other_nodes, nodes = separate(
lookup().is_power_managed_node, util.to_hostnames(nodelist)
)
if other_nodes:
- log.debug(
+ log.error(
f"Ignoring non-power-managed nodes '{to_hostlist_fast(other_nodes)}' from '{nodelist}'"
)
- pm_nodelist = util.to_hostlist_fast(pm_nodes)
- if pm_nodes:
- log.debug(f"Resuming nodes '{pm_nodelist}' from '{nodelist}'")
- else:
- log.debug("No nodes to resume")
+ if not nodes:
+ log.info("No nodes to resume")
return
- log.info(f"resume {pm_nodelist}")
- resume_nodes(pm_nodes, global_resume_data)
- # TODO only run below if resume_nodes succeeds but
- # resume_nodes does not currently return any status.
- if lookup().cfg.enable_slurm_gcp_plugins:
- slurm_gcp_plugins.post_main_resume_nodes(
- lkp=lookup(), nodelist=nodelist, global_resume_data=global_resume_data
- )
-
+ resume_data = get_resume_file_data()
+ log.info(f"resume {util.to_hostlist_fast(nodes)}")
+ resume_nodes(nodes, resume_data)
+
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument("nodelist", help="list of nodes to resume")
args = util.init_log_and_parse(parser)
-
- global_resume_data = get_resume_file_data()
main(args.nodelist)
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurm_gcp_plugins/__init__.py b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurm_gcp_plugins/__init__.py
index c56793c4be..dec7085994 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurm_gcp_plugins/__init__.py
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurm_gcp_plugins/__init__.py
@@ -100,14 +100,6 @@ def register_instance_information_fields(*pos_args, **keyword_args):
)
-# Called just after VM instances have been created and are up
-def post_main_resume_nodes(*pos_args, **keyword_args):
- run_plugins_for_function(
- plugin_function_name="post_main_resume_nodes",
- pos_args=pos_args,
- keyword_args=keyword_args,
- )
-
# Called just before VM instances are deleted should be still up
# (NOTE: if a node has failed it might not be up or unresponsive)
@@ -141,7 +133,6 @@ def pre_placement_group_insert(*pos_args, **keyword_args):
__all__ = [
- "post_main_resume_nodes",
"pre_main_suspend_nodes",
"register_instance_information_fields",
"pre_instance_bulk_insert",
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurm_gcp_plugins/test_plugin/__init__.py b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurm_gcp_plugins/test_plugin/__init__.py
index 67dbd5d408..b4b3be580d 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurm_gcp_plugins/test_plugin/__init__.py
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurm_gcp_plugins/test_plugin/__init__.py
@@ -22,20 +22,7 @@ def register_instance_information_fields(*pos_args, **keyword_args):
keyword_args["instance_information_fields"].extend(instance_information_fields)
-def post_main_resume_nodes(*pos_args, **keyword_args):
- logging.debug("post_main_resume_nodes called from test_plugin")
- for node in keyword_args["nodelist"]:
- logging.info(
- (
- "test_plugin:"
- + f"nodename:{node} "
- + f"instance_id:{keyword_args['lkp'].instance(node)['id']} "
- + f"physicalHost:{keyword_args['lkp'].instance(node)['resourceStatus']['physicalHost']}"
- )
- )
-
__all__ = [
"register_instance_information_fields",
- "post_main_resume_nodes",
]
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurmsync.py b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurmsync.py
index 1bd876a56f..d21211e8e7 100755
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurmsync.py
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/slurmsync.py
@@ -15,19 +15,18 @@
# limitations under the License.
import argparse
-import datetime
import fcntl
import json
import logging
import re
import sys
+import shlex
+from datetime import datetime, timedelta
from enum import Enum
from itertools import chain
from pathlib import Path
-import yaml
-import datetime as dt
-from datetime import datetime
-from typing import Dict, Tuple
+from dataclasses import dataclass
+from typing import Dict, Tuple, List, Optional, Protocol
from functools import lru_cache
import util
@@ -35,11 +34,13 @@
batch_execute,
ensure_execute,
execute_with_futures,
+ FutureReservation,
install_custom_scripts,
run,
separate,
to_hostlist_fast,
NSDict,
+ NodeState,
TPU,
chunked,
dirs,
@@ -54,21 +55,71 @@
TOT_REQ_CNT = 1000
_MAINTENANCE_SBATCH_SCRIPT_PATH = dirs.custom_scripts / "perform_maintenance.sh"
-NodeStatus = Enum(
- "NodeStatus",
- (
- "orphan",
- "power_down",
- "preempted",
- "restore",
- "resume",
- "terminated",
- "unbacked",
- "unchanged",
- "unknown",
- ),
-)
+class NodeAction(Protocol):
+ def apply(self, nodes:List[str]) -> None:
+ ...
+
+ def __hash__(self):
+ ...
+
+@dataclass(frozen=True)
+class NodeActionPowerUp():
+ def apply(self, nodes:List[str]) -> None:
+ hostlist = util.to_hostlist_fast(nodes)
+ log.info(f"{len(nodes)} instances to resume ({hostlist})")
+ run(f"{lookup().scontrol} update nodename={hostlist} state=power_up")
+
+@dataclass(frozen=True)
+class NodeActionIdle():
+ def apply(self, nodes:List[str]) -> None:
+ hostlist = util.to_hostlist_fast(nodes)
+ log.info(f"{len(nodes)} nodes to idle ({hostlist})")
+ run(f"{lookup().scontrol} update nodename={hostlist} state=resume")
+@dataclass(frozen=True)
+class NodeActionPowerDown():
+ def apply(self, nodes:List[str]) -> None:
+ hostlist = util.to_hostlist_fast(nodes)
+ log.info(f"{len(nodes)} instances to power down ({hostlist})")
+ run(f"{lookup().scontrol} update nodename={hostlist} state=power_down")
+
+@dataclass(frozen=True)
+class NodeActionDelete():
+ def apply(self, nodes:List[str]) -> None:
+ hostlist = util.to_hostlist_fast(nodes)
+ log.info(f"{len(nodes)} instances to delete ({hostlist})")
+ delete_instances(nodes)
+
+@dataclass(frozen=True)
+class NodeActionPrempt():
+ def apply(self, nodes:List[str]) -> None:
+ NodeActionDown(reason="Preempted instance").apply(nodes)
+ hostlist = util.to_hostlist_fast(nodes)
+ log.info(f"{len(nodes)} instances restarted ({hostlist})")
+ start_instances(nodes)
+
+@dataclass(frozen=True)
+class NodeActionUnchanged():
+ def apply(self, nodes:List[str]) -> None:
+ pass
+
+@dataclass(frozen=True)
+class NodeActionDown():
+ reason: str
+
+ def apply(self, nodes: List[str]) -> None:
+ hostlist = util.to_hostlist_fast(nodes)
+ log.info(f"{len(nodes)} nodes set down ({hostlist}) with reason={self.reason}")
+ run(f"{lookup().scontrol} update nodename={hostlist} state=down reason={shlex.quote(self.reason)}")
+
+@dataclass(frozen=True)
+class NodeActionUnknown():
+ slurm_state: Optional[NodeState]
+ instance_state: Optional[str]
+
+ def apply(self, nodes:List[str]) -> None:
+ hostlist = util.to_hostlist_fast(nodes)
+ log.error(f"{len(nodes)} nodes have unexpected {self.slurm_state} and instance state:{self.instance_state}, ({hostlist})")
def start_instance_op(inst):
return lookup().compute.instances().start(
@@ -94,14 +145,25 @@ def start_instances(node_list):
execute_with_futures(start_tpu, tpu_start_data)
-def _find_dynamic_node_status() -> NodeStatus:
+def _find_dynamic_node_status() -> NodeAction:
# TODO: cover more cases:
# * delete dead dynamic nodes
# * delete orhpaned instances
- return NodeStatus.unchanged # don't touch dynamic nodes
-
-
-def _find_tpu_node_status(nodename, state):
+ return NodeActionUnchanged() # don't touch dynamic nodes
+
+def get_fr_action(fr: FutureReservation, nodename:str, state:NodeState) -> Optional[NodeAction]:
+ now = datetime.utcnow()
+ if fr.start_time < now < fr.end_time:
+ return None # handle like any other node
+ if state.base == "DOWN":
+ return NodeActionUnchanged()
+ if fr.start_time >= now:
+ msg = f"Waiting for reservation:{fr.name} to start at {fr.start_time}"
+ else:
+ msg = f"Reservation:{fr.name} is after its end-time"
+ return NodeActionDown(reason=msg)
+
+def _find_tpu_node_action(nodename, state) -> NodeAction:
ns = lookup().node_nodeset(nodename)
tpuobj = TPU(ns)
inst = tpuobj.get_node(nodename)
@@ -123,24 +185,24 @@ def _find_tpu_node_status(nodename, state):
log.error(
f"More than one cloud tpu node for tpu group {nodelist}, there should be only one that should be {l_nodelist[0]}, but we have found {tpus_int}"
)
- return NodeStatus.unknown
+ return NodeActionUnknown(slurm_state=state, instance_state=None)
if len(tpus_int) == 1:
inst = tpuobj.get_node(tpus_int[0])
# if len(tpus_int ==0) this case is not relevant as this would be the case always that a TPU group is not running
if inst is None:
if state.base == "DOWN" and "POWERED_DOWN" in state.flags:
- return NodeStatus.restore
+ return NodeActionIdle()
if "POWERING_DOWN" in state.flags:
- return NodeStatus.restore
+ return NodeActionIdle()
if "COMPLETING" in state.flags:
- return NodeStatus.unbacked
+ return NodeActionDown(reason="Unbacked instance")
if state.base != "DOWN" and not (
set(("POWER_DOWN", "POWERING_UP", "POWERING_DOWN", "POWERED_DOWN"))
& state.flags
):
- return NodeStatus.unbacked
+ return NodeActionDown(reason="Unbacked instance")
if lookup().is_static_node(nodename):
- return NodeStatus.resume
+ return NodeActionPowerUp()
elif (
state is not None
and "POWERED_DOWN" not in state.flags
@@ -148,28 +210,33 @@ def _find_tpu_node_status(nodename, state):
and inst.state == TPU.State.STOPPED
):
if tpuobj.preemptible:
- return NodeStatus.preempted
+ return NodeActionPrempt()
if state.base != "DOWN":
- return NodeStatus.terminated
+ return NodeActionDown(reason="Instance terminated")
elif (
state is None or "POWERED_DOWN" in state.flags
) and inst.state == TPU.State.READY:
- return NodeStatus.orphan
+ return NodeActionDelete()
elif state is None:
# if state is None here, the instance exists but it's not in Slurm
- return NodeStatus.unknown
+ return NodeActionUnknown(slurm_state=state, instance_state=inst.status)
- return NodeStatus.unchanged
+ return NodeActionUnchanged()
-def find_node_status(nodename):
+def get_node_action(nodename: str) -> NodeAction:
"""Determine node/instance status that requires action"""
state = lookup().slurm_node(nodename)
+ if lookup().node_is_fr(nodename):
+ fr = lookup().future_reservation(lookup().node_nodeset(nodename))
+ if action := get_fr_action(fr, nodename, state):
+ return action
+
if lookup().node_is_dyn(nodename):
return _find_dynamic_node_status()
if lookup().node_is_tpu(nodename):
- return _find_tpu_node_status(nodename, state)
+ return _find_tpu_node_action(nodename, state)
# split below is workaround for VMs whose hostname is FQDN
inst = lookup().instance(nodename.split(".")[0])
@@ -179,19 +246,19 @@ def find_node_status(nodename):
if inst is None:
if "POWERING_UP" in state.flags:
- return NodeStatus.unchanged
+ return NodeActionUnchanged()
if state.base == "DOWN" and "POWERED_DOWN" in state.flags:
- return NodeStatus.restore
+ return NodeActionIdle()
if "POWERING_DOWN" in state.flags:
- return NodeStatus.restore
+ return NodeActionIdle()
if "COMPLETING" in state.flags:
- return NodeStatus.unbacked
+ return NodeActionDown(reason="Unbacked instance")
if state.base != "DOWN" and not power_flags:
- return NodeStatus.unbacked
+ return NodeActionDown(reason="Unbacked instance")
if state.base == "DOWN" and not power_flags:
- return NodeStatus.power_down
+ return NodeActionPowerDown()
if "POWERED_DOWN" in state.flags and lookup().is_static_node(nodename):
- return NodeStatus.resume
+ return NodeActionPowerUp()
elif (
state is not None
and "POWERED_DOWN" not in state.flags
@@ -199,9 +266,9 @@ def find_node_status(nodename):
and inst.status == "TERMINATED"
):
if inst.scheduling.preemptible:
- return NodeStatus.preempted
+ return NodeActionPrempt()
if state.base != "DOWN":
- return NodeStatus.terminated
+ return NodeActionDown(reason="Instance terminated")
elif (state is None or "POWERED_DOWN" in state.flags) and inst.status == "RUNNING":
log.info("%s is potential orphan node", nodename)
age_threshold_seconds = 90
@@ -214,13 +281,13 @@ def find_node_status(nodename):
age_threshold_seconds,
inst_seconds_old,
)
- return NodeStatus.unchanged
- return NodeStatus.orphan
+ return NodeActionUnchanged()
+ return NodeActionDelete()
elif state is None:
# if state is None here, the instance exists but it's not in Slurm
- return NodeStatus.unknown
+ return NodeActionUnknown(slurm_state=state, instance_state=inst.status)
- return NodeStatus.unchanged
+ return NodeActionUnchanged()
def _seconds_since_timestamp(timestamp):
@@ -236,69 +303,6 @@ def _seconds_since_timestamp(timestamp):
return datetime.now().timestamp() - creation_dt.timestamp()
-def do_node_update(status, nodes):
- """update node/instance based on node status"""
- if status == NodeStatus.unchanged:
- return
- count = len(nodes)
- hostlist = util.to_hostlist(nodes)
-
- def nodes_down():
- """down nodes"""
- log.info(
- f"{count} nodes set down due to node status '{status.name}' ({hostlist})"
- )
- run(
- f"{lookup().scontrol} update nodename={hostlist} state=down reason='Instance stopped/deleted'"
- )
-
- def nodes_restart():
- """start instances for nodes"""
- log.info(f"{count} instances restarted ({hostlist})")
- start_instances(nodes)
-
- def nodes_idle():
- """idle nodes"""
- log.info(f"{count} nodes to idle ({hostlist})")
- run(f"{lookup().scontrol} update nodename={hostlist} state=resume")
-
- def nodes_resume():
- """resume nodes via scontrol"""
- log.info(f"{count} instances to resume ({hostlist})")
- run(f"{lookup().scontrol} update nodename={hostlist} state=power_up")
-
- def nodes_delete():
- """delete instances for nodes"""
- log.info(f"{count} instances to delete ({hostlist})")
- delete_instances(nodes)
-
- def nodes_power_down():
- """power_down node in slurm"""
- log.info(f"{count} instances to power down ({hostlist})")
- run(f"{lookup().scontrol} update nodename={hostlist} state=power_down")
-
- def nodes_unknown():
- """Error status, nodes shouldn't get in this status"""
- log.error(f"{count} nodes have unexpected status: ({hostlist})")
- first = next(iter(nodes))
- state = lookup().slurm_node(first)
- state = "{}+{}".format(state.base, "+".join(state.flags)) if state else "None"
- inst = lookup().instance(first)
- log.error(f"{first} state: {state}, instance status:{inst.status}")
-
- {
- NodeStatus.orphan: nodes_delete,
- NodeStatus.power_down: nodes_power_down,
- NodeStatus.preempted: lambda: (nodes_down(), nodes_restart()),
- NodeStatus.restore: nodes_idle,
- NodeStatus.resume: nodes_resume,
- NodeStatus.terminated: nodes_down,
- NodeStatus.unbacked: nodes_down,
- NodeStatus.unchanged: lambda: None,
- NodeStatus.unknown: nodes_unknown,
- }[status]()
-
-
def delete_placement_groups(placement_groups):
def delete_placement_request(pg_name, region):
return lookup().compute.resourcePolicies().delete(
@@ -393,18 +397,9 @@ def sync_slurm():
log.debug(
f"reconciling {len(compute_instances)} ({len(all_nodes)-len(compute_instances)}) GCP instances and {len(slurm_nodes)} Slurm nodes ({len(all_nodes)-len(slurm_nodes)})."
)
- node_statuses = {
- k: list(v) for k, v in util.groupby_unsorted(all_nodes, find_node_status)
- }
- if log.isEnabledFor(logging.DEBUG):
- status_nodelist = {
- status.name: to_hostlist_fast(nodes)
- for status, nodes in node_statuses.items()
- }
- log.debug(f"node statuses: \n{yaml.safe_dump(status_nodelist).rstrip()}")
- for status, nodes in node_statuses.items():
- do_node_update(status, nodes)
+ for action, nodes in util.groupby_unsorted(all_nodes, get_node_action):
+ action.apply(list(nodes))
def reconfigure_slurm():
@@ -446,10 +441,12 @@ def reconfigure_slurm():
def update_topology(lkp: util.Lookup) -> None:
if conf.topology_plugin(lkp) != conf.TOPOLOGY_PLUGIN_TREE:
return
- updated = conf.gen_topology_conf(lkp)
+ updated, summary = conf.gen_topology_conf(lkp)
if updated:
- log.debug("Topology configuration updated. Reconfiguring Slurm.")
+ log.info("Topology configuration updated. Reconfiguring Slurm.")
util.scontrol_reconfigure(lkp)
+ # Safe summary only after Slurm got reconfigured, so summary reflects Slurm POV
+ summary.dump(lkp)
def delete_reservation(lkp: util.Lookup, reservation_name: str) -> None:
@@ -520,7 +517,7 @@ def sync_maintenance_reservation(lkp: util.Lookup) -> None:
if res_name in curr_reservation_map:
diff = curr_reservation_map[res_name] - start_time
- if abs(diff) <= dt.timedelta(seconds=1):
+ if abs(diff) <= timedelta(seconds=1):
continue
else:
del_reservation.add(res_name)
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/common.py b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/common.py
index 2272aeef99..a807c00f28 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/common.py
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/common.py
@@ -36,6 +36,14 @@ class TstNodeset:
instance_template: Optional[str] = None
reservation_name: Optional[str] = ""
zone_policy_allow: Optional[list[str]] = field(default_factory=list)
+ enable_placement: bool = True
+
+@dataclass
+class TstPartition:
+ partition_name: str = "euler"
+ partition_nodeset: list[str] = field(default_factory=list)
+ partition_nodeset_tpu: list[str] = field(default_factory=list)
+ enable_job_exclusive: bool = False
@dataclass
class TstCfg:
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/test_resume.py b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/test_resume.py
new file mode 100644
index 0000000000..147ba00658
--- /dev/null
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/test_resume.py
@@ -0,0 +1,173 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from typing import Optional
+
+import os
+import pytest
+import unittest.mock
+import unittest
+import tempfile
+
+from common import TstCfg, TstNodeset, TstPartition, TstTPU # needed to import util
+import util
+import resume
+from resume import ResumeData, ResumeJobData, BulkChunk, PlacementAndNodes
+
+def test_get_resume_file_data_no_env():
+ with unittest.mock.patch.dict(os.environ, {"SLURM_RESUME_FILE": ""}):
+ assert resume.get_resume_file_data() is None
+
+
+def test_get_resume_file_data():
+ with tempfile.NamedTemporaryFile() as f:
+ f.write(b"""{
+ "jobs": [
+ {
+ "extra": null,
+ "job_id": 1,
+ "features": null,
+ "nodes_alloc": "green-[0-2]",
+ "nodes_resume": "green-[0-1]",
+ "oversubscribe": "OK",
+ "partition": "red",
+ "reservation": null
+ }
+ ],
+ "all_nodes_resume": "green-[0-1]"
+}""")
+ f.flush()
+ with (
+ unittest.mock.patch.dict(os.environ, {"SLURM_RESUME_FILE": f.name}),
+ unittest.mock.patch("util.to_hostnames") as mock_to_hostnames,
+ ):
+ mock_to_hostnames.return_value = ["green-0", "green-1", "green-2"]
+ assert resume.get_resume_file_data() == ResumeData(jobs=[
+ ResumeJobData(
+ job_id = 1,
+ partition="red",
+ nodes_alloc=["green-0", "green-1", "green-2"],
+ )
+ ])
+ mock_to_hostnames.assert_called_once_with("green-[0-2]")
+
+
+@unittest.mock.patch("util.TPU")
+@unittest.mock.patch("resume.create_placements")
+def test_group_nodes_bulk(mock_create_placements, mock_tpu):
+ cfg = TstCfg(
+ nodeset={
+ "n": TstNodeset(nodeset_name="n"),
+ },
+ nodeset_tpu={
+ "t": TstNodeset(nodeset_name="t"),
+ },
+ partitions={
+ "p1": TstPartition(
+ partition_name="p1",
+ enable_job_exclusive=True,
+ ),
+ "p2": TstPartition(
+ partition_name="p2",
+ partition_nodeset_tpu=["t"],
+ enable_job_exclusive=True,
+ )
+ }
+ )
+ lkp = util.Lookup(cfg)
+
+ def mock_create_placements_se(nodes, excl_job_id, lkp):
+ args = (set(nodes), excl_job_id)
+ if ({'c-n-1', 'c-n-2', 'c-t-8', 'c-t-9'}, None) == args:
+ return [
+ PlacementAndNodes("g0", ["c-n-1", "c-n-2"]),
+ PlacementAndNodes(None, ['c-t-8', 'c-t-9']),
+ ]
+ if ({"c-n-0", "c-n-8"}, 1) == args:
+ return [
+ PlacementAndNodes("g10", ["c-n-0"]),
+ PlacementAndNodes("g11", ["c-n-8"]),
+ ]
+ if ({'c-t-0', 'c-t-1', 'c-t-2', 'c-t-3', 'c-t-4', 'c-t-5'}, 2) == args:
+ return [
+ PlacementAndNodes(None, ['c-t-0', 'c-t-1', 'c-t-2', 'c-t-3', 'c-t-4', 'c-t-5'])
+ ]
+ raise AssertionError(f"unexpected invocation: '{args}'")
+ mock_create_placements.side_effect = mock_create_placements_se
+
+ def mock_tpu_se(ns: TstNodeset) -> TstTPU:
+ if ns.nodeset_name == "t":
+ return TstTPU(vmcount=2)
+ raise AssertionError(f"unexpected invocation: '{ns}'")
+ mock_tpu.side_effect = mock_tpu_se
+
+ got = resume.group_nodes_bulk(
+ ["c-n-0", "c-n-1", "c-n-2", "c-t-0", "c-t-1", "c-t-2", "c-t-3", "c-t-8", "c-t-9"],
+ ResumeData(jobs=[
+ ResumeJobData(job_id=1, partition="p1", nodes_alloc=["c-n-0", "c-n-8"]),
+ ResumeJobData(job_id=2, partition="p2", nodes_alloc=["c-t-0", "c-t-1", "c-t-2", "c-t-3", "c-t-4", "c-t-5"]),
+ ]), lkp)
+ mock_create_placements.assert_called()
+ assert got == {
+ "c-n:jobNone:g0:0": BulkChunk(
+ nodes=["c-n-1", "c-n-2"], prefix="c-n", chunk_idx=0, excl_job_id=None, placement_group="g0"),
+ "c-n:job1:g10:0": BulkChunk(
+ nodes=["c-n-0"], prefix="c-n", chunk_idx=0, excl_job_id=1, placement_group="g10"),
+ "c-t:0": BulkChunk(
+ nodes=["c-t-8", "c-t-9"], prefix="c-t", chunk_idx=0, excl_job_id=None, placement_group=None),
+ "c-t:job2:0": BulkChunk(
+ nodes=["c-t-0", "c-t-1"], prefix="c-t", chunk_idx=0, excl_job_id=2, placement_group=None),
+ "c-t:job2:1": BulkChunk(
+ nodes=["c-t-2", "c-t-3"], prefix="c-t", chunk_idx=1, excl_job_id=2, placement_group=None),
+ }
+
+
+@pytest.mark.parametrize(
+ "nodes,excl_job_id,expected",
+ [
+ ( # TPU - no placements
+ ["c-t-0", "c-t-2"], 4, [PlacementAndNodes(None, ["c-t-0", "c-t-2"])]
+ ),
+ ( # disabled placements - no placemens
+ ["c-x-0", "c-x-2"], 4, [PlacementAndNodes(None, ["c-x-0", "c-x-2"])]
+ ),
+ ( # excl_job
+ ["c-n-0", "c-n-uno", "c-n-2", "c-n-2011"], 4, [
+ PlacementAndNodes("c-slurmgcp-managed-n-4-0", ["c-n-0", "c-n-uno", "c-n-2", "c-n-2011"])
+ ]
+ ),
+ ( # no excl_job
+ ["c-n-0", "c-n-uno", "c-n-2", "c-n-2011"], None, [
+ PlacementAndNodes("c-slurmgcp-managed-n-0-0", ["c-n-0", "c-n-2"]),
+ PlacementAndNodes('c-slurmgcp-managed-n-0-1', ['c-n-2011']),
+ PlacementAndNodes(None, ["c-n-uno"]),
+ ]
+ ),
+ ],
+)
+def test_allocate_nodes_to_placements(nodes: list[str], excl_job_id: Optional[int], expected: list[PlacementAndNodes]):
+ cfg = TstCfg(
+ slurm_cluster_name="c",
+ nodeset={
+ "n": TstNodeset(nodeset_name="n", enable_placement=True),
+ "x": TstNodeset(nodeset_name="x", enable_placement=False)
+ },
+ nodeset_tpu={
+ "t": TstNodeset(nodeset_name="t")
+ })
+ lkp = util.Lookup(cfg)
+
+ with unittest.mock.patch("resume.valid_placement_node") as mock_valid_placement_node:
+ mock_valid_placement_node.return_value = True
+ assert resume._allocate_nodes_to_placements(nodes, excl_job_id, lkp) == expected
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/test_topology.py b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/test_topology.py
index 6d44338c81..78715bc5f6 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/test_topology.py
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/test_topology.py
@@ -119,10 +119,12 @@ def tpu_se(ns: TstNodeset) -> TstTPU:
"SwitchName=s1_1 Nodes=m22-slim-[0-2]"]
assert list(compressed.render_conf_lines()) == want_compressed
- assert conf.gen_topology_conf(lkp) == True
+ upd, summary = conf.gen_topology_conf(lkp)
+ assert upd == True
want_written = PRELUDE + "\n".join(want_compressed) + "\n\n"
assert open(cfg.output_dir + "/cloud_topology.conf").read() == want_written
+ summary.dump(lkp)
summary_got = json.loads(open(cfg.output_dir + "/cloud_topology.summary.json").read())
assert summary_got == {
@@ -154,31 +156,45 @@ def test_gen_topology_conf_update():
lkp.instances = lambda: {} # no instances
# initial generation - reconfigure
- assert conf.gen_topology_conf(lkp) == True
+ upd, sum = conf.gen_topology_conf(lkp)
+ assert upd == True
+ sum.dump(lkp)
# add node: node_count_static 2 -> 3 - reconfigure
lkp.cfg.nodeset["c"].node_count_static = 3
- assert conf.gen_topology_conf(lkp) == True
+ upd, sum = conf.gen_topology_conf(lkp)
+ assert upd == True
+ sum.dump(lkp)
# remove node: node_count_static 3 -> 2 - no reconfigure
lkp.cfg.nodeset["c"].node_count_static = 2
- assert conf.gen_topology_conf(lkp) == False
+ upd, sum = conf.gen_topology_conf(lkp)
+ assert upd == False
+ # don't dump
# set empty physicalHost - no reconfigure
lkp.instances = lambda: { n.name: n for n in [TstInstance("m22-green-0", physicalHost="")]}
- assert conf.gen_topology_conf(lkp) == False
+ upd, sum = conf.gen_topology_conf(lkp)
+ assert upd == False
+ # don't dump
# set physicalHost - reconfigure
lkp.instances = lambda: { n.name: n for n in [TstInstance("m22-green-0", physicalHost="/a/b/c")]}
- assert conf.gen_topology_conf(lkp) == True
+ upd, sum = conf.gen_topology_conf(lkp)
+ assert upd == True
+ sum.dump(lkp)
# change physicalHost - reconfigure
lkp.instances = lambda: { n.name: n for n in [TstInstance("m22-green-0", physicalHost="/a/b/z")]}
- assert conf.gen_topology_conf(lkp) == True
+ upd, sum = conf.gen_topology_conf(lkp)
+ assert upd == True
+ sum.dump(lkp)
# shut down node - no reconfigure
lkp.instances = lambda: {}
- assert conf.gen_topology_conf(lkp) == False
+ upd, sum = conf.gen_topology_conf(lkp)
+ assert upd == False
+ # don't dump
@pytest.mark.parametrize(
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/test_util.py b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/test_util.py
index 1b75a1fbb2..2807740464 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/test_util.py
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tests/test_util.py
@@ -63,6 +63,24 @@ def test_node_desc(name, expected):
assert util.lookup()._node_desc(name) == expected
+@pytest.mark.parametrize(
+ "name,expected",
+ [
+ ("az-buka-23", 23),
+ ("az-buka-0", 0),
+ ("az-buka", Exception),
+ ("az-buka-xyzf", ValueError),
+ ("az-buka-[2-3]", ValueError),
+ ],
+)
+def test_node_index(name, expected):
+ if type(expected) is type and issubclass(expected, Exception):
+ with pytest.raises(expected):
+ util.lookup().node_index(name)
+ else:
+ assert util.lookup().node_index(name) == expected
+
+
@pytest.mark.parametrize(
"name",
[
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tools/gpu-test b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tools/gpu-test
index 0aaaeb2fc0..6be548a7ed 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tools/gpu-test
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/tools/gpu-test
@@ -31,8 +31,8 @@ fi
# Exit if GPU isn't H100
GPU_MODEL=$(nvidia-smi --query-gpu=name --format=csv,noheader)
-if [[ "$GPU_MODEL" != *"H100"* ]]; then
- echo "Non-H100 GPU detected" >&2
+if ! [[ "$GPU_MODEL" =~ H[1-2]00 ]]; then
+ echo "No H100 or H200 GPU detected" >&2
exit 0
fi
@@ -80,7 +80,7 @@ if [ $NUMGPUS -gt 0 ]; then
if [ $DCGM_FAILED -eq 0 ] || \
[ $ECC_ERRORS -gt 0 ] || \
[ $NVLINK_ERRORS -gt 0 ]; then
- REASON="H100 GPU issues detected: "
+ REASON="GPU issues detected: "
[ $DCGM_FAILED -eq 0 ] && REASON+="DCGM test failed, "
[ $ECC_ERRORS -gt 0 ] && REASON+="ECC errors found ($ECC_ERRORS double-bit errors), "
[ $NVLINK_ERRORS -gt 0 ] && REASON+="NVLink errors detected ($NVLINK_ERRORS errors), "
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/util.py b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/util.py
index 1d07678619..605283c5bb 100755
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/util.py
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/modules/slurm_files/scripts/util.py
@@ -19,7 +19,7 @@
import base64
import collections
from dataclasses import dataclass
-from datetime import timedelta
+from datetime import timedelta, datetime
import hashlib
import inspect
import json
@@ -947,11 +947,7 @@ def cur_repr():
res.append(f"{p}[{','.join(cs)}]")
return ",".join(res)
-
-def part_is_tpu(part):
- """check if partition with name part contains a nodeset of type tpu"""
- return len(lookup().cfg.partitions[part].partition_nodeset_tpu) > 0
-
+@lru_cache(maxsize=None)
def to_hostnames(nodelist: str) -> List[str]:
"""make list of hostnames from hostlist expression"""
if not nodelist:
@@ -1462,6 +1458,21 @@ class ReservationDetails:
bulk_insert_name: str # name in format suitable for bulk insert (currently identical to user supplied name in long format)
deployment_type: Optional[str]
+ @property
+ def dense(self) -> bool:
+ return self.deployment_type == "DENSE"
+
+@dataclass(frozen=True)
+class FutureReservation:
+ project: str
+ zone: str
+ name: str
+ specific: bool
+ start_time: datetime
+ end_time: datetime
+ active_reservation: Optional[ReservationDetails]
+
+
@dataclass
class Job:
id: int
@@ -1470,6 +1481,10 @@ class Job:
job_state: Optional[str] = None
duration: Optional[timedelta] = None
+@dataclass(frozen=True)
+class NodeState:
+ base: str
+ flags: frozenset
class Lookup:
"""Wrapper class for cached data access"""
@@ -1564,30 +1579,46 @@ def _node_desc(self, node_name):
def node_prefix(self, node_name=None):
return self._node_desc(node_name)["prefix"]
+
+ def node_index(self, node: str) -> int:
+ """ node_index("cluster-nodeset-45") == 45 """
+ suff = self._node_desc(node)["suffix"]
+
+ if suff is None:
+ raise ValueError(f"Node {node} name does not end with numeric index")
+ return int(suff)
def node_nodeset_name(self, node_name=None):
return self._node_desc(node_name)["nodeset"]
def node_nodeset(self, node_name=None):
nodeset_name = self.node_nodeset_name(node_name)
- ns = self.cfg.nodeset.get(nodeset_name)
- if ns:
- return ns
- return self.cfg.nodeset_tpu.get(nodeset_name)
+ if nodeset_name in self.cfg.nodeset_tpu:
+ return self.cfg.nodeset_tpu[nodeset_name]
+ return self.cfg.nodeset[nodeset_name]
+
+ def partition_is_tpu(self, part: str) -> bool:
+ """check if partition with name part contains a nodeset of type tpu"""
+ return len(self.cfg.partitions[part].partition_nodeset_tpu) > 0
+
def node_is_tpu(self, node_name=None):
nodeset_name = self.node_nodeset_name(node_name)
return self.cfg.nodeset_tpu.get(nodeset_name) is not None
+
+ def node_is_fr(self, node_name:str) -> bool:
+ return bool(self.node_nodeset(node_name).future_reservation)
+
+ def is_dormant_fr_node(self, node_name:str) -> bool:
+ fr = self.future_reservation(self.node_nodeset(node_name))
+ if not fr:
+ return False
+ return fr.active_reservation is None
def node_is_dyn(self, node_name=None) -> bool:
nodeset = self.node_nodeset_name(node_name)
return self.cfg.nodeset_dyn.get(nodeset) is not None
- def chunk_tpu_nodes(self, tpu_nodes):
- model = tpu_nodes[0]
- tpu = TPU(self.node_nodeset(model))
- return chunked(tpu_nodes, n=tpu.vmcount)
-
def node_template(self, node_name=None):
return self.node_nodeset(node_name).instance_template
@@ -1646,15 +1677,14 @@ def is_static_node(self, node_name: str) -> bool:
@lru_cache(maxsize=None)
def slurm_nodes(self):
- StateTuple = namedtuple("StateTuple", "base,flags")
def make_node_tuple(node_line):
- """turn node,state line to (node, StateTuple(state))"""
+ """turn node,state line to (node, NodeState(state))"""
# state flags include: CLOUD, COMPLETING, DRAIN, FAIL, POWERED_DOWN,
# POWERING_DOWN
node, fullstate = node_line.split(",")
state = fullstate.split("+")
- state_tuple = StateTuple(state[0], set(state[1:]))
+ state_tuple = NodeState(base=state[0], flags=frozenset(state[1:]))
return (node, state_tuple)
cmd = (
@@ -1766,7 +1796,27 @@ def _get_reservation(self, project: str, zone: str, name: str) -> object:
"""See https://cloud.google.com/compute/docs/reference/rest/v1/reservations"""
return self.compute.reservations().get(
project=project, zone=zone, reservation=name).execute()
+
+ @lru_cache()
+ def _get_future_reservation(self, project:str, zone:str, name: str) -> object:
+ """See https://cloud.google.com/compute/docs/reference/rest/v1/futureReservations"""
+ return self.compute.futureReservations().get(project=project, zone=zone, futureReservation=name).execute()
+
+ def get_reservation_details(self, project:str, zone:str, name:str, bulk_insert_name:str) -> ReservationDetails:
+ reservation = self._get_reservation(project, zone, name)
+
+ # Converts policy URLs to names, e.g.:
+ # projects/111111/regions/us-central1/resourcePolicies/zebra -> zebra
+ policies = [u.split("/")[-1] for u in reservation.get("resourcePolicies", {}).values()]
+ return ReservationDetails(
+ project=project,
+ zone=zone,
+ name=name,
+ policies=policies,
+ deployment_type=reservation.get("deploymentType"),
+ bulk_insert_name=bulk_insert_name)
+
def nodeset_reservation(self, nodeset: object) -> Optional[ReservationDetails]:
if not nodeset.reservation_name:
return None
@@ -1782,19 +1832,37 @@ def nodeset_reservation(self, nodeset: object) -> Optional[ReservationDetails]:
)
project, name = match.group("project", "reservation")
- reservation = self._get_reservation(project, zone, name)
+ return self.get_reservation_details(project, zone, name, nodeset.reservation_name)
+
+ def future_reservation(self, nodeset:object) -> Optional[FutureReservation]:
+ if not nodeset.future_reservation:
+ return None
- # Converts policy URLs to names, e.g.:
- # projects/111111/regions/us-central1/resourcePolicies/zebra -> zebra
- policies = [u.split("/")[-1] for u in reservation.get("resourcePolicies", {}).values()]
+ active_reservation = None
+ match = re.search(r'^projects/(?P[^/]+)/zones/(?P[^/]+)/futureReservations/(?P[^/]+)(/.*)?$', nodeset.future_reservation)
+ project, zone, name = match.group("project","zone","name")
+ fr = self._get_future_reservation(project,zone,name)
- return ReservationDetails(
+ # TODO: Remove this "hack" of trimming the Z from timestamps once we move to Python 3.11 (context: https://discuss.python.org/t/parse-z-timezone-suffix-in-datetime/2220/30)
+ start_time = datetime.fromisoformat(fr["timeWindow"]["startTime"][:-1])
+ end_time = datetime.fromisoformat(fr["timeWindow"]["endTime"][:-1])
+
+ if "autoCreatedReservations" in fr["status"] and (fr_res:=fr["status"]["autoCreatedReservations"][0]):
+ if (start_time<=datetime.utcnow()<=end_time):
+ match = re.search(r'projects/(?P[^/]+)/zones/(?P[^/]+)/reservations/(?P[^/]+)(/.*)?$',fr_res)
+ res_name = match.group("name")
+ bulk_insert_name = f"projects/{project}/reservations/{res_name}"
+ active_reservation = self.get_reservation_details(project, zone, res_name, bulk_insert_name)
+
+ return FutureReservation(
project=project,
zone=zone,
name=name,
- policies=policies,
- deployment_type=reservation.get("deploymentType"),
- bulk_insert_name=nodeset.reservation_name)
+ specific=fr["specificReservationRequired"],
+ start_time=start_time,
+ end_time=end_time,
+ active_reservation=active_reservation
+ )
@lru_cache(maxsize=1)
def machine_types(self):
@@ -1931,12 +1999,6 @@ def template_info(self, template_link):
return template
- def nodeset_map(self, hostnames: list):
- """Convert a list of nodes into a map of nodeset_name to hostnames"""
- nodeset_map = collections.defaultdict(list)
- for node in hostnames:
- nodeset_map[self.node_nodeset_name(node)].append(node)
- return nodeset_map
def _parse_job_info(self, job_info: str) -> Job:
"""Extract job details"""
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/partition.tf b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/partition.tf
index 2a76ed7dca..e8626bd1bd 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/partition.tf
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/partition.tf
@@ -26,7 +26,7 @@ locals {
# NODESET
# TODO: remove dependency on slurm-gcp repo, move to local template module
module "slurm_nodeset_template" {
- source = "github.com/GoogleCloudPlatform/slurm-gcp.git//terraform/slurm_cluster/modules/slurm_instance_template?ref=6.8.6"
+ source = "../../internal/slurm-gcp-v6/instance_template"
for_each = local.nodeset_map
project_id = var.project_id
@@ -89,6 +89,7 @@ locals {
node_count_static = ns.node_count_static
subnetwork = ns.subnetwork_self_link
reservation_name = ns.reservation_name
+ future_reservation = ns.future_reservation
maintenance_interval = ns.maintenance_interval
instance_properties_json = ns.instance_properties_json
enable_placement = ns.enable_placement
@@ -103,7 +104,7 @@ locals {
# NODESET TPU
module "slurm_nodeset_tpu" {
- source = "github.com/GoogleCloudPlatform/slurm-gcp.git//terraform/slurm_cluster/modules/slurm_nodeset_tpu?ref=6.8.6"
+ source = "../../internal/slurm-gcp-v6/nodeset_tpu"
for_each = local.nodeset_tpu_map
project_id = var.project_id
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/variables.tf b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/variables.tf
index b06d62b39f..6264576b2c 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/variables.tf
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/variables.tf
@@ -278,6 +278,7 @@ variable "nodeset" {
tags = optional(list(string), [])
termination_action = optional(string)
reservation_name = optional(string)
+ future_reservation = string
startup_script = optional(list(object({
filename = string
content = string })), [])
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/versions.tf b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/versions.tf
index 38f97edcff..10ba69beae 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/versions.tf
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-controller/versions.tf
@@ -24,6 +24,6 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:schedmd-slurm-gcp-v6-controller/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:schedmd-slurm-gcp-v6-controller/v1.44.0"
}
}
diff --git a/community/modules/scheduler/schedmd-slurm-gcp-v6-login/versions.tf b/community/modules/scheduler/schedmd-slurm-gcp-v6-login/versions.tf
index cbcb20a4a1..cb3dca1bc2 100644
--- a/community/modules/scheduler/schedmd-slurm-gcp-v6-login/versions.tf
+++ b/community/modules/scheduler/schedmd-slurm-gcp-v6-login/versions.tf
@@ -24,6 +24,6 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:schedmd-slurm-gcp-v6-login/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:schedmd-slurm-gcp-v6-login/v1.44.0"
}
}
diff --git a/community/modules/scripts/wait-for-startup/versions.tf b/community/modules/scripts/wait-for-startup/versions.tf
index 2e55cca8b0..c5c429481f 100644
--- a/community/modules/scripts/wait-for-startup/versions.tf
+++ b/community/modules/scripts/wait-for-startup/versions.tf
@@ -22,7 +22,7 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:wait-for-startup/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:wait-for-startup/v1.44.0"
}
required_version = ">= 0.14.0"
diff --git a/community/modules/scripts/windows-startup-script/versions.tf b/community/modules/scripts/windows-startup-script/versions.tf
index bd33fff2e1..1e592099f1 100644
--- a/community/modules/scripts/windows-startup-script/versions.tf
+++ b/community/modules/scripts/windows-startup-script/versions.tf
@@ -16,7 +16,7 @@
terraform {
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:windows-startup-script/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:windows-startup-script/v1.44.0"
}
required_version = ">= 0.14.0"
diff --git a/docs/slurm-dws-calendar.md b/docs/slurm-dws-calendar.md
new file mode 100644
index 0000000000..6ae223cee6
--- /dev/null
+++ b/docs/slurm-dws-calendar.md
@@ -0,0 +1,24 @@
+# Provisioning SlurmGCP nodes with Future Reservations (DWS Calendar Mode)
+
+Use [Future Reservations](https://cloud.google.com/compute/docs/instances/future-reservations-overview) to request assurance of important or difficult-to-obtain capacity in advance.
+[Dynamic Workload Scheduler](https://cloud.google.com/blog/products/compute/introducing-dynamic-workload-scheduler) Calendar mode extends the future reservation capabilities and caters to training/experimentation workloads that demand precise start times and have a defined duration.
+
+Compared to on-demand reservations, future reservations provide you with an even higher level of assurance in obtaining capacity for Compute Engine zonal resources.
+
+With Calendar mode, you will be able to request GPU capacity in fixed duration capacity blocks. It will initially support future reservations with durations of 7 or 14 days and can be purchased up to 8 weeks in advance. Your reservation will get confirmed, based on availability, and the capacity will be delivered to your project on your requested start date. Your VMs will be able to target this reservation to consume this capacity block. At the end of the defined duration, the VMs will be terminated, and the reservations will get deleted.
+
+> [!IMPORTANT]
+> To use DWS Calendar mode your project needs to be allowlisted for private preview access.
+> Fill out the [form](https://docs.google.com/forms/d/1etaaXMW9jJUTTxfUC7TIIMttLWT5H-3Q8_3-sG6vwKk/edit).
+
+In order to make use of Future Reservations/DWS Calendar mode with SlurmGCP, you must use the `future_reservation` variable in the `schedmd-slurm-gcp-v6-nodeset` module. From there you can specify the name of the future reservation that you would like it to use. Ensure fields like `machine_type` matches with your reservation. Once deployed nodes in your nodeset will appear `DOWN` until your reservation begins, and will appear `DOWN` again once the reservation is complete (no redeploying necessary).
+
+```yaml
+ - id: fr_nodeset
+ source: community/modules/compute/schedmd-slurm-gcp-v6-nodeset
+ use: [network]
+ settings:
+ future_reservation: name OR project/PROJECT/zone/ZONE/futureReservations/name
+ enable_placement: false
+ # the rest of the settings, e.g. node_count_static, machine_type, additional_disks, etc.
+```
diff --git a/docs/tutorials/openfoam/README.md b/docs/tutorials/openfoam/README.md
new file mode 100644
index 0000000000..91482046c9
--- /dev/null
+++ b/docs/tutorials/openfoam/README.md
@@ -0,0 +1,12 @@
+# Cluster Toolkit - OpenFOAM Simulation and Visualization
+
+Cluster Toolkit is an open-source software offered by Google Cloud which makes
+it easy for customers to deploy HPC environments on Google Cloud.
+[OpenFOAM](https://www.openfoam.com/) is a popular tool for running
+computational fluid dynamics (CFD) simulations. This
+[demo](https://github.com/GoogleCloudPlatform/scientific-computing-examples/tree/main/apptainer/demos/openfoam)
+in the Google Cloud Platform scientific computing examples
+[repo](https://github.com/GoogleCloudPlatform/scientific-computing-examples/tree/main)
+walks you through the process of running and visualizing an OpenFOAM simulation
+using a set of [apptainer](https://apptainer.org/) containers on a Slurm-based
+HPC system deployed with the Cluster Toolkit.
diff --git a/docs/tutorials/openfoam/spack-openfoam.md b/docs/tutorials/openfoam/spack-openfoam.md
deleted file mode 100644
index d9bf3ea6d5..0000000000
--- a/docs/tutorials/openfoam/spack-openfoam.md
+++ /dev/null
@@ -1,290 +0,0 @@
-# Cluster Toolkit - Install and Run OpenFOAM on a Slurm Cluster
-
-Cluster Toolkit is an open-source software offered by Google Cloud which makes it
-easy for customers to deploy HPC environments on Google Cloud.
-
-In this tutorial you will use the Cluster Toolkit to:
-
-* Deploy a [Slurm](https://github.com/GoogleCloudPlatform/slurm-gcp#readme) HPC cluster on
- Google Cloud
-* Use [Spack](https://spack.io/) to install the OpenFOAM application and all of
- its dependencies
-* Run a [OpenFOAM](https://www.openfoam.com/) job on your newly provisioned
- cluster
-* Tear down the cluster
-
-Estimated time to complete:
-The tutorial takes 3 hr. to complete,
-of which 2.5 hr is for installing software
-(without cache).
-
-> **_NOTE:_** With a complete Spack cache, the tutorial takes 30 min.
-
-## Select a Project
-
-Select a project in which to deploy an HPC cluster on Google.
-
-
-
-Once you have selected a project, click START.
-
-## Enable APIs & Permissions
-
-In a new Google Cloud project there are several apis that must be enabled to
-deploy your HPC cluster. These will be caught when you perform `./gcluster create`
-but you can save time by enabling them now by running:
-
-
-
-We also need to grant the default compute service account project edit access so
-the slurm controller can perform actions such as auto-scaling.
-
-
-
-```bash
-PROJECT_NUMBER=$(gcloud projects list --filter= --format='value(PROJECT_NUMBER)')
-
-echo "granting roles/editor to $PROJECT_NUMBER-compute@developer.gserviceaccount.com"
-
-gcloud iam service-accounts enable --project $PROJECT_NUMBER-compute@developer.gserviceaccount.com
-
-gcloud projects add-iam-policy-binding --member=serviceAccount:$PROJECT_NUMBER-compute@developer.gserviceaccount.com --role=roles/editor
-```
-
-## Build the Toolkit Binary
-
-To build Cluster Toolkit binary from source run:
-
-```bash
-make
-```
-
-You should now have a binary named gcluster in the current directory. To verify the
-build run:
-
-```bash
-./gcluster --version
-```
-
-This should show you the version of the Cluster Toolkit you are using.
-
-## Generate a Deployment
-
-This tutorial will use the blueprint docs/tutorials/openfoam/spack-openfoam.yaml,
-which should be open in the Cloud Shell Editor (on the left).
-
-This file describes the cluster you will deploy. It defines:
-
-* a vpc network
-* a monitoring dashboard with metrics on your cluster
-* a definition of a custom Spack installation
-* a startup script that
- * installs ansible
- * installs Spack & OpenFOAM using the definition above
- * sets up a Spack environment including downloading an example input deck
- * places a submission script on a shared drive
-* a Slurm cluster
- * a Slurm login node
- * a Slurm controller
- * An auto-scaling Slurm partition
-
-After you have inspected the file, use the gcluster binary to create a deployment
-folder by running:
-
-```bash
-./gcluster create docs/tutorials/openfoam/spack-openfoam.yaml --vars project_id=
-```
-
-> **_NOTE:_** The `--vars` argument is used to override `project_id` in the
-> deployment variables.
-
-This will create a deployment directory named `spack-openfoam/`, which
-contains the terraform needed to deploy your cluster.
-
-## Deploy the Cluster
-
-Use below command to deploy your cluster.
-
-```bash
-./gcluster deploy spack-openfoam
-```
-
-You can also use below command to generate a _plan_ that describes the Google
-Cloud resources that will be deployed.
-
-```bash
-terraform -chdir=spack-openfoam/primary init
-terraform -chdir=spack-openfoam/primary apply
-```
-
-
-
-
-```shell
-Apply complete! Resources: xx added, 0 changed, 0 destroyed.
-```
-
-## Waiting for the cluster to be configured
-
-Although the cluster has been successfully deployed, the startup scripts that
-install Spack and OpenFOAM take additional time to complete. When run without a
-Spack cache, this installation takes about 2.5 hrs (or 6 min with complete
-cache).
-
-The following command will print logging from the startup script running on the
-controller. This command can be used to view progress and check for completion
-of the startup script:
-
-```bash
-gcloud compute instances get-serial-port-output --port 1 --zone us-central1-c --project spackopenf-controller | grep google_metadata_script_runner
-```
-
-When the startup script has finished running you will see the following line as
-the final output from the above command:
-> _`spackopenf-controller google_metadata_script_runner: Finished running startup scripts.`_
-
-Optionally while you wait, you can see your deployed VMs on Google Cloud
-Console. Open the link below in a new window. Look for
-`spackopenf-controller` and `spackopenf-login-login-001`. If you don't
-see your VMs make sure you have the correct project selected (top left).
-
-```text
-https://console.cloud.google.com/compute?project=
-```
-
-## Connecting to the login node
-
-Once the startup script has completed, connect to the login node.
-
-Use the following command to ssh into the login node from cloud shell:
-
-```bash
-gcloud compute ssh spackopenf-login-login-001 --zone us-central1-c --project
-```
-
-You may be prompted to set up SSH. If so follow the prompts and if asked for a
-password, just hit `[enter]` leaving the input blank.
-
-If the above command succeeded (and you see a Slurm printout in the console)
-then **continue to the next page.**
-
-
-
-In some organizations you will not be able to SSH from cloud shell. If the above
-command fails you can SSH into the VM through the Cloud Console UI using the
-following instructions:
-
-1. Open the following URL in a new tab. This will take you to `Compute Engine` >
- `VM instances` in the Google Cloud Console:
-
-
-
- ```text
- https://console.cloud.google.com/compute?project=
- ```
-
-1. Click on the `SSH` button associated with the `spackopenf-login-login-001`
- instance.
-
- This will open a separate pop up window with a terminal into our newly
- created Slurm login VM.
-
-## Run a Job on the Cluster
-
- **The commands below should be run on the Slurm login node.**
-
-We will use the submission script (see line 122 of the blueprint) to submit a
-OpenFOAM job.
-
-1. Make a directory in which we will run the job:
-
- ```bash
- mkdir test_run && cd test_run
- ```
-
-2. Submit the job to Slurm to be scheduled:
-
- ```bash
- sbatch /opt/apps/openfoam/submit_openfoam.sh
- ```
-
-3. Once submitted, you can watch the job progress by repeatedly calling the
- following command:
-
- ```bash
- squeue
- ```
-
-The `sbatch` command trigger Slurm to auto-scale up several nodes to run the job.
-
-You can refresh the `Compute Engine` > `VM instances` page and see that
-additional VMs are being/have been created. These will be named something like
-`spackopenf-comput-0`.
-
-When running `squeue`, observe the job status start as `CF` (configuring),
-change to `R` (running) once the compute VMs have been created, and finally `CG`
-(completing) when job has finished and nodes are spooling down.
-
-When `squeue` no longer shows any jobs the job has finished. The whole job takes
-about 5 minutes to run.
-
-> **_NOTE:_** If the allocation fails, the message
-> `salloc: PrologSlurmctld failed, job killed` most likely indicates that your
-> project does not have sufficient quota for C2 instances in your region. \
-> **_NOTE:_** If the Slurm controller is shut down before the auto-scale nodes
-> are destroyed then they will be left running.
-
-## Review the output
-
-Several files will have been generated in the `test_run/` folder you created.
-
-The `slurm-1.out` file has information on the run such as performance. You can
-view this file by running the following command on the login node:
-
-```bash
-cat slurm-*.out
-```
-
-## View the cluster monitoring dashboard
-
-To view the monitoring dashboard containing metrics on your cluster, open the
-following URL in a new tab and click on the dashboard named
-`Cluster Toolkit Dashboard: spack-openfoam`.
-
-```text
-https://console.cloud.google.com/monitoring/dashboards?project=
-```
-
-## Destroy the Cluster
-
-To avoid incurring ongoing charges we will want to destroy our cluster.
-
-For this we need to return to our cloud shell terminal. Run `exit` in the
-terminal to close the SSH connection to the login node:
-
-> **_NOTE:_** If you are accessing the login node terminal via a separate pop-up
-> then make sure to call `exit` in the pop-up window.
-
-```bash
-exit
-```
-
-Run the following command in the cloud shell terminal to destroy the cluster:
-
-```bash
-./gcluster destroy spack-openfoam
-```
-
-When complete you should see something like:
-
-```shell
-Destroy complete! Resources: xx destroyed.
-```
-
-> **_NOTE:_** If destroy is run before Slurm shut down the auto-scale nodes then
-> they will be left behind and destroy may fail. In this case you can delete the
-> VMs manually and rerun the destroy command above.
-
-## Tutorial Complete
-
-
diff --git a/docs/tutorials/openfoam/spack-openfoam.yaml b/docs/tutorials/openfoam/spack-openfoam.yaml
deleted file mode 100644
index 5725b49905..0000000000
--- a/docs/tutorials/openfoam/spack-openfoam.yaml
+++ /dev/null
@@ -1,184 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
----
-
-blueprint_name: spack-openfoam
-
-vars:
- project_id: ## Set GCP Project ID Here ##
- deployment_name: spack-openfoam
- region: us-central1
- zone: us-central1-c
-
-deployment_groups:
-- group: primary
- modules:
- - id: network1
- source: modules/network/vpc
-
- - id: hpc_dash
- source: modules/monitoring/dashboard
-
- ## Install Scripts
- - id: spack-setup
- source: community/modules/scripts/spack-setup
- settings:
- install_dir: /opt/apps/spack
- spack_ref: v0.20.0
-
- - id: spack-execute
- source: community/modules/scripts/spack-execute
- use: [spack-setup]
- settings:
- log_file: /var/log/spack.log
- data_files:
- - destination: /tmp/projections-config.yaml
- content: |
- modules:
- default:
- tcl:
- hash_length: 0
- all:
- conflict:
- - '{name}'
- projections:
- all: '{name}/{version}-{compiler.name}-{compiler.version}'
- - destination: /tmp/slurm-external-config.yaml
- content: |
- packages:
- slurm:
- externals:
- - spec: slurm@21-08-8-2
- prefix: /usr/local
- buildable: False
- - destination: /share/spack/openfoam_env.yaml
- content: |
- spack:
- definitions:
- - compilers:
- - gcc@9.3.0
- - mpis:
- - openmpi@4.1.3~atomics~cuda+cxx~cxx_exceptions~gpfs~internal-hwloc~java+legacylaunchers~lustre~memchecker+pmi+romio+rsh~singularity+static+vt+wrapper-rpath fabrics=none schedulers=slurm
- - packages:
- - flex@2.6.4
- - mpi_packages:
- - openfoam-org@7 ^flex@2.6.4
- specs:
- - matrix:
- - - $mpis
- - - $%compilers
- - matrix:
- - - $packages
- - - $%compilers
- - matrix:
- - - $mpi_packages
- - - $%compilers
- - - $^mpis
- concretizer:
- unify: when_possible
- commands: |
- # Un-comment and update mirror_url to install from spack cache
- # if ! spack mirror list | grep -q gcs_cache; then
- # spack mirror add --scope site gcs_cache gs://optionally_set_spack_cache_bucket
- # fi
- # spack buildcache keys --install --trust
-
- spack config --scope defaults add config:build_stage:/opt/apps/spack/spack-stage
- spack config --scope defaults add -f /tmp/projections-config.yaml
- spack config --scope site add -f /tmp/slurm-external-config.yaml
-
- spack install gcc@9.3.0 %gcc@8.5.0 target=x86_64
- spack load gcc@9.3.0 %gcc@8.5.0 target=x86_64
- spack compiler find --scope site
-
- if ! spack env list | grep -q openfoam; then
- spack env create openfoam /share/spack/openfoam_env.yaml
- spack env activate openfoam
- spack concretize
- spack install
- fi
-
- - id: login-setup
- source: modules/scripts/startup-script
- settings:
- runners:
- - $(spack-execute.spack_runner)
- - type: shell
- destination: setup_openfoam.sh
- content: |
- #!/bin/bash
- source /opt/apps/spack/share/spack/setup-env.sh
- spack env activate openfoam
- - type: data
- destination: /opt/apps/openfoam/submit_openfoam.sh
- content: |
- #!/bin/bash
- #SBATCH -N 2
- #SBATCH --ntasks-per-node 30
-
- source /opt/apps/spack/share/spack/setup-env.sh
- spack env activate openfoam
-
- cd $SLURM_SUBMIT_DIR
- cp -R $FOAM_TUTORIALS/incompressible/simpleFoam/motorBike/* .
- mkdir -p constant/triSurface
- mkdir -p constant/geometry
- cp $FOAM_TUTORIALS/resources/geometry/motorBikemotorBike.obj.gz constant/triSurface/.
- cp $FOAM_TUTORIALS/resources/geometry/motorBikemotorBike.obj.gz constant/geometry/.
-
- sed "/^numberOfSubdomains/ c\\numberOfSubdomains 60;" -i system/decomposeParDict*
- sed "/^method/c\\method scotch;" -i system/decomposeParDict*
- ln -s 0 0.orig
-
- surfaceFeatures
- blockMesh
- decomposePar -copyZero
-
- scontrol show hostnames ${SLURM_JOB_NODELIST} > hostfile
- mpirun -n 60 -npernode 30 -hostfile hostfile snappyHexMesh -overwrite -parallel
- mpirun -n 60 -npernode 30 -hostfile hostfile potentialFoam -parallel
- mpirun -n 60 -npernode 30 -hostfile hostfile simpleFoam -parallel
-
- - id: compute_nodeset
- source: community/modules/compute/schedmd-slurm-gcp-v6-nodeset
- use: [network1]
- settings:
- node_count_dynamic_max: 2
- bandwidth_tier: gvnic_enabled
-
- - id: compute_partition
- source: community/modules/compute/schedmd-slurm-gcp-v6-partition
- use: [compute_nodeset]
- settings:
- partition_name: compute
- is_default: true
-
- - id: slurm_login
- source: community/modules/scheduler/schedmd-slurm-gcp-v6-login
- use: [network1]
- settings:
- machine_type: n2-standard-4
- enable_login_public_ips: true
-
- - id: slurm_controller
- source: community/modules/scheduler/schedmd-slurm-gcp-v6-controller
- use:
- - network1
- - compute_partition
- - slurm_login
- settings:
- login_startup_script: $(login-setup.startup_script)
- login_startup_scripts_timeout: 21600
- enable_controller_public_ips: true
diff --git a/examples/README.md b/examples/README.md
index 53a84d1a08..29db27df94 100644
--- a/examples/README.md
+++ b/examples/README.md
@@ -28,7 +28,7 @@ md_toc github examples/README.md | sed -e "s/\s-\s/ * /"
* [ml-slurm-v5-legacy.yaml](#ml-slurm-v5-legacyyaml--) ![core-badge] ![deprecated-badge]
* [ml-slurm.yaml](#ml-slurmyaml-) ![core-badge]
* [image-builder-v5-legacy.yaml](#image-builder-v5-legacyyaml--) ![core-badge] ![deprecated-badge]
- * [image-builder.yaml](#image-builderyaml--) ![core-badge]
+ * [image-builder.yaml](#image-builderyaml-) ![core-badge]
* [serverless-batch.yaml](#serverless-batchyaml-) ![core-badge]
* [serverless-batch-mpi.yaml](#serverless-batch-mpiyaml-) ![core-badge]
* [pfs-lustre.yaml](#pfs-lustreyaml-) ![core-badge]
@@ -1518,6 +1518,30 @@ cleaned up when the job is deleted.
[storage-gke.yaml]: ../examples/storage-gke.yaml
+### [gke-managed-parallelstore.yaml] ![core-badge] ![experimental-badge]
+
+This blueprint shows how to use managed parallelstore storage options with GKE in the toolkit.
+
+The blueprint contains the following:
+
+* A K8s Job that uses a managed parallelstore storage volume option.
+* A K8s Job that demonstrates ML training workload with managed parallelstore storage disk operation.
+
+> **Warning**: In this example blueprint, when storage type `Parallelstore` is specified in `gke-storage` module.
+> The lifecycle of the parallelstore is managed by the blueprint.
+> On glcuster destroy operation, the Parallelstore storage created will also be destroyed.
+>
+> [!Note]
+> The Kubernetes API server will only allow requests from authorized networks.
+> The `gke-cluster` module needs access to the Kubernetes API server
+> to create a Persistent Volume and a Persistent Volume Claim. **You must use
+> the `authorized_cidr` variable to supply an authorized network which contains
+> the IP address of the machine deploying the blueprint, for example
+> `--vars authorized_cidr=/32`.** You can use a service like
+> [whatismyip.com](https://whatismyip.com) to determine your IP address.
+
+[gke-managed-parallelstore.yaml]: ../examples/gke-managed-parallelstore.yaml
+
### [gke-a3-megagpu.yaml] ![core-badge] ![experimental-badge]
This blueprint shows how to provision a GKE cluster with A3 Mega machines in the toolkit.
diff --git a/examples/gke-a3-highgpu.yaml b/examples/gke-a3-highgpu.yaml
index 25d0d992e2..a5df211900 100644
--- a/examples/gke-a3-highgpu.yaml
+++ b/examples/gke-a3-highgpu.yaml
@@ -21,11 +21,9 @@ vars:
deployment_name: gke-a3-highgpu
region: us-central1
zone: us-central1-c
-
# Cidr block containing the IP of the machine calling terraform.
# The following line must be updated for this example to work.
authorized_cidr: /32
-
gcp_public_cidrs_access_enabled: false
deployment_groups:
@@ -34,10 +32,11 @@ deployment_groups:
- id: network1
source: modules/network/vpc
settings:
- subnetwork_name: gke-subnet-a3-highgpu
+ subnetwork_name: $(vars.deployment_name)-subnet
mtu: 8244
- secondary_ranges:
- gke-subnet-a3-highgpu:
+ secondary_ranges_list:
+ - subnetwork_name: $(vars.deployment_name)-subnet
+ ranges:
- range_name: pods
ip_cidr_range: 10.4.0.0/14
- range_name: services
diff --git a/examples/gke-a3-megagpu.yaml b/examples/gke-a3-megagpu.yaml
index 96c0671293..e4ebbe0de5 100644
--- a/examples/gke-a3-megagpu.yaml
+++ b/examples/gke-a3-megagpu.yaml
@@ -21,11 +21,9 @@ vars:
deployment_name: gke-a3-mega
region: us-central1
zone: us-central1-c
-
# Cidr block containing the IP of the machine calling terraform.
# The following line must be updated for this example to work.
authorized_cidr: /32
-
gcp_public_cidrs_access_enabled: false
deployment_groups:
@@ -34,10 +32,11 @@ deployment_groups:
- id: network1
source: modules/network/vpc
settings:
- subnetwork_name: gke-subnet-a3-mega
+ subnetwork_name: $(vars.deployment_name)-subnet
mtu: 8244
- secondary_ranges:
- gke-subnet-a3-mega:
+ secondary_ranges_list:
+ - subnetwork_name: $(vars.deployment_name)-subnet
+ ranges:
- range_name: pods
ip_cidr_range: 10.4.0.0/14
- range_name: services
diff --git a/examples/gke-storage-parallelstore.yaml b/examples/gke-managed-parallelstore.yaml
similarity index 95%
rename from examples/gke-storage-parallelstore.yaml
rename to examples/gke-managed-parallelstore.yaml
index 05b9766381..4425f13181 100644
--- a/examples/gke-storage-parallelstore.yaml
+++ b/examples/gke-managed-parallelstore.yaml
@@ -12,17 +12,15 @@
# See the License for the specific language governing permissions and
# limitations under the License.
---
-blueprint_name: gke-storage-parallelstore
+blueprint_name: gke-managed-parallelstore
vars:
project_id: ## Set GCP Project ID Here ##
- deployment_name: gke-storage-parallelstore
+ deployment_name: gke-storage-managed-ps
region: us-central1
zone: us-central1-c
-
# Cidr block containing the IP of the machine calling terraform.
# The following line must be updated for this example to work.
authorized_cidr: /32
-
gcp_public_cidrs_access_enabled: false
deployment_groups:
@@ -31,9 +29,10 @@ deployment_groups:
- id: network
source: modules/network/vpc
settings:
- subnetwork_name: gke-subnet-parallelstore
- secondary_ranges:
- gke-subnet-parallelstore:
+ subnetwork_name: $(vars.deployment_name)-subnet
+ secondary_ranges_list:
+ - subnetwork_name: $(vars.deployment_name)-subnet
+ ranges:
- range_name: pods
ip_cidr_range: 10.4.0.0/14
- range_name: services
diff --git a/examples/hpc-gke.yaml b/examples/hpc-gke.yaml
index 60f4f57ce8..160f842bb2 100644
--- a/examples/hpc-gke.yaml
+++ b/examples/hpc-gke.yaml
@@ -28,9 +28,10 @@ deployment_groups:
- id: network1
source: modules/network/vpc
settings:
- subnetwork_name: gke-subnet
- secondary_ranges:
- gke-subnet:
+ subnetwork_name: $(vars.deployment_name)-subnet
+ secondary_ranges_list:
+ - subnetwork_name: $(vars.deployment_name)-subnet
+ ranges:
- range_name: pods
ip_cidr_range: 10.4.0.0/14
- range_name: services
@@ -39,7 +40,7 @@ deployment_groups:
- id: gke_service_account
source: community/modules/project/service-account
settings:
- name: gke-service-account
+ name: gke-sa
project_roles:
- logging.logWriter
- monitoring.metricWriter
diff --git a/examples/ml-gke.yaml b/examples/ml-gke.yaml
index 053a5dcedc..9ae10780bd 100644
--- a/examples/ml-gke.yaml
+++ b/examples/ml-gke.yaml
@@ -21,11 +21,9 @@ vars:
region: asia-southeast1
zones:
- asia-southeast1-b # g2 machine has better availability in this zone
-
# Cidr block containing the IP of the machine calling terraform.
# The following line must be updated for this example to work.
authorized_cidr: /32
-
gcp_public_cidrs_access_enabled: false
deployment_groups:
@@ -34,9 +32,10 @@ deployment_groups:
- id: network1
source: modules/network/vpc
settings:
- subnetwork_name: gke-subnet
- secondary_ranges:
- gke-subnet:
+ subnetwork_name: $(vars.deployment_name)-subnet
+ secondary_ranges_list:
+ - subnetwork_name: $(vars.deployment_name)-subnet
+ ranges:
- range_name: pods
ip_cidr_range: 10.4.0.0/14
- range_name: services
diff --git a/examples/storage-gke.yaml b/examples/storage-gke.yaml
index 108392cd18..faa587b046 100644
--- a/examples/storage-gke.yaml
+++ b/examples/storage-gke.yaml
@@ -19,11 +19,9 @@ vars:
deployment_name: storage-gke-01
region: us-central1
zone: us-central1-c
-
# Cidr block containing the IP of the machine calling terraform.
# The following line must be updated for this example to work.
authorized_cidr: /32
-
gcp_public_cidrs_access_enabled: false
deployment_groups:
@@ -32,9 +30,10 @@ deployment_groups:
- id: network1
source: modules/network/vpc
settings:
- subnetwork_name: gke-subnet
- secondary_ranges:
- gke-subnet:
+ subnetwork_name: $(vars.deployment_name)-subnet
+ secondary_ranges_list:
+ - subnetwork_name: $(vars.deployment_name)-subnet
+ ranges:
- range_name: pods
ip_cidr_range: 10.4.0.0/14
- range_name: services
diff --git a/go.mod b/go.mod
index 012b792751..61a5f523e6 100644
--- a/go.mod
+++ b/go.mod
@@ -7,13 +7,13 @@ require (
github.com/go-git/go-git/v5 v5.12.0
github.com/hashicorp/go-getter v1.7.6
github.com/hashicorp/hcl v1.0.0 // indirect
- github.com/hashicorp/hcl/v2 v2.22.0
+ github.com/hashicorp/hcl/v2 v2.23.0
github.com/hashicorp/terraform-config-inspect v0.0.0-20230925220900-5a6f8d18746d
github.com/otiai10/copy v1.14.0
github.com/pkg/errors v0.9.1
github.com/spf13/afero v1.11.0
github.com/spf13/cobra v1.8.1
- github.com/zclconf/go-cty v1.15.0
+ github.com/zclconf/go-cty v1.15.1
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 // indirect
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
@@ -98,7 +98,7 @@ require (
golang.org/x/crypto v0.25.0 // indirect
golang.org/x/net v0.27.0 // indirect
golang.org/x/oauth2 v0.21.0 // indirect
- golang.org/x/sys v0.26.0
+ golang.org/x/sys v0.27.0
golang.org/x/text v0.16.0 // indirect
google.golang.org/grpc v1.64.1 // indirect
google.golang.org/protobuf v1.34.2 // indirect
diff --git a/go.sum b/go.sum
index 3d4849db05..1e4a67b6ba 100644
--- a/go.sum
+++ b/go.sum
@@ -391,8 +391,8 @@ github.com/hashicorp/hc-install v0.6.4 h1:QLqlM56/+SIIGvGcfFiwMY3z5WGXT066suo/v9
github.com/hashicorp/hc-install v0.6.4/go.mod h1:05LWLy8TD842OtgcfBbOT0WMoInBMUSHjmDx10zuBIA=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/hashicorp/hcl/v2 v2.22.0 h1:hkZ3nCtqeJsDhPRFz5EA9iwcG1hNWGePOTw6oyul12M=
-github.com/hashicorp/hcl/v2 v2.22.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA=
+github.com/hashicorp/hcl/v2 v2.23.0 h1:Fphj1/gCylPxHutVSEOf2fBOh1VE4AuLV7+kbJf3qos=
+github.com/hashicorp/hcl/v2 v2.23.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA=
github.com/hashicorp/terraform-config-inspect v0.0.0-20230925220900-5a6f8d18746d h1:g6kHlvZrFPFKeWRj5q/zyJA5gu7rlJGPf17h8hX7LHY=
github.com/hashicorp/terraform-config-inspect v0.0.0-20230925220900-5a6f8d18746d/go.mod h1:l8HcFPm9cQh6Q0KSWoYPiePqMvRFenybP1CH2MjKdlg=
github.com/hashicorp/terraform-exec v0.21.0 h1:uNkLAe95ey5Uux6KJdua6+cv8asgILFVWkd/RG0D2XQ=
@@ -496,8 +496,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ=
-github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
+github.com/zclconf/go-cty v1.15.1 h1:RgQYm4j2EvoBRXOPxhUvxPzRrGDo1eCOhHXuGfrj5S0=
+github.com/zclconf/go-cty v1.15.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo=
github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -732,8 +732,8 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
diff --git a/modules/compute/gke-job-template/README.md b/modules/compute/gke-job-template/README.md
index f2a50de63b..52f78260c8 100644
--- a/modules/compute/gke-job-template/README.md
+++ b/modules/compute/gke-job-template/README.md
@@ -100,6 +100,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [allocatable\_cpu\_per\_node](#input\_allocatable\_cpu\_per\_node) | The allocatable cpu per node. Used to claim whole nodes. Generally populated from gke-node-pool via `use` field. | `list(number)` | [
-1
]
| no |
+| [allocatable\_gpu\_per\_node](#input\_allocatable\_gpu\_per\_node) | The allocatable gpu per node. Used to claim whole nodes. Generally populated from gke-node-pool via `use` field. | `list(number)` | [
-1
]
| no |
| [backoff\_limit](#input\_backoff\_limit) | Controls the number of retries before considering a Job as failed. Set to zero for shared fate. | `number` | `0` | no |
| [command](#input\_command) | The command and arguments for the container that run in the Pod. The command field corresponds to entrypoint in some container runtimes. | `list(string)` | [
"hostname"
]
| no |
| [completion\_mode](#input\_completion\_mode) | Sets value of `completionMode` on the job. Default uses indexed jobs. See [documentation](https://kubernetes.io/blog/2021/04/19/introducing-indexed-jobs/) for more information | `string` | `"Indexed"` | no |
@@ -116,6 +117,7 @@ No modules.
| [persistent\_volume\_claims](#input\_persistent\_volume\_claims) | A list of objects that describes a k8s PVC that is to be used and mounted on the job. Generally supplied by the gke-persistent-volume module. | list(object({
name = string
mount_path = string
mount_options = string
is_gcs = bool
})) | `[]` | no |
| [random\_name\_sufix](#input\_random\_name\_sufix) | Appends a random suffix to the job name to avoid clashes. | `bool` | `true` | no |
| [requested\_cpu\_per\_pod](#input\_requested\_cpu\_per\_pod) | The requested cpu per pod. If null, allocatable\_cpu\_per\_node will be used to claim whole nodes. If provided will override allocatable\_cpu\_per\_node. | `number` | `-1` | no |
+| [requested\_gpu\_per\_pod](#input\_requested\_gpu\_per\_pod) | The requested gpu per pod. If null, allocatable\_gpu\_per\_node will be used to claim whole nodes. If provided will override allocatable\_gpu\_per\_node. | `number` | `-1` | no |
| [restart\_policy](#input\_restart\_policy) | Job restart policy. Only a RestartPolicy equal to `Never` or `OnFailure` is allowed. | `string` | `"Never"` | no |
| [security\_context](#input\_security\_context) | The security options the container should be run with. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ | list(object({
key = string
value = string
})) | `[]` | no |
| [tolerations](#input\_tolerations) | Tolerations allow the scheduler to schedule pods with matching taints. Generally populated from gke-node-pool via `use` field. | list(object({
key = string
operator = string
value = string
effect = string
})) | [
{
"effect": "NoSchedule",
"key": "user-workload",
"operator": "Equal",
"value": "true"
}
]
| no |
diff --git a/modules/compute/gke-job-template/main.tf b/modules/compute/gke-job-template/main.tf
index 2e21c7c394..31143b5e65 100644
--- a/modules/compute/gke-job-template/main.tf
+++ b/modules/compute/gke-job-template/main.tf
@@ -61,9 +61,11 @@ locals {
value = "true"
}] : []
- # arbitrarily, user can edit in template.
- # May come from node pool in future.
- gpu_limit_string = alltrue(var.has_gpu) ? "1" : null
+ # Setup limit for GPUs per pod
+ min_allocatable_gpu = min(var.allocatable_gpu_per_node...)
+ min_allocatable_gpu_per_pod = local.min_allocatable_gpu > 0 ? local.min_allocatable_gpu : null
+ gpu_limit_per_pod = var.requested_gpu_per_pod > 0 ? var.requested_gpu_per_pod : local.min_allocatable_gpu_per_pod
+ gpu_limit_string = alltrue(var.has_gpu) ? tostring(local.gpu_limit_per_pod) : null
empty_dir_volumes = [for ed in var.ephemeral_volumes :
{
diff --git a/modules/compute/gke-job-template/variables.tf b/modules/compute/gke-job-template/variables.tf
index 6a37c344c1..2b403fac3c 100644
--- a/modules/compute/gke-job-template/variables.tf
+++ b/modules/compute/gke-job-template/variables.tf
@@ -74,6 +74,18 @@ variable "requested_cpu_per_pod" {
default = -1
}
+variable "allocatable_gpu_per_node" {
+ description = "The allocatable gpu per node. Used to claim whole nodes. Generally populated from gke-node-pool via `use` field."
+ type = list(number)
+ default = [-1]
+}
+
+variable "requested_gpu_per_pod" {
+ description = "The requested gpu per pod. If null, allocatable_gpu_per_node will be used to claim whole nodes. If provided will override allocatable_gpu_per_node."
+ type = number
+ default = -1
+}
+
variable "tolerations" {
description = "Tolerations allow the scheduler to schedule pods with matching taints. Generally populated from gke-node-pool via `use` field."
type = list(object({
diff --git a/modules/compute/gke-node-pool/README.md b/modules/compute/gke-node-pool/README.md
index 72c9beb527..d2715ff652 100644
--- a/modules/compute/gke-node-pool/README.md
+++ b/modules/compute/gke-node-pool/README.md
@@ -338,6 +338,7 @@ limitations under the License.
| [placement\_policy](#input\_placement\_policy) | Group placement policy to use for the node pool's nodes. `COMPACT` is the only supported value for `type` currently. `name` is the name of the placement policy.
It is assumed that the specified policy exists. To create a placement policy refer to https://cloud.google.com/sdk/gcloud/reference/compute/resource-policies/create/group-placement.
Note: Placement policies have the [following](https://cloud.google.com/compute/docs/instances/placement-policies-overview#restrictions-compact-policies) restrictions. | object({
type = string
name = optional(string)
}) | {
"name": null,
"type": null
} | no |
| [project\_id](#input\_project\_id) | The project ID to host the cluster in. | `string` | n/a | yes |
| [reservation\_affinity](#input\_reservation\_affinity) | Reservation resource to consume. When targeting SPECIFIC\_RESERVATION, specific\_reservations needs be specified.
Even though specific\_reservations is a list, only one reservation is allowed by the NodePool API.
It is assumed that the specified reservation exists and has available capacity.
For a shared reservation, specify the project\_id as well in which it was created.
To create a reservation refer to https://cloud.google.com/compute/docs/instances/reservations-single-project and https://cloud.google.com/compute/docs/instances/reservations-shared | object({
consume_reservation_type = string
specific_reservations = optional(list(object({
name = string
project = optional(string)
})))
}) | {
"consume_reservation_type": "NO_RESERVATION",
"specific_reservations": []
} | no |
+| [run\_workload\_script](#input\_run\_workload\_script) | Whether execute the script to create a sample workload and inject rxdm sidecar into workload. Currently, implemented for A3-Highgpu and A3-Megagpu only. | `bool` | `true` | no |
| [service\_account](#input\_service\_account) | DEPRECATED: use service\_account\_email and scopes. | object({
email = string,
scopes = set(string)
}) | `null` | no |
| [service\_account\_email](#input\_service\_account\_email) | Service account e-mail address to use with the node pool | `string` | `null` | no |
| [service\_account\_scopes](#input\_service\_account\_scopes) | Scopes to to use with the node pool. | `set(string)` | [
"https://www.googleapis.com/auth/cloud-platform"
]
| no |
@@ -349,6 +350,7 @@ limitations under the License.
| [timeout\_update](#input\_timeout\_update) | Timeout for updating a node pool | `string` | `null` | no |
| [total\_max\_nodes](#input\_total\_max\_nodes) | DEPRECATED: Use autoscaling\_total\_max\_nodes. | `number` | `null` | no |
| [total\_min\_nodes](#input\_total\_min\_nodes) | DEPRECATED: Use autoscaling\_total\_min\_nodes. | `number` | `null` | no |
+| [upgrade\_settings](#input\_upgrade\_settings) | Defines node pool upgrade settings. It is highly recommended that you define all max\_surge and max\_unavailable.
If max\_surge is not specified, it would be set to a default value of 0.
If max\_unavailable is not specified, it would be set to a default value of 1. | object({
strategy = string
max_surge = optional(number)
max_unavailable = optional(number)
}) | {
"max_surge": 0,
"max_unavailable": 1,
"strategy": "SURGE"
} | no |
| [zones](#input\_zones) | A list of zones to be used. Zones must be in region of cluster. If null, cluster zones will be inherited. Note `zones` not `zone`; does not work with `zone` deployment variable. | `list(string)` | `null` | no |
## Outputs
@@ -356,6 +358,7 @@ limitations under the License.
| Name | Description |
|------|-------------|
| [allocatable\_cpu\_per\_node](#output\_allocatable\_cpu\_per\_node) | Number of CPUs available for scheduling pods on each node. |
+| [allocatable\_gpu\_per\_node](#output\_allocatable\_gpu\_per\_node) | Number of GPUs available for scheduling pods on each node. |
| [has\_gpu](#output\_has\_gpu) | Boolean value indicating whether nodes in the pool are configured with GPUs. |
| [instructions](#output\_instructions) | Instructions for submitting the sample GPUDirect enabled job. |
| [node\_pool\_name](#output\_node\_pool\_name) | Name of the node pool. |
diff --git a/modules/compute/gke-node-pool/disk_definitions.tf b/modules/compute/gke-node-pool/disk_definitions.tf
index 3afefa9354..3d250ef768 100644
--- a/modules/compute/gke-node-pool/disk_definitions.tf
+++ b/modules/compute/gke-node-pool/disk_definitions.tf
@@ -22,9 +22,9 @@
locals {
local_ssd_machines = {
- "a3-highgpu-8g" = { local_ssd_count_ephemeral_storage = null, local_ssd_count_nvme_block = 16 },
- "a3-megagpu-8g" = { local_ssd_count_ephemeral_storage = null, local_ssd_count_nvme_block = 16 },
- "a3-ultragpu-8g" = { local_ssd_count_ephemeral_storage = null, local_ssd_count_nvme_block = 32 },
+ "a3-highgpu-8g" = { local_ssd_count_ephemeral_storage = 16, local_ssd_count_nvme_block = null },
+ "a3-megagpu-8g" = { local_ssd_count_ephemeral_storage = 16, local_ssd_count_nvme_block = null },
+ "a3-ultragpu-8g" = { local_ssd_count_ephemeral_storage = 32, local_ssd_count_nvme_block = null },
}
generated_local_ssd_config = lookup(local.local_ssd_machines, var.machine_type, { local_ssd_count_ephemeral_storage = null, local_ssd_count_nvme_block = null })
diff --git a/modules/compute/gke-node-pool/gpu_direct.tf b/modules/compute/gke-node-pool/gpu_direct.tf
index 00dd298971..9403ea34fc 100644
--- a/modules/compute/gke-node-pool/gpu_direct.tf
+++ b/modules/compute/gke-node-pool/gpu_direct.tf
@@ -53,6 +53,7 @@ locals {
"1.28" = "1.28.9-gke.1250000"
"1.29" = "1.29.4-gke.1542000"
"1.30" = "1.30.4-gke.1129000"
+ "1.31" = "1.31.1-gke.2008000"
}
}
}
diff --git a/modules/compute/gke-node-pool/main.tf b/modules/compute/gke-node-pool/main.tf
index e971af24dc..f1999cbd0b 100644
--- a/modules/compute/gke-node-pool/main.tf
+++ b/modules/compute/gke-node-pool/main.tf
@@ -20,7 +20,16 @@ locals {
}
locals {
- has_gpu = length(local.guest_accelerator) > 0
+ upgrade_settings = {
+ strategy = var.upgrade_settings.strategy
+ max_surge = coalesce(var.upgrade_settings.max_surge, 0)
+ max_unavailable = coalesce(var.upgrade_settings.max_unavailable, 1)
+ }
+}
+
+locals {
+ has_gpu = length(local.guest_accelerator) > 0
+ allocatable_gpu_per_node = local.has_gpu ? max(local.guest_accelerator[*].count...) : -1
gpu_taint = local.has_gpu ? [{
key = "nvidia.com/gpu"
value = "present"
@@ -74,9 +83,9 @@ resource "google_container_node_pool" "node_pool" {
}
upgrade_settings {
- strategy = "SURGE"
- max_surge = 0
- max_unavailable = 1
+ strategy = local.upgrade_settings.strategy
+ max_surge = local.upgrade_settings.max_surge
+ max_unavailable = local.upgrade_settings.max_unavailable
}
dynamic "placement_policy" {
@@ -282,12 +291,33 @@ resource "google_container_node_pool" "node_pool" {
)
error_message = "Shared extended reservations are not supported by GKE."
}
+ precondition {
+ condition = contains(["SURGE"], local.upgrade_settings.strategy)
+ error_message = "Only SURGE strategy is supported"
+ }
+ precondition {
+ condition = local.upgrade_settings.max_unavailable >= 0
+ error_message = "max_unavailable should be set to 0 or greater"
+ }
+ precondition {
+ condition = local.upgrade_settings.max_surge >= 0
+ error_message = "max_surge should be set to 0 or greater"
+ }
+ precondition {
+ condition = local.upgrade_settings.max_unavailable > 0 || local.upgrade_settings.max_surge > 0
+ error_message = "At least one of max_unavailable or max_surge must greater than 0"
+ }
}
}
+locals {
+ supported_machine_types_for_install_dependencies = ["a3-highgpu-8g", "a3-megagpu-8g"]
+}
+
resource "null_resource" "install_dependencies" {
+ count = var.run_workload_script && contains(local.supported_machine_types_for_install_dependencies, var.machine_type) ? 1 : 0
provisioner "local-exec" {
- command = "pip3 install pyyaml argparse"
+ command = "pip3 install pyyaml"
}
}
@@ -297,7 +327,7 @@ locals {
# execute script to inject rxdm sidecar into workload to enable tcpx for a3-highgpu-8g VM workload
resource "null_resource" "enable_tcpx_in_workload" {
- count = var.machine_type == "a3-highgpu-8g" ? 1 : 0
+ count = var.run_workload_script && var.machine_type == "a3-highgpu-8g" ? 1 : 0
triggers = {
always_run = timestamp()
}
@@ -310,7 +340,7 @@ resource "null_resource" "enable_tcpx_in_workload" {
# execute script to inject rxdm sidecar into workload to enable tcpxo for a3-megagpu-8g VM workload
resource "null_resource" "enable_tcpxo_in_workload" {
- count = var.machine_type == "a3-megagpu-8g" ? 1 : 0
+ count = var.run_workload_script && var.machine_type == "a3-megagpu-8g" ? 1 : 0
triggers = {
always_run = timestamp()
}
diff --git a/modules/compute/gke-node-pool/outputs.tf b/modules/compute/gke-node-pool/outputs.tf
index 6d309502b1..2bcf947983 100644
--- a/modules/compute/gke-node-pool/outputs.tf
+++ b/modules/compute/gke-node-pool/outputs.tf
@@ -45,6 +45,11 @@ output "has_gpu" {
value = local.has_gpu
}
+output "allocatable_gpu_per_node" {
+ description = "Number of GPUs available for scheduling pods on each node."
+ value = local.allocatable_gpu_per_node
+}
+
locals {
translate_toleration = {
PREFER_NO_SCHEDULE = "PreferNoSchedule"
diff --git a/modules/compute/gke-node-pool/variables.tf b/modules/compute/gke-node-pool/variables.tf
index 5cd9624da8..d3b403b564 100644
--- a/modules/compute/gke-node-pool/variables.tf
+++ b/modules/compute/gke-node-pool/variables.tf
@@ -391,3 +391,27 @@ variable "max_pods_per_node" {
type = number
default = null
}
+
+variable "upgrade_settings" {
+ description = <<-EOT
+ Defines node pool upgrade settings. It is highly recommended that you define all max_surge and max_unavailable.
+ If max_surge is not specified, it would be set to a default value of 0.
+ If max_unavailable is not specified, it would be set to a default value of 1.
+ EOT
+ type = object({
+ strategy = string
+ max_surge = optional(number)
+ max_unavailable = optional(number)
+ })
+ default = {
+ strategy = "SURGE"
+ max_surge = 0
+ max_unavailable = 1
+ }
+}
+
+variable "run_workload_script" {
+ description = "Whether execute the script to create a sample workload and inject rxdm sidecar into workload. Currently, implemented for A3-Highgpu and A3-Megagpu only."
+ type = bool
+ default = true
+}
diff --git a/modules/compute/gke-node-pool/versions.tf b/modules/compute/gke-node-pool/versions.tf
index 7b49320ede..fcbc8e2f94 100644
--- a/modules/compute/gke-node-pool/versions.tf
+++ b/modules/compute/gke-node-pool/versions.tf
@@ -30,6 +30,6 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:gke-node-pool/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:gke-node-pool/v1.44.0"
}
}
diff --git a/modules/compute/vm-instance/README.md b/modules/compute/vm-instance/README.md
index 149f472d68..8fe80e1cdc 100644
--- a/modules/compute/vm-instance/README.md
+++ b/modules/compute/vm-instance/README.md
@@ -170,7 +170,7 @@ limitations under the License.
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3.0 |
| [google](#requirement\_google) | >= 4.73.0 |
-| [google-beta](#requirement\_google-beta) | >= 4.73.0 |
+| [google-beta](#requirement\_google-beta) | >= 6.13.0 |
| [null](#requirement\_null) | >= 3.0 |
## Providers
@@ -178,14 +178,14 @@ limitations under the License.
| Name | Version |
|------|---------|
| [google](#provider\_google) | >= 4.73.0 |
-| [google-beta](#provider\_google-beta) | >= 4.73.0 |
+| [google-beta](#provider\_google-beta) | >= 6.13.0 |
| [null](#provider\_null) | >= 3.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
-| [netstorage\_startup\_script](#module\_netstorage\_startup\_script) | github.com/GoogleCloudPlatform/hpc-toolkit//modules/scripts/startup-script | v1.39.0 |
+| [netstorage\_startup\_script](#module\_netstorage\_startup\_script) | ../../scripts/startup-script | n/a |
## Resources
@@ -231,6 +231,7 @@ limitations under the License.
| [placement\_policy](#input\_placement\_policy) | Control where your VM instances are physically located relative to each other within a zone.
See https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_resource_policy#nested_group_placement_policy | `any` | `null` | no |
| [project\_id](#input\_project\_id) | Project in which the HPC deployment will be created | `string` | n/a | yes |
| [region](#input\_region) | The region to deploy to | `string` | n/a | yes |
+| [reservation\_name](#input\_reservation\_name) | Name of the reservation to use for VM resources, should be in one of the following formats:
- projects/PROJECT\_ID/reservations/RESERVATION\_NAME
- RESERVATION\_NAME
Must be a "SPECIFIC\_RESERVATION"
Set to empty string if using no reservation or automatically-consumed reservations | `string` | `""` | no |
| [service\_account](#input\_service\_account) | DEPRECATED - Use `service_account_email` and `service_account_scopes` instead. | object({
email = string,
scopes = set(string)
}) | `null` | no |
| [service\_account\_email](#input\_service\_account\_email) | Service account e-mail address to use with the node pool | `string` | `null` | no |
| [service\_account\_scopes](#input\_service\_account\_scopes) | Scopes to to use with the node pool. | `set(string)` | [
"https://www.googleapis.com/auth/cloud-platform"
]
| no |
diff --git a/modules/compute/vm-instance/main.tf b/modules/compute/vm-instance/main.tf
index c639f075d6..dcb43fe91a 100644
--- a/modules/compute/vm-instance/main.tf
+++ b/modules/compute/vm-instance/main.tf
@@ -261,6 +261,17 @@ resource "google_compute_instance" "compute_vm" {
}
}
+ dynamic "reservation_affinity" {
+ for_each = var.reservation_name == "" ? [] : [1]
+ content {
+ type = "SPECIFIC_RESERVATION"
+ specific_reservation {
+ key = "compute.googleapis.com/reservation-name"
+ values = [var.reservation_name]
+ }
+ }
+ }
+
metadata = merge(
local.network_storage,
local.startup_script,
diff --git a/modules/compute/vm-instance/startup_from_network_storage.tf b/modules/compute/vm-instance/startup_from_network_storage.tf
index 070b0b8c33..02bc58e4f7 100644
--- a/modules/compute/vm-instance/startup_from_network_storage.tf
+++ b/modules/compute/vm-instance/startup_from_network_storage.tf
@@ -55,7 +55,7 @@ locals {
}
module "netstorage_startup_script" {
- source = "github.com/GoogleCloudPlatform/hpc-toolkit//modules/scripts/startup-script?ref=v1.39.0"
+ source = "../../scripts/startup-script"
labels = local.labels
project_id = var.project_id
diff --git a/modules/compute/vm-instance/variables.tf b/modules/compute/vm-instance/variables.tf
index a874ddf825..1c32348587 100644
--- a/modules/compute/vm-instance/variables.tf
+++ b/modules/compute/vm-instance/variables.tf
@@ -223,9 +223,9 @@ variable "network_interfaces" {
}
validation {
condition = alltrue([
- for ni in var.network_interfaces : ni.nic_type == "GVNIC" || ni.nic_type == "VIRTIO_NET" || ni.nic_type == null
+ for ni in var.network_interfaces : ni.nic_type == "GVNIC" || ni.nic_type == "VIRTIO_NET" || ni.nic_type == "MRDMA" || ni.nic_type == "IRDMA" || ni.nic_type == null
])
- error_message = "In the variable network_interfaces, field \"nic_type\" must be either \"GVNIC\", \"VIRTIO_NET\" or null."
+ error_message = "In the variable network_interfaces, field \"nic_type\" must be \"GVNIC\", \"VIRTIO_NET\", \"MRDMA\", \"IRDMA\", or null."
}
validation {
condition = alltrue([
@@ -409,3 +409,22 @@ variable "allow_automatic_updates" {
default = true
nullable = false
}
+
+variable "reservation_name" {
+ description = <<-EOD
+ Name of the reservation to use for VM resources, should be in one of the following formats:
+ - projects/PROJECT_ID/reservations/RESERVATION_NAME
+ - RESERVATION_NAME
+
+ Must be a "SPECIFIC_RESERVATION"
+ Set to empty string if using no reservation or automatically-consumed reservations
+ EOD
+ type = string
+ default = ""
+ nullable = false
+
+ validation {
+ condition = length(regexall("^((projects/([a-z0-9-]+)/reservations/)?([a-z0-9-]+))?$", var.reservation_name)) > 0
+ error_message = "Reservation name must be either empty or in the format '[projects/PROJECT_ID/reservations/]RESERVATION_NAME', [...] is an optional part."
+ }
+}
diff --git a/modules/compute/vm-instance/versions.tf b/modules/compute/vm-instance/versions.tf
index 74d863de06..e2d709d999 100644
--- a/modules/compute/vm-instance/versions.tf
+++ b/modules/compute/vm-instance/versions.tf
@@ -23,7 +23,7 @@ terraform {
google-beta = {
source = "hashicorp/google-beta"
- version = ">= 4.73.0"
+ version = ">= 6.13.0"
}
null = {
source = "hashicorp/null"
@@ -31,10 +31,10 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:vm-instance/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:vm-instance/v1.44.0"
}
provider_meta "google-beta" {
- module_name = "blueprints/terraform/hpc-toolkit:vm-instance/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:vm-instance/v1.44.0"
}
required_version = ">= 1.3.0"
diff --git a/modules/file-system/filestore/versions.tf b/modules/file-system/filestore/versions.tf
index b747c21184..6a422772a3 100644
--- a/modules/file-system/filestore/versions.tf
+++ b/modules/file-system/filestore/versions.tf
@@ -26,10 +26,10 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:filestore/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:filestore/v1.44.0"
}
provider_meta "google-beta" {
- module_name = "blueprints/terraform/hpc-toolkit:filestore/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:filestore/v1.44.0"
}
required_version = ">= 0.14.0"
diff --git a/modules/file-system/gke-persistent-volume/versions.tf b/modules/file-system/gke-persistent-volume/versions.tf
index 9aa0deab4c..b9e2c1f067 100644
--- a/modules/file-system/gke-persistent-volume/versions.tf
+++ b/modules/file-system/gke-persistent-volume/versions.tf
@@ -29,6 +29,6 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:gke-persistent-volume/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:gke-persistent-volume/v1.44.0"
}
}
diff --git a/modules/file-system/gke-storage/README.md b/modules/file-system/gke-storage/README.md
index 17c718aa37..fc65e76d4d 100644
--- a/modules/file-system/gke-storage/README.md
+++ b/modules/file-system/gke-storage/README.md
@@ -39,7 +39,7 @@ then use them in a `gke-job-template` to dynamically provision the resource.
```
See example
-[gke-storage-parallelstore.yaml](../../../examples/README.md#gke-storage-parallelstoreyaml--) blueprint
+[gke-managed-parallelstore.yaml](../../../examples/README.md#gke-managed-parallelstoreyaml--) blueprint
for a complete example.
### Authorized Network
diff --git a/modules/file-system/gke-storage/versions.tf b/modules/file-system/gke-storage/versions.tf
index b712251894..bfb6a565c3 100644
--- a/modules/file-system/gke-storage/versions.tf
+++ b/modules/file-system/gke-storage/versions.tf
@@ -16,6 +16,6 @@ terraform {
required_version = ">= 1.0"
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:gke-storage/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:gke-storage/v1.44.0"
}
}
diff --git a/modules/file-system/parallelstore/scripts/install-daos-client.sh b/modules/file-system/parallelstore/scripts/install-daos-client.sh
index 5596ce8a2f..22ec324af7 100644
--- a/modules/file-system/parallelstore/scripts/install-daos-client.sh
+++ b/modules/file-system/parallelstore/scripts/install-daos-client.sh
@@ -19,6 +19,15 @@ OS_ID=$(awk -F '=' '/^ID=/ {print $2}' /etc/os-release | sed -e 's/"//g')
OS_VERSION=$(awk -F '=' '/VERSION_ID/ {print $2}' /etc/os-release | sed -e 's/"//g')
OS_VERSION_MAJOR=$(awk -F '=' '/VERSION_ID/ {print $2}' /etc/os-release | sed -e 's/"//g' -e 's/\..*$//')
+if ! {
+ { [[ "${OS_ID}" = "rocky" ]] || [[ "${OS_ID}" = "rhel" ]]; } && { [[ "${OS_VERSION_MAJOR}" = "8" ]] || [[ "${OS_VERSION_MAJOR}" = "9" ]]; } ||
+ { [[ "${OS_ID}" = "ubuntu" ]] && [[ "${OS_VERSION}" = "22.04" ]]; } ||
+ { [[ "${OS_ID}" = "debian" ]] && [[ "${OS_VERSION_MAJOR}" = "12" ]]; }
+}; then
+ echo "Unsupported operating system ${OS_ID} ${OS_VERSION}. This script only supports Rocky Linux 8, Redhat 8, Redhat 9, Ubuntu 22.04, and Debian 12."
+ exit 1
+fi
+
if [ -x /bin/daos ]; then
echo "DAOS already installed"
daos version
@@ -27,29 +36,15 @@ else
# The following commands should be executed on each client vm.
## For Rocky linux 8 / RedHat 8.
if [ "${OS_ID}" = "rocky" ] || [ "${OS_ID}" = "rhel" ]; then
- if [ "${OS_VERSION_MAJOR}" = "8" ]; then
- # 1) Add the Parallelstore package repository
- cat >/etc/yum.repos.d/parallelstore-v2-6-el8.repo </etc/yum.repos.d/parallelstore-v2-6-el9.repo </etc/yum.repos.d/parallelstore-v2-6-el"${OS_VERSION_MAJOR}".repo <<-EOF
+ [parallelstore-v2-6-el${OS_VERSION_MAJOR}]
+ name=Parallelstore EL${OS_VERSION_MAJOR} v2.6
+ baseurl=https://us-central1-yum.pkg.dev/projects/parallelstore-packages/v2-6-el${OS_VERSION_MAJOR}
+ enabled=1
+ repo_gpgcheck=0
+ gpgcheck=0
+ EOF
## TODO: Remove disable automatic update script after issue is fixed.
if [ -x /usr/bin/google_disable_automatic_updates ]; then
@@ -65,19 +60,48 @@ EOF
dnf upgrade -y libfabric
# For Ubuntu 22.04 and debian 12,
- elif { [ "${OS_ID}" = "ubuntu" ] && [ "${OS_VERSION}" = "22.04" ]; } || { [ "${OS_ID}" = "debian" ] && [ "${OS_VERSION_MAJOR}" = "12" ]; }; then
+ elif [[ "${OS_ID}" = "ubuntu" ]] || [[ "${OS_ID}" = "debian" ]]; then
# shellcheck disable=SC2034
DEBIAN_FRONTEND=noninteractive
# 1) Add the Parallelstore package repository
curl -o /etc/apt/trusted.gpg.d/us-central1-apt.pkg.dev.asc https://us-central1-apt.pkg.dev/doc/repo-signing-key.gpg
- echo "deb https://us-central1-apt.pkg.dev/projects/parallelstore-packages v2-6-deb main" >>/etc/apt/sources.list.d/artifact-registry.list
+ echo "deb https://us-central1-apt.pkg.dev/projects/parallelstore-packages v2-6-deb main" >/etc/apt/sources.list.d/artifact-registry.list
apt-get update
# 2) Install daos-client
apt-get install -y daos-client
+ # 3) Create daos_agent.service (comes pre-installed with RedHat)
+ if ! getent passwd daos_agent >/dev/null 2>&1; then
+ useradd daos_agent
+ fi
+ cat >/etc/systemd/system/daos_agent.service <<-EOF
+ [Unit]
+ Description=DAOS Agent
+ StartLimitIntervalSec=60
+ Wants=network-online.target
+ After=network-online.target
+
+ [Service]
+ Type=notify
+ User=daos_agent
+ Group=daos_agent
+ RuntimeDirectory=daos_agent
+ RuntimeDirectoryMode=0755
+ ExecStart=/usr/bin/daos_agent -o /etc/daos/daos_agent.yml
+ StandardOutput=journal
+ StandardError=journal
+ Restart=always
+ RestartSec=10
+ LimitMEMLOCK=infinity
+ LimitCORE=infinity
+ StartLimitBurst=5
+
+ [Install]
+ WantedBy=multi-user.target
+ EOF
else
echo "Unsupported operating system ${OS_ID} ${OS_VERSION}. This script only supports Rocky Linux 8, Redhat 8, Redhat 9, Ubuntu 22.04, and Debian 12."
exit 1
diff --git a/modules/file-system/parallelstore/scripts/mount-daos.sh b/modules/file-system/parallelstore/scripts/mount-daos.sh
index bb64c9a4d3..50ac2b273c 100644
--- a/modules/file-system/parallelstore/scripts/mount-daos.sh
+++ b/modules/file-system/parallelstore/scripts/mount-daos.sh
@@ -19,6 +19,16 @@ OS_ID=$(awk -F '=' '/^ID=/ {print $2}' /etc/os-release | sed -e 's/"//g')
OS_VERSION=$(awk -F '=' '/VERSION_ID/ {print $2}' /etc/os-release | sed -e 's/"//g')
OS_VERSION_MAJOR=$(awk -F '=' '/VERSION_ID/ {print $2}' /etc/os-release | sed -e 's/"//g' -e 's/\..*$//')
+if ! {
+ { [[ "${OS_ID}" = "rocky" ]] || [[ "${OS_ID}" = "rhel" ]]; } && { [[ "${OS_VERSION_MAJOR}" = "8" ]] || [[ "${OS_VERSION_MAJOR}" = "9" ]]; } ||
+ { [[ "${OS_ID}" = "ubuntu" ]] && [[ "${OS_VERSION}" = "22.04" ]]; } ||
+ { [[ "${OS_ID}" = "debian" ]] && [[ "${OS_VERSION_MAJOR}" = "12" ]]; }
+}; then
+ echo "Unsupported operating system ${OS_ID} ${OS_VERSION}. This script only supports Rocky Linux 8, Redhat 8, Redhat 9, Ubuntu 22.04, and Debian 12."
+ exit 1
+
+fi
+
# Parse local_mount, mount_options from argument.
# Format mount-options string to be compatible to dfuse mount command.
# e.g. "disable-wb-cache,eq-count=8" --> --disable-wb-cache --eq-count=8.
@@ -41,23 +51,25 @@ sed -i "s/#.*transport_config/transport_config/g" $daos_config
sed -i "s/#.*allow_insecure:.*false/ allow_insecure: true/g" $daos_config
sed -i "s/.*access_points.*/access_points: $access_points/g" $daos_config
-# Start service
-if { [ "${OS_ID}" = "rocky" ] || [ "${OS_ID}" = "rhel" ]; } && { [ "${OS_VERSION_MAJOR}" = "8" ] || [ "${OS_VERSION_MAJOR}" = "9" ]; }; then
- # TODO: Update script to change default log destination folder, after daos_agent user is supported in debian and ubuntu.
- # Move agent log destination from /tmp/ (default) to /var/log/daos_agent/
- mkdir -p /var/log/daos_agent
- chown daos_agent:daos_agent /var/log/daos_agent
- sed -i "s/#.*log_file:.*/log_file: \/var\/log\/daos_agent\/daos_agent.log/g" $daos_config
- systemctl enable daos_agent.service
- systemctl start daos_agent.service
-elif { [ "${OS_ID}" = "ubuntu" ] && [ "${OS_VERSION}" = "22.04" ]; } || { [ "${OS_ID}" = "debian" ] && [ "${OS_VERSION_MAJOR}" = "12" ]; }; then
- mkdir -p /var/run/daos_agent
- daos_agent -o /etc/daos/daos_agent.yml >/dev/null 2>&1 &
-else
- echo "Unsupported operating system ${OS_ID} ${OS_VERSION}. This script only supports Rocky Linux 8, Redhat 8, Redhat 9, Ubuntu 22.04, and Debian 12."
- exit 1
+# Get names of network interfaces not in first PCI slot
+# The first PCI slot is a standard network adapter while remaining interfaces
+# are typically network cards dedicated to GPU or workload communication
+if [[ "$OS_ID" == "debian" ]]; then
+ extra_interfaces=$(find /sys/class/net/ -not -name 'enp0s*' -regextype posix-extended -regex '.*/enp[0-9]+s.*' -printf '"%f"\n' | paste -s -d ',')
+elif [[ "${OS_ID}" = "rocky" ]] || [[ "${OS_ID}" = "rhel" ]]; then
+ extra_interfaces=$(find /sys/class/net/ -not -name eth0 -regextype posix-extended -regex '.*/eth[0-9]+' -printf '"%f"\n' | paste -s -d ',')
+fi
+
+if [[ -n "$extra_interfaces" ]]; then
+ exclude_fabric_ifaces="\"lo\",$extra_interfaces"
+ sed -i "s/#.*exclude_fabric_ifaces: \[.*/exclude_fabric_ifaces: [$exclude_fabric_ifaces]/" $daos_config
fi
+# reroute logs from /tmp (default) to daos_agent dedicated directory
+mkdir -p /var/log/daos_agent
+chown daos_agent:daos_agent /var/log/daos_agent
+sed -i "s/#.*log_file:.*/log_file: \/var\/log\/daos_agent\/daos_agent.log/g" $daos_config
+
# Mount parallelstore instance to client vm.
mkdir -p "$local_mount"
chmod 777 "$local_mount"
@@ -69,39 +81,38 @@ sed -i "s/#.*user_allow_other/user_allow_other/g" $fuse_config
# make sure limit of open files is high enough for dfuse (1M of open files)
ulimit -n 1048576
-for i in {1..10}; do
- # To parse mount_options as --disable-wb-cache --eq-count=8.
- # shellcheck disable=SC2086
- dfuse -m "$local_mount" --pool default-pool --container default-container --multi-user $mount_options && break
-
- echo "dfuse failed, retrying in 1 seconds (attempt $i/10)..."
- sleep 1
-done
-
-if ! mountpoint -q "$local_mount"; then
- exit 1
-fi
-
-# Store the mounting logic in a variable
-mount_command='for i in {1..10}; do /bin/dfuse -m '$local_mount' --pool default-pool --container default-container --multi-user '$mount_options' --foreground && break; echo \"dfuse, failed, retrying in 1 second (attempt '$i'/10)\"; sleep 1; done'
+# Construct the service name with the local_mount suffix
+safe_mount_name=$(systemd-escape -p "${local_mount}")
+service_name="mount_parallelstore_${safe_mount_name}.service"
# --- Begin: Add systemd service creation ---
-cat >/usr/lib/systemd/system/mount_parallelstore.service </etc/systemd/system/"${service_name}" </etc/yum.repos.d/parallelstore-v2-6-el8.repo </etc/yum.repos.d/parallelstore-v2-6-el9.repo </etc/yum.repos.d/parallelstore-v2-6-el"${OS_VERSION_MAJOR}".repo <<-EOF
+ [parallelstore-v2-6-el${OS_VERSION_MAJOR}]
+ name=Parallelstore EL${OS_VERSION_MAJOR} v2.6
+ baseurl=https://us-central1-yum.pkg.dev/projects/parallelstore-packages/v2-6-el${OS_VERSION_MAJOR}
+ enabled=1
+ repo_gpgcheck=0
+ gpgcheck=0
+ EOF
## TODO: Remove disable automatic update script after issue is fixed.
if [ -x /usr/bin/google_disable_automatic_updates ]; then
@@ -65,19 +60,48 @@ EOF
dnf upgrade -y libfabric
# For Ubuntu 22.04 and debian 12,
- elif { [ "${OS_ID}" = "ubuntu" ] && [ "${OS_VERSION}" = "22.04" ]; } || { [ "${OS_ID}" = "debian" ] && [ "${OS_VERSION_MAJOR}" = "12" ]; }; then
+ elif [[ "${OS_ID}" = "ubuntu" ]] || [[ "${OS_ID}" = "debian" ]]; then
# shellcheck disable=SC2034
DEBIAN_FRONTEND=noninteractive
# 1) Add the Parallelstore package repository
curl -o /etc/apt/trusted.gpg.d/us-central1-apt.pkg.dev.asc https://us-central1-apt.pkg.dev/doc/repo-signing-key.gpg
- echo "deb https://us-central1-apt.pkg.dev/projects/parallelstore-packages v2-6-deb main" >>/etc/apt/sources.list.d/artifact-registry.list
+ echo "deb https://us-central1-apt.pkg.dev/projects/parallelstore-packages v2-6-deb main" >/etc/apt/sources.list.d/artifact-registry.list
apt-get update
# 2) Install daos-client
apt-get install -y daos-client
+ # 3) Create daos_agent.service (comes pre-installed with RedHat)
+ if ! getent passwd daos_agent >/dev/null 2>&1; then
+ useradd daos_agent
+ fi
+ cat >/etc/systemd/system/daos_agent.service <<-EOF
+ [Unit]
+ Description=DAOS Agent
+ StartLimitIntervalSec=60
+ Wants=network-online.target
+ After=network-online.target
+
+ [Service]
+ Type=notify
+ User=daos_agent
+ Group=daos_agent
+ RuntimeDirectory=daos_agent
+ RuntimeDirectoryMode=0755
+ ExecStart=/usr/bin/daos_agent -o /etc/daos/daos_agent.yml
+ StandardOutput=journal
+ StandardError=journal
+ Restart=always
+ RestartSec=10
+ LimitMEMLOCK=infinity
+ LimitCORE=infinity
+ StartLimitBurst=5
+
+ [Install]
+ WantedBy=multi-user.target
+ EOF
else
echo "Unsupported operating system ${OS_ID} ${OS_VERSION}. This script only supports Rocky Linux 8, Redhat 8, Redhat 9, Ubuntu 22.04, and Debian 12."
exit 1
diff --git a/modules/file-system/pre-existing-network-storage/scripts/mount-daos.sh b/modules/file-system/pre-existing-network-storage/scripts/mount-daos.sh
index bb64c9a4d3..50ac2b273c 100644
--- a/modules/file-system/pre-existing-network-storage/scripts/mount-daos.sh
+++ b/modules/file-system/pre-existing-network-storage/scripts/mount-daos.sh
@@ -19,6 +19,16 @@ OS_ID=$(awk -F '=' '/^ID=/ {print $2}' /etc/os-release | sed -e 's/"//g')
OS_VERSION=$(awk -F '=' '/VERSION_ID/ {print $2}' /etc/os-release | sed -e 's/"//g')
OS_VERSION_MAJOR=$(awk -F '=' '/VERSION_ID/ {print $2}' /etc/os-release | sed -e 's/"//g' -e 's/\..*$//')
+if ! {
+ { [[ "${OS_ID}" = "rocky" ]] || [[ "${OS_ID}" = "rhel" ]]; } && { [[ "${OS_VERSION_MAJOR}" = "8" ]] || [[ "${OS_VERSION_MAJOR}" = "9" ]]; } ||
+ { [[ "${OS_ID}" = "ubuntu" ]] && [[ "${OS_VERSION}" = "22.04" ]]; } ||
+ { [[ "${OS_ID}" = "debian" ]] && [[ "${OS_VERSION_MAJOR}" = "12" ]]; }
+}; then
+ echo "Unsupported operating system ${OS_ID} ${OS_VERSION}. This script only supports Rocky Linux 8, Redhat 8, Redhat 9, Ubuntu 22.04, and Debian 12."
+ exit 1
+
+fi
+
# Parse local_mount, mount_options from argument.
# Format mount-options string to be compatible to dfuse mount command.
# e.g. "disable-wb-cache,eq-count=8" --> --disable-wb-cache --eq-count=8.
@@ -41,23 +51,25 @@ sed -i "s/#.*transport_config/transport_config/g" $daos_config
sed -i "s/#.*allow_insecure:.*false/ allow_insecure: true/g" $daos_config
sed -i "s/.*access_points.*/access_points: $access_points/g" $daos_config
-# Start service
-if { [ "${OS_ID}" = "rocky" ] || [ "${OS_ID}" = "rhel" ]; } && { [ "${OS_VERSION_MAJOR}" = "8" ] || [ "${OS_VERSION_MAJOR}" = "9" ]; }; then
- # TODO: Update script to change default log destination folder, after daos_agent user is supported in debian and ubuntu.
- # Move agent log destination from /tmp/ (default) to /var/log/daos_agent/
- mkdir -p /var/log/daos_agent
- chown daos_agent:daos_agent /var/log/daos_agent
- sed -i "s/#.*log_file:.*/log_file: \/var\/log\/daos_agent\/daos_agent.log/g" $daos_config
- systemctl enable daos_agent.service
- systemctl start daos_agent.service
-elif { [ "${OS_ID}" = "ubuntu" ] && [ "${OS_VERSION}" = "22.04" ]; } || { [ "${OS_ID}" = "debian" ] && [ "${OS_VERSION_MAJOR}" = "12" ]; }; then
- mkdir -p /var/run/daos_agent
- daos_agent -o /etc/daos/daos_agent.yml >/dev/null 2>&1 &
-else
- echo "Unsupported operating system ${OS_ID} ${OS_VERSION}. This script only supports Rocky Linux 8, Redhat 8, Redhat 9, Ubuntu 22.04, and Debian 12."
- exit 1
+# Get names of network interfaces not in first PCI slot
+# The first PCI slot is a standard network adapter while remaining interfaces
+# are typically network cards dedicated to GPU or workload communication
+if [[ "$OS_ID" == "debian" ]]; then
+ extra_interfaces=$(find /sys/class/net/ -not -name 'enp0s*' -regextype posix-extended -regex '.*/enp[0-9]+s.*' -printf '"%f"\n' | paste -s -d ',')
+elif [[ "${OS_ID}" = "rocky" ]] || [[ "${OS_ID}" = "rhel" ]]; then
+ extra_interfaces=$(find /sys/class/net/ -not -name eth0 -regextype posix-extended -regex '.*/eth[0-9]+' -printf '"%f"\n' | paste -s -d ',')
+fi
+
+if [[ -n "$extra_interfaces" ]]; then
+ exclude_fabric_ifaces="\"lo\",$extra_interfaces"
+ sed -i "s/#.*exclude_fabric_ifaces: \[.*/exclude_fabric_ifaces: [$exclude_fabric_ifaces]/" $daos_config
fi
+# reroute logs from /tmp (default) to daos_agent dedicated directory
+mkdir -p /var/log/daos_agent
+chown daos_agent:daos_agent /var/log/daos_agent
+sed -i "s/#.*log_file:.*/log_file: \/var\/log\/daos_agent\/daos_agent.log/g" $daos_config
+
# Mount parallelstore instance to client vm.
mkdir -p "$local_mount"
chmod 777 "$local_mount"
@@ -69,39 +81,38 @@ sed -i "s/#.*user_allow_other/user_allow_other/g" $fuse_config
# make sure limit of open files is high enough for dfuse (1M of open files)
ulimit -n 1048576
-for i in {1..10}; do
- # To parse mount_options as --disable-wb-cache --eq-count=8.
- # shellcheck disable=SC2086
- dfuse -m "$local_mount" --pool default-pool --container default-container --multi-user $mount_options && break
-
- echo "dfuse failed, retrying in 1 seconds (attempt $i/10)..."
- sleep 1
-done
-
-if ! mountpoint -q "$local_mount"; then
- exit 1
-fi
-
-# Store the mounting logic in a variable
-mount_command='for i in {1..10}; do /bin/dfuse -m '$local_mount' --pool default-pool --container default-container --multi-user '$mount_options' --foreground && break; echo \"dfuse, failed, retrying in 1 second (attempt '$i'/10)\"; sleep 1; done'
+# Construct the service name with the local_mount suffix
+safe_mount_name=$(systemd-escape -p "${local_mount}")
+service_name="mount_parallelstore_${safe_mount_name}.service"
# --- Begin: Add systemd service creation ---
-cat >/usr/lib/systemd/system/mount_parallelstore.service </etc/systemd/system/"${service_name}" <.
+ properties:
+ jobIndex:
+ description: |-
+ JobIndex is the index of Job which contains the coordinator pod
+ (i.e., for a ReplicatedJob with N replicas, there are Job indexes 0 to N-1).
+ type: integer
+ podIndex:
+ description: PodIndex is the Job completion index of the coordinator pod.
+ type: integer
+ replicatedJob:
+ description: |-
+ ReplicatedJob is the name of the ReplicatedJob which contains
+ the coordinator pod.
+ type: string
+ required:
+ - replicatedJob
+ type: object
+ failurePolicy:
+ description: |-
+ FailurePolicy, if set, configures when to declare the JobSet as
+ failed.
+ The JobSet is always declared failed if any job in the set
+ finished with status failed.
+ properties:
+ maxRestarts:
+ description: |-
+ MaxRestarts defines the limit on the number of JobSet restarts.
+ A restart is achieved by recreating all active child jobs.
+ format: int32
+ type: integer
+ restartStrategy:
+ default: Recreate
+ description: |-
+ RestartStrategy defines the strategy to use when restarting the JobSet.
+ Defaults to Recreate.
+ enum:
+ - Recreate
+ - BlockingRecreate
+ type: string
+ rules:
+ description: |-
+ List of failure policy rules for this JobSet.
+ For a given Job failure, the rules will be evaluated in order,
+ and only the first matching rule will be executed.
+ If no matching rule is found, the RestartJobSet action is applied.
+ items:
+ description: |-
+ FailurePolicyRule defines a FailurePolicyAction to be executed if a child job
+ fails due to a reason listed in OnJobFailureReasons.
+ properties:
+ action:
+ description: The action to take if the rule is matched.
+ enum:
+ - FailJobSet
+ - RestartJobSet
+ - RestartJobSetAndIgnoreMaxRestarts
+ type: string
+ name:
+ description: |-
+ The name of the failure policy rule.
+ The name is defaulted to 'failurePolicyRuleN' where N is the index of the failure policy rule.
+ The name must match the regular expression "^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$".
+ type: string
+ onJobFailureReasons:
+ description: |-
+ The requirement on the job failure reasons. The requirement
+ is satisfied if at least one reason matches the list.
+ The rules are evaluated in order, and the first matching
+ rule is executed.
+ An empty list applies the rule to any job failure reason.
+ items:
+ type: string
+ type: array
+ targetReplicatedJobs:
+ description: |-
+ TargetReplicatedJobs are the names of the replicated jobs the operator applies to.
+ An empty list will apply to all replicatedJobs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - action
+ - name
+ type: object
+ type: array
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ managedBy:
+ description: |-
+ ManagedBy is used to indicate the controller or entity that manages a JobSet.
+ The built-in JobSet controller reconciles JobSets which don't have this
+ field at all or the field value is the reserved string
+ `jobset.sigs.k8s.io/jobset-controller`, but skips reconciling JobSets
+ with a custom value for this field.
+
+ The value must be a valid domain-prefixed path (e.g. acme.io/foo) -
+ all characters before the first "/" must be a valid subdomain as defined
+ by RFC 1123. All characters trailing the first "/" must be valid HTTP Path
+ characters as defined by RFC 3986. The value cannot exceed 63 characters.
+ The field is immutable.
+ type: string
+ network:
+ description: Network defines the networking options for the jobset.
+ properties:
+ enableDNSHostnames:
+ description: |-
+ EnableDNSHostnames allows pods to be reached via their hostnames.
+ Pods will be reachable using the fully qualified pod hostname:
+ ---.
+ type: boolean
+ publishNotReadyAddresses:
+ description: |-
+ Indicates if DNS records of pods should be published before the pods are ready.
+ Defaults to True.
+ type: boolean
+ subdomain:
+ description: |-
+ Subdomain is an explicit choice for a network subdomain name
+ When set, any replicated job in the set is added to this network.
+ Defaults to if not set.
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ replicatedJobs:
+ description: ReplicatedJobs is the group of jobs that will form the set.
+ items:
+ properties:
+ name:
+ description: |-
+ Name is the name of the entry and will be used as a suffix
+ for the Job name.
+ type: string
+ replicas:
+ default: 1
+ description: |-
+ Replicas is the number of jobs that will be created from this ReplicatedJob's template.
+ Jobs names will be in the format: --
+ format: int32
+ type: integer
+ template:
+ description: Template defines the template of the Job that will be created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata of the jobs created from this template.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the job.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ activeDeadlineSeconds:
+ description: |-
+ Specifies the duration in seconds relative to the startTime that the job
+ may be continuously active before the system tries to terminate it; value
+ must be positive integer. If a Job is suspended (at creation or through an
+ update), this timer will effectively be stopped and reset when the Job is
+ resumed again.
+ format: int64
+ type: integer
+ backoffLimit:
+ description: |-
+ Specifies the number of retries before marking this job failed.
+ Defaults to 6
+ format: int32
+ type: integer
+ backoffLimitPerIndex:
+ description: |-
+ Specifies the limit for the number of retries within an
+ index before marking this index as failed. When enabled the number of
+ failures per index is kept in the pod's
+ batch.kubernetes.io/job-index-failure-count annotation. It can only
+ be set when Job's completionMode=Indexed, and the Pod's restart
+ policy is Never. The field is immutable.
+ This field is beta-level. It can be used when the `JobBackoffLimitPerIndex`
+ feature gate is enabled (enabled by default).
+ format: int32
+ type: integer
+ completionMode:
+ description: |-
+ completionMode specifies how Pod completions are tracked. It can be
+ `NonIndexed` (default) or `Indexed`.
+
+ `NonIndexed` means that the Job is considered complete when there have
+ been .spec.completions successfully completed Pods. Each Pod completion is
+ homologous to each other.
+
+ `Indexed` means that the Pods of a
+ Job get an associated completion index from 0 to (.spec.completions - 1),
+ available in the annotation batch.kubernetes.io/job-completion-index.
+ The Job is considered complete when there is one successfully completed Pod
+ for each index.
+ When value is `Indexed`, .spec.completions must be specified and
+ `.spec.parallelism` must be less than or equal to 10^5.
+ In addition, The Pod name takes the form
+ `$(job-name)-$(index)-$(random-string)`,
+ the Pod hostname takes the form `$(job-name)-$(index)`.
+
+ More completion modes can be added in the future.
+ If the Job controller observes a mode that it doesn't recognize, which
+ is possible during upgrades due to version skew, the controller
+ skips updates for the Job.
+ type: string
+ completions:
+ description: |-
+ Specifies the desired number of successfully finished pods the
+ job should be run with. Setting to null means that the success of any
+ pod signals the success of all pods, and allows parallelism to have any positive
+ value. Setting to 1 means that parallelism is limited to 1 and the success of that
+ pod signals the success of the job.
+ More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+ format: int32
+ type: integer
+ managedBy:
+ description: |-
+ ManagedBy field indicates the controller that manages a Job. The k8s Job
+ controller reconciles jobs which don't have this field at all or the field
+ value is the reserved string `kubernetes.io/job-controller`, but skips
+ reconciling Jobs with a custom value for this field.
+ The value must be a valid domain-prefixed path (e.g. acme.io/foo) -
+ all characters before the first "/" must be a valid subdomain as defined
+ by RFC 1123. All characters trailing the first "/" must be valid HTTP Path
+ characters as defined by RFC 3986. The value cannot exceed 63 characters.
+ This field is immutable.
+
+ This field is alpha-level. The job controller accepts setting the field
+ when the feature gate JobManagedBy is enabled (disabled by default).
+ type: string
+ manualSelector:
+ description: |-
+ manualSelector controls generation of pod labels and pod selectors.
+ Leave `manualSelector` unset unless you are certain what you are doing.
+ When false or unset, the system pick labels unique to this job
+ and appends those labels to the pod template. When true,
+ the user is responsible for picking unique labels and specifying
+ the selector. Failure to pick a unique label may cause this
+ and other jobs to not function correctly. However, You may see
+ `manualSelector=true` in jobs that were created with the old `extensions/v1beta1`
+ API.
+ More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
+ type: boolean
+ maxFailedIndexes:
+ description: |-
+ Specifies the maximal number of failed indexes before marking the Job as
+ failed, when backoffLimitPerIndex is set. Once the number of failed
+ indexes exceeds this number the entire Job is marked as Failed and its
+ execution is terminated. When left as null the job continues execution of
+ all of its indexes and is marked with the `Complete` Job condition.
+ It can only be specified when backoffLimitPerIndex is set.
+ It can be null or up to completions. It is required and must be
+ less than or equal to 10^4 when is completions greater than 10^5.
+ This field is beta-level. It can be used when the `JobBackoffLimitPerIndex`
+ feature gate is enabled (enabled by default).
+ format: int32
+ type: integer
+ parallelism:
+ description: |-
+ Specifies the maximum desired number of pods the job should
+ run at any given time. The actual number of pods running in steady state will
+ be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism),
+ i.e. when the work left to do is less than max parallelism.
+ More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+ format: int32
+ type: integer
+ podFailurePolicy:
+ description: |-
+ Specifies the policy of handling failed pods. In particular, it allows to
+ specify the set of actions and conditions which need to be
+ satisfied to take the associated action.
+ If empty, the default behaviour applies - the counter of failed pods,
+ represented by the jobs's .status.failed field, is incremented and it is
+ checked against the backoffLimit. This field cannot be used in combination
+ with restartPolicy=OnFailure.
+ properties:
+ rules:
+ description: |-
+ A list of pod failure policy rules. The rules are evaluated in order.
+ Once a rule matches a Pod failure, the remaining of the rules are ignored.
+ When no rule matches the Pod failure, the default handling applies - the
+ counter of pod failures is incremented and it is checked against
+ the backoffLimit. At most 20 elements are allowed.
+ items:
+ description: |-
+ PodFailurePolicyRule describes how a pod failure is handled when the requirements are met.
+ One of onExitCodes and onPodConditions, but not both, can be used in each rule.
+ properties:
+ action:
+ description: |-
+ Specifies the action taken on a pod failure when the requirements are satisfied.
+ Possible values are:
+
+ - FailJob: indicates that the pod's job is marked as Failed and all
+ running pods are terminated.
+ - FailIndex: indicates that the pod's index is marked as Failed and will
+ not be restarted.
+ This value is beta-level. It can be used when the
+ `JobBackoffLimitPerIndex` feature gate is enabled (enabled by default).
+ - Ignore: indicates that the counter towards the .backoffLimit is not
+ incremented and a replacement pod is created.
+ - Count: indicates that the pod is handled in the default way - the
+ counter towards the .backoffLimit is incremented.
+ Additional values are considered to be added in the future. Clients should
+ react to an unknown action by skipping the rule.
+ type: string
+ onExitCodes:
+ description: Represents the requirement on the container exit codes.
+ properties:
+ containerName:
+ description: |-
+ Restricts the check for exit codes to the container with the
+ specified name. When null, the rule applies to all containers.
+ When specified, it should match one the container or initContainer
+ names in the pod template.
+ type: string
+ operator:
+ description: |-
+ Represents the relationship between the container exit code(s) and the
+ specified values. Containers completed with success (exit code 0) are
+ excluded from the requirement check. Possible values are:
+
+ - In: the requirement is satisfied if at least one container exit code
+ (might be multiple if there are multiple containers not restricted
+ by the 'containerName' field) is in the set of specified values.
+ - NotIn: the requirement is satisfied if at least one container exit code
+ (might be multiple if there are multiple containers not restricted
+ by the 'containerName' field) is not in the set of specified values.
+ Additional values are considered to be added in the future. Clients should
+ react to an unknown operator by assuming the requirement is not satisfied.
+ type: string
+ values:
+ description: |-
+ Specifies the set of values. Each returned container exit code (might be
+ multiple in case of multiple containers) is checked against this set of
+ values with respect to the operator. The list of values must be ordered
+ and must not contain duplicates. Value '0' cannot be used for the In operator.
+ At least one element is required. At most 255 elements are allowed.
+ items:
+ format: int32
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - operator
+ - values
+ type: object
+ onPodConditions:
+ description: |-
+ Represents the requirement on the pod conditions. The requirement is represented
+ as a list of pod condition patterns. The requirement is satisfied if at
+ least one pattern matches an actual pod condition. At most 20 elements are allowed.
+ items:
+ description: |-
+ PodFailurePolicyOnPodConditionsPattern describes a pattern for matching
+ an actual pod condition type.
+ properties:
+ status:
+ description: |-
+ Specifies the required Pod condition status. To match a pod condition
+ it is required that the specified status equals the pod condition status.
+ Defaults to True.
+ type: string
+ type:
+ description: |-
+ Specifies the required Pod condition type. To match a pod condition
+ it is required that specified type equals the pod condition type.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - action
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - rules
+ type: object
+ podReplacementPolicy:
+ description: |-
+ podReplacementPolicy specifies when to create replacement Pods.
+ Possible values are:
+ - TerminatingOrFailed means that we recreate pods
+ when they are terminating (has a metadata.deletionTimestamp) or failed.
+ - Failed means to wait until a previously created Pod is fully terminated (has phase
+ Failed or Succeeded) before creating a replacement Pod.
+
+ When using podFailurePolicy, Failed is the the only allowed value.
+ TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use.
+ This is an beta field. To use this, enable the JobPodReplacementPolicy feature toggle.
+ This is on by default.
+ type: string
+ selector:
+ description: |-
+ A label query over pods that should match the pod count.
+ Normally, the system sets this field for you.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ successPolicy:
+ description: |-
+ successPolicy specifies the policy when the Job can be declared as succeeded.
+ If empty, the default behavior applies - the Job is declared as succeeded
+ only when the number of succeeded pods equals to the completions.
+ When the field is specified, it must be immutable and works only for the Indexed Jobs.
+ Once the Job meets the SuccessPolicy, the lingering pods are terminated.
+
+ This field is beta-level. To use this field, you must enable the
+ `JobSuccessPolicy` feature gate (enabled by default).
+ properties:
+ rules:
+ description: |-
+ rules represents the list of alternative rules for the declaring the Jobs
+ as successful before `.status.succeeded >= .spec.completions`. Once any of the rules are met,
+ the "SucceededCriteriaMet" condition is added, and the lingering pods are removed.
+ The terminal state for such a Job has the "Complete" condition.
+ Additionally, these rules are evaluated in order; Once the Job meets one of the rules,
+ other rules are ignored. At most 20 elements are allowed.
+ items:
+ description: |-
+ SuccessPolicyRule describes rule for declaring a Job as succeeded.
+ Each rule must have at least one of the "succeededIndexes" or "succeededCount" specified.
+ properties:
+ succeededCount:
+ description: |-
+ succeededCount specifies the minimal required size of the actual set of the succeeded indexes
+ for the Job. When succeededCount is used along with succeededIndexes, the check is
+ constrained only to the set of indexes specified by succeededIndexes.
+ For example, given that succeededIndexes is "1-4", succeededCount is "3",
+ and completed indexes are "1", "3", and "5", the Job isn't declared as succeeded
+ because only "1" and "3" indexes are considered in that rules.
+ When this field is null, this doesn't default to any value and
+ is never evaluated at any time.
+ When specified it needs to be a positive integer.
+ format: int32
+ type: integer
+ succeededIndexes:
+ description: |-
+ succeededIndexes specifies the set of indexes
+ which need to be contained in the actual set of the succeeded indexes for the Job.
+ The list of indexes must be within 0 to ".spec.completions-1" and
+ must not contain duplicates. At least one element is required.
+ The indexes are represented as intervals separated by commas.
+ The intervals can be a decimal integer or a pair of decimal integers separated by a hyphen.
+ The number are listed in represented by the first and last element of the series,
+ separated by a hyphen.
+ For example, if the completed indexes are 1, 3, 4, 5 and 7, they are
+ represented as "1,3-5,7".
+ When this field is null, this field doesn't default to any value
+ and is never evaluated at any time.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - rules
+ type: object
+ suspend:
+ description: |-
+ suspend specifies whether the Job controller should create Pods or not. If
+ a Job is created with suspend set to true, no Pods are created by the Job
+ controller. If a Job is suspended after creation (i.e. the flag goes from
+ false to true), the Job controller will delete all active Pods associated
+ with this Job. Users must design their workload to gracefully handle this.
+ Suspending a Job will reset the StartTime field of the Job, effectively
+ resetting the ActiveDeadlineSeconds timer too. Defaults to false.
+ type: boolean
+ template:
+ description: |-
+ Describes the pod that will be created when executing a job.
+ The only allowed template.spec.restartPolicy values are "Never" or "OnFailure".
+ More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the pod.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ activeDeadlineSeconds:
+ description: |-
+ Optional duration in seconds the pod may be active on the node relative to
+ StartTime before the system will actively try to mark it failed and kill associated containers.
+ Value must be a positive integer.
+ format: int64
+ type: integer
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+ type: boolean
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ items:
+ description: A single application container that you want to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default value is Default which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ dnsConfig:
+ description: |-
+ Specifies the DNS parameters of a pod.
+ Parameters specified here will be merged to the generated DNS
+ configuration based on DNSPolicy.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ Duplicated nameservers will be removed.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Duplicated entries will be removed. Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver options of a pod.
+ properties:
+ name:
+ description: Required.
+ type: string
+ value:
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ Duplicated search paths will be removed.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ dnsPolicy:
+ description: |-
+ Set DNS policy for the pod.
+ Defaults to "ClusterFirst".
+ Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+ DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+ To have DNS options set along with hostNetwork, you have to specify DNS policy
+ explicitly to 'ClusterFirstWithHostNet'.
+ type: string
+ enableServiceLinks:
+ description: |-
+ EnableServiceLinks indicates whether information about services should be injected into pod's
+ environment variables, matching the syntax of Docker links.
+ Optional: Defaults to true.
+ type: boolean
+ ephemeralContainers:
+ description: |-
+ List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
+ pod to perform user-initiated actions such as debugging. This list cannot be specified when
+ creating a pod, and it cannot be modified by updating the pod spec. In order to add an
+ ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+ items:
+ description: |-
+ An EphemeralContainer is a temporary container that you may add to an existing Pod for
+ user-initiated activities such as debugging. Ephemeral containers have no resource or
+ scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+ removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+ Pod to exceed its resource allocation.
+
+ To add an ephemeral container, use the ephemeralcontainers subresource of an existing
+ Pod. Ephemeral containers may not be removed or restarted.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: Lifecycle is not allowed for ephemeral containers.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: Probes are not allowed for ephemeral containers.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the ephemeral container specified as a DNS_LABEL.
+ This name must be unique among all containers, init containers and ephemeral containers.
+ type: string
+ ports:
+ description: Ports are not allowed for ephemeral containers.
+ items:
+ description: ContainerPort represents a network port in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: Probes are not allowed for ephemeral containers.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
+ already allocated to the pod.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ Restart policy for the container to manage the restart behavior of each
+ container within a pod.
+ This may only be set for init containers. You cannot set this field on
+ ephemeral containers.
+ type: string
+ securityContext:
+ description: |-
+ Optional: SecurityContext defines the security options the ephemeral container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default value is Default which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: Probes are not allowed for ephemeral containers.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ targetContainerName:
+ description: |-
+ If set, the name of the container from PodSpec that this ephemeral container targets.
+ The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+ If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+ The container runtime must implement support for this feature. If the runtime does not
+ support namespace targeting then the result of setting this field is undefined.
+ type: string
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ hostAliases:
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified.
+ items:
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
+ properties:
+ hostnames:
+ description: Hostnames for the above IP address.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ip:
+ description: IP address of the host file entry.
+ type: string
+ required:
+ - ip
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - ip
+ x-kubernetes-list-type: map
+ hostIPC:
+ description: |-
+ Use the host's ipc namespace.
+ Optional: Default to false.
+ type: boolean
+ hostNetwork:
+ description: |-
+ Host networking requested for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ Default to false.
+ type: boolean
+ hostPID:
+ description: |-
+ Use the host's pid namespace.
+ Optional: Default to false.
+ type: boolean
+ hostUsers:
+ description: |-
+ Use the host's user namespace.
+ Optional: Default to true.
+ If set to true or not present, the pod will be run in the host user namespace, useful
+ for when the pod needs a feature only available to the host user namespace, such as
+ loading a kernel module with CAP_SYS_MODULE.
+ When set to false, a new userns is created for the pod. Setting false is useful for
+ mitigating container breakout vulnerabilities even allowing users to run their
+ containers as root without actually having root privileges on the host.
+ This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+ type: boolean
+ hostname:
+ description: |-
+ Specifies the hostname of the Pod
+ If not specified, the pod's hostname will be set to a system-defined value.
+ type: string
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ initContainers:
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ items:
+ description: A single application container that you want to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default value is Default which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service. Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of the container that the device will be mapped to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ nodeName:
+ description: |-
+ NodeName indicates in which node this pod is scheduled.
+ If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.
+ Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.
+ This field should not be used to express a desire for the pod to be scheduled on a specific node.
+ https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ x-kubernetes-map-type: atomic
+ os:
+ description: |-
+ Specifies the OS of the containers in the pod.
+ Some pod and container fields are restricted if this is set.
+
+ If the OS field is set to linux, the following fields must be unset:
+ -securityContext.windowsOptions
+
+ If the OS field is set to windows, following fields must be unset:
+ - spec.hostPID
+ - spec.hostIPC
+ - spec.hostUsers
+ - spec.securityContext.appArmorProfile
+ - spec.securityContext.seLinuxOptions
+ - spec.securityContext.seccompProfile
+ - spec.securityContext.fsGroup
+ - spec.securityContext.fsGroupChangePolicy
+ - spec.securityContext.sysctls
+ - spec.shareProcessNamespace
+ - spec.securityContext.runAsUser
+ - spec.securityContext.runAsGroup
+ - spec.securityContext.supplementalGroups
+ - spec.securityContext.supplementalGroupsPolicy
+ - spec.containers[*].securityContext.appArmorProfile
+ - spec.containers[*].securityContext.seLinuxOptions
+ - spec.containers[*].securityContext.seccompProfile
+ - spec.containers[*].securityContext.capabilities
+ - spec.containers[*].securityContext.readOnlyRootFilesystem
+ - spec.containers[*].securityContext.privileged
+ - spec.containers[*].securityContext.allowPrivilegeEscalation
+ - spec.containers[*].securityContext.procMount
+ - spec.containers[*].securityContext.runAsUser
+ - spec.containers[*].securityContext.runAsGroup
+ properties:
+ name:
+ description: |-
+ Name is the name of the operating system. The currently supported values are linux and windows.
+ Additional value may be defined in future and can be one of:
+ https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+ Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+ type: string
+ required:
+ - name
+ type: object
+ overhead:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+ This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+ the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+ The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+ set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
+ defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+ type: object
+ preemptionPolicy:
+ description: |-
+ PreemptionPolicy is the Policy for preempting pods with lower priority.
+ One of Never, PreemptLowerPriority.
+ Defaults to PreemptLowerPriority if unset.
+ type: string
+ priority:
+ description: |-
+ The priority value. Various system components use this field to find the
+ priority of the pod. When Priority Admission Controller is enabled, it
+ prevents users from setting this field. The admission controller populates
+ this field from PriorityClassName.
+ The higher the value, the higher the priority.
+ format: int32
+ type: integer
+ priorityClassName:
+ description: |-
+ If specified, indicates the pod's priority. "system-node-critical" and
+ "system-cluster-critical" are two special keywords which indicate the
+ highest priorities with the former being the highest priority. Any other
+ name must be defined by creating a PriorityClass object with that name.
+ If not specified, the pod priority will be default or zero if there is no
+ default.
+ type: string
+ readinessGates:
+ description: |-
+ If specified, all readiness gates will be evaluated for pod readiness.
+ A pod is ready when all its containers are ready AND
+ all conditions specified in the readiness gates have status equal to "True"
+ More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+ items:
+ description: PodReadinessGate contains the reference to a pod condition
+ properties:
+ conditionType:
+ description: ConditionType refers to a condition in the pod's condition list with matching type.
+ type: string
+ required:
+ - conditionType
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resourceClaims:
+ description: |-
+ ResourceClaims defines which ResourceClaims must be allocated
+ and reserved before the Pod is allowed to start. The resources
+ will be made available to those containers which consume them
+ by name.
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable.
+ items:
+ description: |-
+ PodResourceClaim references exactly one ResourceClaim, either directly
+ or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim
+ for the pod.
+
+ It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
+ Containers that need access to the ResourceClaim reference it with this name.
+ properties:
+ name:
+ description: |-
+ Name uniquely identifies this resource claim inside the pod.
+ This must be a DNS_LABEL.
+ type: string
+ resourceClaimName:
+ description: |-
+ ResourceClaimName is the name of a ResourceClaim object in the same
+ namespace as this pod.
+
+ Exactly one of ResourceClaimName and ResourceClaimTemplateName must
+ be set.
+ type: string
+ resourceClaimTemplateName:
+ description: |-
+ ResourceClaimTemplateName is the name of a ResourceClaimTemplate
+ object in the same namespace as this pod.
+
+ The template will be used to create a new ResourceClaim, which will
+ be bound to this pod. When this pod is deleted, the ResourceClaim
+ will also be deleted. The pod name and resource name, along with a
+ generated component, will be used to form a unique name for the
+ ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
+
+ This field is immutable and no changes will be made to the
+ corresponding ResourceClaim by the control plane after creating the
+ ResourceClaim.
+
+ Exactly one of ResourceClaimName and ResourceClaimTemplateName must
+ be set.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ restartPolicy:
+ description: |-
+ Restart policy for all containers within the pod.
+ One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
+ Default to Always.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+ type: string
+ runtimeClassName:
+ description: |-
+ RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+ to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
+ If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+ empty definition that uses the default runtime handler.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+ type: string
+ schedulerName:
+ description: |-
+ If specified, the pod will be dispatched by specified scheduler.
+ If not specified, the pod will be dispatched by default scheduler.
+ type: string
+ schedulingGates:
+ description: |-
+ SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
+ If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
+ scheduler will not attempt to schedule the pod.
+
+ SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+ items:
+ description: PodSchedulingGate is associated to a Pod to guard its scheduling.
+ properties:
+ name:
+ description: |-
+ Name of the scheduling gate.
+ Each scheduling gate must have a unique name field.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ securityContext:
+ description: |-
+ SecurityContext holds pod-level security attributes and common container settings.
+ Optional: Defaults to empty. See type description for default values of each field.
+ properties:
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in
+ addition to the container's primary GID and fsGroup (if specified). If
+ the SupplementalGroupsPolicy feature is enabled, the
+ supplementalGroupsPolicy field determines whether these are in addition
+ to or instead of any group memberships defined in the container image.
+ If unspecified, no additional groups are added, though group memberships
+ defined in the container image may still be used, depending on the
+ supplementalGroupsPolicy field.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: atomic
+ supplementalGroupsPolicy:
+ description: |-
+ Defines how supplemental groups of the first container processes are calculated.
+ Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
+ (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
+ and the container runtime must implement support for this feature.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccount:
+ description: |-
+ DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.
+ Deprecated: Use serviceAccountName instead.
+ type: string
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ type: string
+ setHostnameAsFQDN:
+ description: |-
+ If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+ In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+ In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
+ If a pod does not have FQDN, this has no effect.
+ Default to false.
+ type: boolean
+ shareProcessNamespace:
+ description: |-
+ Share a single process namespace between all of the containers in a pod.
+ When this is set containers will be able to view and signal processes from other containers
+ in the same pod, and the first process in each container will not be assigned PID 1.
+ HostPID and ShareProcessNamespace cannot both be set.
+ Optional: Default to false.
+ type: boolean
+ subdomain:
+ description: |-
+ If specified, the fully qualified Pod hostname will be "...svc.".
+ If not specified, the pod will not have a domainname at all.
+ type: string
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ If this value is nil, the default grace period will be used instead.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ Defaults to 30 seconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ topologySpreadConstraints:
+ description: |-
+ TopologySpreadConstraints describes how a group of pods ought to spread across topology
+ domains. Scheduler will schedule pods in a way which abides by the constraints.
+ All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how to spread matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: |-
+ LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine the number of pods
+ in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select the pods over which
+ spreading will be calculated. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are ANDed with labelSelector
+ to select the group of existing pods over which spreading will be calculated
+ for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ MatchLabelKeys cannot be set when LabelSelector isn't set.
+ Keys that don't exist in the incoming pod labels will
+ be ignored. A null or empty list means only match against labelSelector.
+
+ This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: |-
+ MaxSkew describes the degree to which pods may be unevenly distributed.
+ When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+ between the number of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods in an eligible domain
+ or zero if the number of eligible domains is less than MinDomains.
+ For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+ labelSelector spread as 2/2/1:
+ In this case, the global minimum is 1.
+ | zone1 | zone2 | zone3 |
+ | P P | P P | P |
+ - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
+ scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
+ violate MaxSkew(1).
+ - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
+ When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
+ to topologies that satisfy it.
+ It's a required field. Default value is 1 and 0 is not allowed.
+ format: int32
+ type: integer
+ minDomains:
+ description: |-
+ MinDomains indicates a minimum number of eligible domains.
+ When the number of eligible domains with matching topology keys is less than minDomains,
+ Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+ And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling.
+ As a result, when the number of eligible domains is less than minDomains,
+ scheduler won't schedule more than maxSkew Pods to those domains.
+ If value is nil, the constraint behaves as if MinDomains is equal to 1.
+ Valid values are integers greater than 0.
+ When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
+
+ For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
+ labelSelector spread as 2/2/2:
+ | zone1 | zone2 | zone3 |
+ | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
+ In this situation, new pod with the same labelSelector cannot be scheduled,
+ because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
+ it will violate MaxSkew.
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: |-
+ NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+ when calculating pod topology spread skew. Options are:
+ - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+ - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+ If this value is nil, the behavior is equivalent to the Honor policy.
+ This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ type: string
+ nodeTaintsPolicy:
+ description: |-
+ NodeTaintsPolicy indicates how we will treat node taints when calculating
+ pod topology spread skew. Options are:
+ - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+ has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+
+ If this value is nil, the behavior is equivalent to the Ignore policy.
+ This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ type: string
+ topologyKey:
+ description: |-
+ TopologyKey is the key of node labels. Nodes that have a label with this key
+ and identical values are considered to be in the same topology.
+ We consider each as a "bucket", and try to put balanced number
+ of pods into each bucket.
+ We define a domain as a particular instance of a topology.
+ Also, we define an eligible domain as a domain whose nodes meet the requirements of
+ nodeAffinityPolicy and nodeTaintsPolicy.
+ e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
+ And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
+ It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: |-
+ WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+ the spread constraint.
+ - DoNotSchedule (default) tells the scheduler not to schedule it.
+ - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+ but giving higher precedence to topologies that would help reduce the
+ skew.
+ A constraint is considered "Unsatisfiable" for an incoming pod
+ if and only if every possible node assignment for that pod would violate
+ "MaxSkew" on some topology.
+ For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+ labelSelector spread as 3/1/1:
+ | zone1 | zone2 | zone3 |
+ | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
+ to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
+ MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
+ won't make it *more* imbalanced.
+ It's a required field.
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ items:
+ description: Volume represents a named volume in a pod that may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: boolean
+ volumeID:
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode: None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in the blob storage
+ type: string
+ fsType:
+ default: ext4
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared'
+ type: string
+ readOnly:
+ default: false
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: 'path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /'
+ type: string
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: boolean
+ secretFile:
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ secretRef:
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume file
+ items:
+ description: DownwardAPIVolumeFile represents information to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ emptyDir:
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ properties:
+ medium:
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+
+ Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
+ properties:
+ volumeClaimTemplate:
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes` array
+ entry. Pod validation will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+
+ An existing PVC with that name that is not owned by the pod
+ will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to updated with an
+ owner reference to the pod once the pod exists. Normally
+ this should not be necessary, but it may be useful when
+ manually reconstructing a broken cluster.
+
+ This field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+
+ Required, must not be nil.
+ properties:
+ metadata:
+ description: |-
+ May contain labels and annotations that will be copied into the PVC
+ when creating it. No other fields are allowed and will be rejected during
+ validation.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ The specification for the PersistentVolumeClaim. The entire content is
+ copied unchanged into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ wwids:
+ description: |-
+ wwids Optional: FC volume world wide identifiers (wwids)
+ Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ flexVolume:
+ description: |-
+ flexVolume represents a generic volume resource that is
+ provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to use for this volume.
+ type: string
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds extra command options if any.'
+ type: object
+ readOnly:
+ description: |-
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is Optional: secretRef is reference to the secret object containing
+ sensitive information to pass to the plugin scripts. This may be
+ empty if no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed to the plugin
+ scripts.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
+ properties:
+ datasetName:
+ description: |-
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+ should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: |-
+ gcePersistentDisk represents a GCE Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ format: int32
+ type: integer
+ pdName:
+ description: |-
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: |-
+ gitRepo represents a git repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ into the Pod's container.
+ properties:
+ directory:
+ description: |-
+ directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
+ git repository. Otherwise, if specified, the volume will contain the git repository in
+ the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: |-
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ properties:
+ endpoints:
+ description: |-
+ endpoints is the endpoint name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ path:
+ description: |-
+ path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: |-
+ hostPath represents a pre-existing file or directory on the host
+ machine that is directly exposed to the container. This is generally
+ used for system agents or other privileged things that are allowed
+ to see the host machine. Most containers will NOT need this.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ properties:
+ path:
+ description: |-
+ path of the directory on the host.
+ If the path is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ type:
+ description: |-
+ type for HostPath Volume
+ Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ required:
+ - path
+ type: object
+ image:
+ description: |-
+ image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+ The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+ - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+ - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+ - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+ The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+ A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+ The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+ The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+ The volume will be mounted read-only (ro) and non-executable files (noexec).
+ Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+ The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
+ properties:
+ pullPolicy:
+ description: |-
+ Policy for pulling OCI objects. Possible values are:
+ Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+ Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+ IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ type: string
+ reference:
+ description: |-
+ Required: Image or artifact reference to be used.
+ Behaves in the same way as pod.spec.containers[*].image.
+ Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ type: object
+ iscsi:
+ description: |-
+ iscsi represents an ISCSI Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ type: string
+ initiatorName:
+ description: |-
+ initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+ : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ default: default
+ description: |-
+ iscsiInterface is the interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: |-
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI target and initiator authentication
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: |-
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ nfs:
+ description: |-
+ nfs represents an NFS mount on the host that shares a pod's lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ properties:
+ path:
+ description: |-
+ path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the NFS export to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: boolean
+ server:
+ description: |-
+ server is the hostname or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: |-
+ persistentVolumeClaimVolumeSource represents a reference to a
+ PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ claimName:
+ description: |-
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ type: string
+ readOnly:
+ description: |-
+ readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: |-
+ sources is the list of volume projections. Each entry in this list
+ handles one source.
+ items:
+ description: |-
+ Projection that may be projected along with other supported volume types.
+ Exactly one of these fields must be set.
+ properties:
+ clusterTrustBundle:
+ description: |-
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+ of ClusterTrustBundle objects in an auto-updating file.
+
+ Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+ ClusterTrustBundle objects can either be selected by name, or by the
+ combination of signer name and a label selector.
+
+ Kubelet performs aggressive normalization of the PEM contents written
+ into the pod filesystem. Esoteric PEM features such as inter-block
+ comments and block headers are stripped. Certificates are deduplicated.
+ The ordering of certificates within the file is arbitrary, and Kubelet
+ may change the order over time.
+ properties:
+ labelSelector:
+ description: |-
+ Select all ClusterTrustBundles that match this label selector. Only has
+ effect if signerName is set. Mutually-exclusive with name. If unset,
+ interpreted as "match nothing". If set but empty, interpreted as "match
+ everything".
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ name:
+ description: |-
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
+ with signerName and labelSelector.
+ type: string
+ optional:
+ description: |-
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+ aren't available. If using name, then the named ClusterTrustBundle is
+ allowed not to exist. If using signerName, then the combination of
+ signerName and labelSelector is allowed to match zero
+ ClusterTrustBundles.
+ type: boolean
+ path:
+ description: Relative path from the volume root to write the bundle.
+ type: string
+ signerName:
+ description: |-
+ Select all ClusterTrustBundles that match this signer name.
+ Mutually-exclusive with name. The contents of all selected
+ ClusterTrustBundles will be unified and deduplicated.
+ type: string
+ required:
+ - path
+ type: object
+ configMap:
+ description: configMap information about the configMap data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume file
+ items:
+ description: DownwardAPIVolumeFile represents information to create the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ secret:
+ description: secret information about the secret data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: optional field specify whether the Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+ properties:
+ group:
+ description: |-
+ group to map volume access to
+ Default is no group
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: |-
+ registry represents a single or multiple Quobyte Registry services
+ specified as a string as host:port pair (multiple entries are separated with commas)
+ which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: |-
+ tenant owning the given Quobyte volume in the Backend
+ Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: |-
+ user to map volume access to
+ Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: |-
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ type: string
+ image:
+ description: |-
+ image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ keyring:
+ default: /etc/ceph/keyring
+ description: |-
+ keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ monitors:
+ description: |-
+ monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ pool:
+ default: rbd
+ description: |-
+ pool is the rados pool name.
+ Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is name of the authentication secret for RBDUser. If provided
+ overrides keyring.
+ Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ default: admin
+ description: |-
+ user is the rados user name.
+ Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ default: xfs
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs".
+ Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef references to the secret for ScaleIO user and other
+ sensitive information. If this is not provided, Login operation will fail.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL communication with Gateway, default false
+ type: boolean
+ storageMode:
+ default: ThinProvisioned
+ description: |-
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: |-
+ volumeName is the name of a volume already created in the ScaleIO system
+ that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ optional:
+ description: optional field specify whether the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef specifies the secret to use for obtaining the StorageOS API
+ credentials. If not specified, default values will be attempted.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: |-
+ volumeName is the human-readable name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: |-
+ volumeNamespace specifies the scope of the volume within StorageOS. If no
+ namespace is specified then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces within StorageOS.
+ Namespaces that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - containers
+ type: object
+ type: object
+ ttlSecondsAfterFinished:
+ description: |-
+ ttlSecondsAfterFinished limits the lifetime of a Job that has finished
+ execution (either Complete or Failed). If this field is set,
+ ttlSecondsAfterFinished after the Job finishes, it is eligible to be
+ automatically deleted. When the Job is being deleted, its lifecycle
+ guarantees (e.g. finalizers) will be honored. If this field is unset,
+ the Job won't be automatically deleted. If this field is set to zero,
+ the Job becomes eligible to be deleted immediately after it finishes.
+ format: int32
+ type: integer
+ required:
+ - template
+ type: object
+ type: object
+ required:
+ - name
+ - template
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ startupPolicy:
+ description: StartupPolicy, if set, configures in what order jobs must be started
+ properties:
+ startupPolicyOrder:
+ description: |-
+ StartupPolicyOrder determines the startup order of the ReplicatedJobs.
+ AnyOrder means to start replicated jobs in any order.
+ InOrder means to start them as they are listed in the JobSet. A ReplicatedJob is started only
+ when all the jobs of the previous one are ready.
+ enum:
+ - AnyOrder
+ - InOrder
+ type: string
+ required:
+ - startupPolicyOrder
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ successPolicy:
+ description: |-
+ SuccessPolicy configures when to declare the JobSet as
+ succeeded.
+ The JobSet is always declared succeeded if all jobs in the set
+ finished with status complete.
+ properties:
+ operator:
+ description: Operator determines either All or Any of the selected jobs should succeed to consider the JobSet successful
+ enum:
+ - All
+ - Any
+ type: string
+ targetReplicatedJobs:
+ description: |-
+ TargetReplicatedJobs are the names of the replicated jobs the operator will apply to.
+ A null or empty list will apply to all replicatedJobs.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - operator
+ type: object
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ suspend:
+ description: Suspend suspends all running child Jobs when set to true.
+ type: boolean
+ ttlSecondsAfterFinished:
+ description: |-
+ TTLSecondsAfterFinished limits the lifetime of a JobSet that has finished
+ execution (either Complete or Failed). If this field is set,
+ TTLSecondsAfterFinished after the JobSet finishes, it is eligible to be
+ automatically deleted. When the JobSet is being deleted, its lifecycle
+ guarantees (e.g. finalizers) will be honored. If this field is unset,
+ the JobSet won't be automatically deleted. If this field is set to zero,
+ the JobSet becomes eligible to be deleted immediately after it finishes.
+ format: int32
+ minimum: 0
+ type: integer
+ type: object
+ status:
+ description: JobSetStatus defines the observed state of JobSet
+ properties:
+ conditions:
+ items:
+ description: Condition contains details for one aspect of the current state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ replicatedJobsStatus:
+ description: ReplicatedJobsStatus track the number of JobsReady for each replicatedJob.
+ items:
+ description: ReplicatedJobStatus defines the observed ReplicatedJobs Readiness.
+ properties:
+ active:
+ description: |-
+ Active is the number of child Jobs with at least 1 pod in a running or pending state
+ which are not marked for deletion.
+ format: int32
+ type: integer
+ failed:
+ description: Failed is the number of failed child Jobs.
+ format: int32
+ type: integer
+ name:
+ description: Name of the ReplicatedJob.
+ type: string
+ ready:
+ description: |-
+ Ready is the number of child Jobs where the number of ready pods and completed pods
+ is greater than or equal to the total expected pod count for the Job (i.e., the minimum
+ of job.spec.parallelism and job.spec.completions).
+ format: int32
+ type: integer
+ succeeded:
+ description: Succeeded is the number of successfully completed child Jobs.
+ format: int32
+ type: integer
+ suspended:
+ description: Suspended is the number of child Jobs which are in a suspended state.
+ format: int32
+ type: integer
+ required:
+ - active
+ - failed
+ - name
+ - ready
+ - succeeded
+ - suspended
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ restarts:
+ description: Restarts tracks the number of times the JobSet has restarted (i.e. recreated in case of RecreateAll policy).
+ format: int32
+ type: integer
+ restartsCountTowardsMax:
+ description: RestartsCountTowardsMax tracks the number of times the JobSet has restarted that counts towards the maximum allowed number of restarts.
+ format: int32
+ type: integer
+ terminalState:
+ description: |-
+ TerminalState the state of the JobSet when it finishes execution.
+ It can be either Complete or Failed. Otherwise, it is empty by default.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: jobset
+ app.kubernetes.io/instance: controller-manager
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: serviceaccount
+ app.kubernetes.io/part-of: jobset
+ name: jobset-controller-manager
+ namespace: jobset-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: jobset
+ app.kubernetes.io/instance: leader-election-role
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: role
+ app.kubernetes.io/part-of: jobset
+ name: jobset-leader-election-role
+ namespace: jobset-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: jobset-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - mutatingwebhookconfigurations
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - batch
+ resources:
+ - jobs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch
+ resources:
+ - jobs/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - jobset.x-k8s.io
+ resources:
+ - jobsets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - jobset.x-k8s.io
+ resources:
+ - jobsets/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - jobset.x-k8s.io
+ resources:
+ - jobsets/status
+ verbs:
+ - get
+ - patch
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: jobset
+ app.kubernetes.io/instance: metrics-reader
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/part-of: jobset
+ name: jobset-metrics-reader
+rules:
+- nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: jobset
+ app.kubernetes.io/instance: proxy-role
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/part-of: jobset
+ name: jobset-proxy-role
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: jobset
+ app.kubernetes.io/instance: leader-election-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: rolebinding
+ app.kubernetes.io/part-of: jobset
+ name: jobset-leader-election-rolebinding
+ namespace: jobset-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: jobset-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: jobset-controller-manager
+ namespace: jobset-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: jobset
+ app.kubernetes.io/instance: manager-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/part-of: jobset
+ name: jobset-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: jobset-manager-role
+subjects:
+- kind: ServiceAccount
+ name: jobset-controller-manager
+ namespace: jobset-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: jobset
+ app.kubernetes.io/instance: proxy-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/part-of: jobset
+ name: jobset-proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: jobset-proxy-role
+subjects:
+- kind: ServiceAccount
+ name: jobset-controller-manager
+ namespace: jobset-system
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: jobset-webhook-server-cert
+ namespace: jobset-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: jobset
+ app.kubernetes.io/instance: controller-manager-metrics-service
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: service
+ app.kubernetes.io/part-of: jobset
+ control-plane: controller-manager
+ name: jobset-controller-manager-metrics-service
+ namespace: jobset-system
+spec:
+ ports:
+ - name: https
+ port: 8443
+ protocol: TCP
+ targetPort: https
+ selector:
+ control-plane: controller-manager
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/created-by: jobset
+ app.kubernetes.io/instance: webhook-service
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: service
+ app.kubernetes.io/part-of: jobset
+ name: jobset-webhook-service
+ namespace: jobset-system
+spec:
+ ports:
+ - port: 443
+ protocol: TCP
+ targetPort: 9443
+ selector:
+ control-plane: controller-manager
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: manager
+ app.kubernetes.io/created-by: jobset
+ app.kubernetes.io/instance: controller-manager
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: deployment
+ app.kubernetes.io/part-of: jobset
+ control-plane: controller-manager
+ name: jobset-controller-manager
+ namespace: jobset-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ control-plane: controller-manager
+ spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: kubernetes.io/arch
+ operator: In
+ values:
+ - amd64
+ - arm64
+ - ppc64le
+ - s390x
+ - key: kubernetes.io/os
+ operator: In
+ values:
+ - linux
+ containers:
+ - args:
+ - --zap-log-level=2
+ - --health-probe-bind-address=:8081
+ - --metrics-bind-address=127.0.0.1:8080
+ - --leader-elect
+ command:
+ - /manager
+ image: registry.k8s.io/jobset/jobset:v0.7.1
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 2
+ memory: 512Mi
+ requests:
+ cpu: 500m
+ memory: 128Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ - args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=0
+ image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
+ name: kube-rbac-proxy
+ ports:
+ - containerPort: 8443
+ name: https
+ protocol: TCP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 5m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: jobset-controller-manager
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: jobset-webhook-server-cert
+ tolerations:
+ - effect: NoSchedule
+ key: components.gke.io/gke-managed-components
+ operator: Equal
+ value: "true"
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ name: jobset-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: jobset-webhook-service
+ namespace: jobset-system
+ path: /mutate-jobset-x-k8s-io-v1alpha2-jobset
+ failurePolicy: Fail
+ name: mjobset.kb.io
+ rules:
+ - apiGroups:
+ - jobset.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - jobsets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: jobset-webhook-service
+ namespace: jobset-system
+ path: /mutate--v1-pod
+ failurePolicy: Fail
+ name: mpod.kb.io
+ objectSelector:
+ matchExpressions:
+ - key: jobset.sigs.k8s.io/jobset-name
+ operator: Exists
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - pods
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ name: jobset-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: jobset-webhook-service
+ namespace: jobset-system
+ path: /validate-jobset-x-k8s-io-v1alpha2-jobset
+ failurePolicy: Fail
+ name: vjobset.kb.io
+ rules:
+ - apiGroups:
+ - jobset.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - jobsets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: jobset-webhook-service
+ namespace: jobset-system
+ path: /validate--v1-pod
+ failurePolicy: Fail
+ name: vpod.kb.io
+ objectSelector:
+ matchExpressions:
+ - key: jobset.sigs.k8s.io/jobset-name
+ operator: Exists
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - pods
+ sideEffects: None
diff --git a/modules/management/kubectl-apply/manifests/kueue-v0.9.1.yaml b/modules/management/kubectl-apply/manifests/kueue-v0.9.1.yaml
new file mode 100644
index 0000000000..c4573abc34
--- /dev/null
+++ b/modules/management/kubectl-apply/manifests/kueue-v0.9.1.yaml
@@ -0,0 +1,13131 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.5
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: admissionchecks.kueue.x-k8s.io
+spec:
+ group: kueue.x-k8s.io
+ names:
+ kind: AdmissionCheck
+ listKind: AdmissionCheckList
+ plural: admissionchecks
+ singular: admissioncheck
+ scope: Cluster
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: AdmissionCheck is the Schema for the admissionchecks API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AdmissionCheckSpec defines the desired state of AdmissionCheck
+ properties:
+ controllerName:
+ description: |-
+ controllerName identifies the controller that processes the AdmissionCheck,
+ not necessarily a Kubernetes Pod or Deployment name. Cannot be empty.
+ type: string
+ x-kubernetes-validations:
+ - message: field is immutable
+ rule: self == oldSelf
+ parameters:
+ description: |-
+ Parameters identifies a configuration with additional parameters for the
+ check.
+ properties:
+ apiGroup:
+ description: ApiGroup is the group for the resource being referenced.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is the type of the resource being referenced.
+ maxLength: 63
+ pattern: ^(?i)[a-z]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the resource being referenced.
+ maxLength: 63
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - apiGroup
+ - kind
+ - name
+ type: object
+ retryDelayMinutes:
+ default: 15
+ description: |-
+ RetryDelayMinutes specifies how long to keep the workload suspended after
+ a failed check (after it transitioned to False). When the delay period has passed, the check
+ state goes to "Unknown". The default is 15 min.
+ Deprecated: retryDelayMinutes has already been deprecated since v0.8 and will be removed in v1beta2.
+ format: int64
+ type: integer
+ required:
+ - controllerName
+ type: object
+ status:
+ description: AdmissionCheckStatus defines the observed state of AdmissionCheck
+ properties:
+ conditions:
+ description: |-
+ conditions hold the latest available observations of the AdmissionCheck
+ current state.
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.5
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: clusterqueues.kueue.x-k8s.io
+spec:
+ group: kueue.x-k8s.io
+ names:
+ kind: ClusterQueue
+ listKind: ClusterQueueList
+ plural: clusterqueues
+ shortNames:
+ - cq
+ singular: clusterqueue
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - description: Cohort that this ClusterQueue belongs to
+ jsonPath: .spec.cohort
+ name: Cohort
+ type: string
+ - description: The queueing strategy used to prioritize workloads
+ jsonPath: .spec.queueingStrategy
+ name: Strategy
+ priority: 1
+ type: string
+ - description: Number of pending workloads
+ jsonPath: .status.pendingWorkloads
+ name: Pending Workloads
+ type: integer
+ - description: Number of admitted workloads that haven't finished yet
+ jsonPath: .status.admittedWorkloads
+ name: Admitted Workloads
+ priority: 1
+ type: integer
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ClusterQueue is the Schema for the clusterQueue API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterQueueSpec defines the desired state of ClusterQueue
+ properties:
+ admissionChecks:
+ description: |-
+ admissionChecks lists the AdmissionChecks required by this ClusterQueue.
+ Cannot be used along with AdmissionCheckStrategy.
+ items:
+ type: string
+ type: array
+ admissionChecksStrategy:
+ description: |-
+ admissionCheckStrategy defines a list of strategies to determine which ResourceFlavors require AdmissionChecks.
+ This property cannot be used in conjunction with the 'admissionChecks' property.
+ properties:
+ admissionChecks:
+ description: admissionChecks is a list of strategies for AdmissionChecks
+ items:
+ description: AdmissionCheckStrategyRule defines rules for a
+ single AdmissionCheck
+ properties:
+ name:
+ description: name is an AdmissionCheck's name.
+ type: string
+ onFlavors:
+ description: |-
+ onFlavors is a list of ResourceFlavors' names that this AdmissionCheck should run for.
+ If empty, the AdmissionCheck will run for all workloads submitted to the ClusterQueue.
+ items:
+ description: ResourceFlavorReference is the name of the
+ ResourceFlavor.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ type: array
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ cohort:
+ description: |-
+ cohort that this ClusterQueue belongs to. CQs that belong to the
+ same cohort can borrow unused resources from each other.
+
+ A CQ can be a member of a single borrowing cohort. A workload submitted
+ to a queue referencing this CQ can borrow quota from any CQ in the cohort.
+ Only quota for the [resource, flavor] pairs listed in the CQ can be
+ borrowed.
+ If empty, this ClusterQueue cannot borrow from any other ClusterQueue and
+ vice versa.
+
+ A cohort is a name that links CQs together, but it doesn't reference any
+ object.
+
+ Validation of a cohort name is equivalent to that of object names:
+ subdomain in DNS (RFC 1123).
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ fairSharing:
+ description: |-
+ fairSharing defines the properties of the ClusterQueue when participating in fair sharing.
+ The values are only relevant if fair sharing is enabled in the Kueue configuration.
+ properties:
+ weight:
+ anyOf:
+ - type: integer
+ - type: string
+ default: 1
+ description: |-
+ weight gives a comparative advantage to this ClusterQueue when competing for unused
+ resources in the cohort against other ClusterQueues.
+ The share of a ClusterQueue is based on the dominant resource usage above nominal
+ quotas for each resource, divided by the weight.
+ Admission prioritizes scheduling workloads from ClusterQueues with the lowest share
+ and preempting workloads from the ClusterQueues with the highest share.
+ A zero weight implies infinite share value, meaning that this ClusterQueue will always
+ be at disadvantage against other ClusterQueues.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ flavorFungibility:
+ default: {}
+ description: |-
+ flavorFungibility defines whether a workload should try the next flavor
+ before borrowing or preempting in the flavor being evaluated.
+ properties:
+ whenCanBorrow:
+ default: Borrow
+ description: |-
+ whenCanBorrow determines whether a workload should try the next flavor
+ before borrowing in current flavor. The possible values are:
+
+ - `Borrow` (default): allocate in current flavor if borrowing
+ is possible.
+ - `TryNextFlavor`: try next flavor even if the current
+ flavor has enough resources to borrow.
+ enum:
+ - Borrow
+ - TryNextFlavor
+ type: string
+ whenCanPreempt:
+ default: TryNextFlavor
+ description: |-
+ whenCanPreempt determines whether a workload should try the next flavor
+ before borrowing in current flavor. The possible values are:
+
+ - `Preempt`: allocate in current flavor if it's possible to preempt some workloads.
+ - `TryNextFlavor` (default): try next flavor even if there are enough
+ candidates for preemption in the current flavor.
+ enum:
+ - Preempt
+ - TryNextFlavor
+ type: string
+ type: object
+ namespaceSelector:
+ description: |-
+ namespaceSelector defines which namespaces are allowed to submit workloads to
+ this clusterQueue. Beyond this basic support for policy, a policy agent like
+ Gatekeeper should be used to enforce more advanced policies.
+ Defaults to null which is a nothing selector (no namespaces eligible).
+ If set to an empty selector `{}`, then all namespaces are eligible.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ preemption:
+ default: {}
+ description: |-
+ preemption describes policies to preempt Workloads from this ClusterQueue
+ or the ClusterQueue's cohort.
+
+ Preemption can happen in two scenarios:
+
+ - When a Workload fits within the nominal quota of the ClusterQueue, but
+ the quota is currently borrowed by other ClusterQueues in the cohort.
+ Preempting Workloads in other ClusterQueues allows this ClusterQueue to
+ reclaim its nominal quota.
+ - When a Workload doesn't fit within the nominal quota of the ClusterQueue
+ and there are admitted Workloads in the ClusterQueue with lower priority.
+
+ The preemption algorithm tries to find a minimal set of Workloads to
+ preempt to accomomdate the pending Workload, preempting Workloads with
+ lower priority first.
+ properties:
+ borrowWithinCohort:
+ default: {}
+ description: |-
+ borrowWithinCohort provides configuration to allow preemption within
+ cohort while borrowing.
+ properties:
+ maxPriorityThreshold:
+ description: |-
+ maxPriorityThreshold allows to restrict the set of workloads which
+ might be preempted by a borrowing workload, to only workloads with
+ priority less than or equal to the specified threshold priority.
+ When the threshold is not specified, then any workload satisfying the
+ policy can be preempted by the borrowing workload.
+ format: int32
+ type: integer
+ policy:
+ default: Never
+ description: |-
+ policy determines the policy for preemption to reclaim quota within cohort while borrowing.
+ Possible values are:
+ - `Never` (default): do not allow for preemption, in other
+ ClusterQueues within the cohort, for a borrowing workload.
+ - `LowerPriority`: allow preemption, in other ClusterQueues
+ within the cohort, for a borrowing workload, but only if
+ the preempted workloads are of lower priority.
+ enum:
+ - Never
+ - LowerPriority
+ type: string
+ type: object
+ reclaimWithinCohort:
+ default: Never
+ description: |-
+ reclaimWithinCohort determines whether a pending Workload can preempt
+ Workloads from other ClusterQueues in the cohort that are using more than
+ their nominal quota. The possible values are:
+
+ - `Never` (default): do not preempt Workloads in the cohort.
+ - `LowerPriority`: **Classic Preemption** if the pending Workload
+ fits within the nominal quota of its ClusterQueue, only preempt
+ Workloads in the cohort that have lower priority than the pending
+ Workload. **Fair Sharing** only preempt Workloads in the cohort that
+ have lower priority than the pending Workload and that satisfy the
+ fair sharing preemptionStategies.
+ - `Any`: **Classic Preemption** if the pending Workload fits within
+ the nominal quota of its ClusterQueue, preempt any Workload in the
+ cohort, irrespective of priority. **Fair Sharing** preempt Workloads
+ in the cohort that satisfy the fair sharing preemptionStrategies.
+ enum:
+ - Never
+ - LowerPriority
+ - Any
+ type: string
+ withinClusterQueue:
+ default: Never
+ description: |-
+ withinClusterQueue determines whether a pending Workload that doesn't fit
+ within the nominal quota for its ClusterQueue, can preempt active Workloads in
+ the ClusterQueue. The possible values are:
+
+ - `Never` (default): do not preempt Workloads in the ClusterQueue.
+ - `LowerPriority`: only preempt Workloads in the ClusterQueue that have
+ lower priority than the pending Workload.
+ - `LowerOrNewerEqualPriority`: only preempt Workloads in the ClusterQueue that
+ either have a lower priority than the pending workload or equal priority
+ and are newer than the pending workload.
+ enum:
+ - Never
+ - LowerPriority
+ - LowerOrNewerEqualPriority
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: reclaimWithinCohort=Never and borrowWithinCohort.Policy!=Never
+ rule: '!(self.reclaimWithinCohort == ''Never'' && has(self.borrowWithinCohort)
+ && self.borrowWithinCohort.policy != ''Never'')'
+ queueingStrategy:
+ default: BestEffortFIFO
+ description: |-
+ QueueingStrategy indicates the queueing strategy of the workloads
+ across the queues in this ClusterQueue.
+ Current Supported Strategies:
+
+ - StrictFIFO: workloads are ordered strictly by creation time.
+ Older workloads that can't be admitted will block admitting newer
+ workloads even if they fit available quota.
+ - BestEffortFIFO: workloads are ordered by creation time,
+ however older workloads that can't be admitted will not block
+ admitting newer workloads that fit existing quota.
+ enum:
+ - StrictFIFO
+ - BestEffortFIFO
+ type: string
+ resourceGroups:
+ description: |-
+ resourceGroups describes groups of resources.
+ Each resource group defines the list of resources and a list of flavors
+ that provide quotas for these resources.
+ Each resource and each flavor can only form part of one resource group.
+ resourceGroups can be up to 16.
+ items:
+ properties:
+ coveredResources:
+ description: |-
+ coveredResources is the list of resources covered by the flavors in this
+ group.
+ Examples: cpu, memory, vendor.com/gpu.
+ The list cannot be empty and it can contain up to 16 resources.
+ items:
+ description: ResourceName is the name identifying various
+ resources in a ResourceList.
+ type: string
+ maxItems: 16
+ minItems: 1
+ type: array
+ flavors:
+ description: |-
+ flavors is the list of flavors that provide the resources of this group.
+ Typically, different flavors represent different hardware models
+ (e.g., gpu models, cpu architectures) or pricing models (on-demand vs spot
+ cpus).
+ Each flavor MUST list all the resources listed for this group in the same
+ order as the .resources field.
+ The list cannot be empty and it can contain up to 16 flavors.
+ items:
+ properties:
+ name:
+ description: |-
+ name of this flavor. The name should match the .metadata.name of a
+ ResourceFlavor. If a matching ResourceFlavor does not exist, the
+ ClusterQueue will have an Active condition set to False.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ resources:
+ description: |-
+ resources is the list of quotas for this flavor per resource.
+ There could be up to 16 resources.
+ items:
+ properties:
+ borrowingLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ borrowingLimit is the maximum amount of quota for the [flavor, resource]
+ combination that this ClusterQueue is allowed to borrow from the unused
+ quota of other ClusterQueues in the same cohort.
+ In total, at a given time, Workloads in a ClusterQueue can consume a
+ quantity of quota equal to nominalQuota+borrowingLimit, assuming the other
+ ClusterQueues in the cohort have enough unused quota.
+ If null, it means that there is no borrowing limit.
+ If not null, it must be non-negative.
+ borrowingLimit must be null if spec.cohort is empty.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ lendingLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ lendingLimit is the maximum amount of unused quota for the [flavor, resource]
+ combination that this ClusterQueue can lend to other ClusterQueues in the same cohort.
+ In total, at a given time, ClusterQueue reserves for its exclusive use
+ a quantity of quota equals to nominalQuota - lendingLimit.
+ If null, it means that there is no lending limit, meaning that
+ all the nominalQuota can be borrowed by other clusterQueues in the cohort.
+ If not null, it must be non-negative.
+ lendingLimit must be null if spec.cohort is empty.
+ This field is in beta stage and is enabled by default.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ name:
+ description: name of this resource.
+ type: string
+ nominalQuota:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ nominalQuota is the quantity of this resource that is available for
+ Workloads admitted by this ClusterQueue at a point in time.
+ The nominalQuota must be non-negative.
+ nominalQuota should represent the resources in the cluster available for
+ running jobs (after discounting resources consumed by system components
+ and pods not managed by kueue). In an autoscaled cluster, nominalQuota
+ should account for resources that can be provided by a component such as
+ Kubernetes cluster-autoscaler.
+
+ If the ClusterQueue belongs to a cohort, the sum of the quotas for each
+ (flavor, resource) combination defines the maximum quantity that can be
+ allocated by a ClusterQueue in the cohort.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - name
+ - nominalQuota
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - name
+ - resources
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - coveredResources
+ - flavors
+ type: object
+ x-kubernetes-validations:
+ - message: flavors must have the same number of resources as the
+ coveredResources
+ rule: self.flavors.all(x, size(x.resources) == size(self.coveredResources))
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: atomic
+ stopPolicy:
+ default: None
+ description: |-
+ stopPolicy - if set to a value different from None, the ClusterQueue is considered Inactive, no new reservation being
+ made.
+
+ Depending on its value, its associated workloads will:
+
+ - None - Workloads are admitted
+ - HoldAndDrain - Admitted workloads are evicted and Reserving workloads will cancel the reservation.
+ - Hold - Admitted workloads will run to completion and Reserving workloads will cancel the reservation.
+ enum:
+ - None
+ - Hold
+ - HoldAndDrain
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: borrowingLimit must be nil when cohort is empty
+ rule: '!has(self.cohort) && has(self.resourceGroups) ? self.resourceGroups.all(rg,
+ rg.flavors.all(f, f.resources.all(r, !has(r.borrowingLimit)))) : true'
+ status:
+ description: ClusterQueueStatus defines the observed state of ClusterQueue
+ properties:
+ admittedWorkloads:
+ description: |-
+ admittedWorkloads is the number of workloads currently admitted to this
+ clusterQueue and haven't finished yet.
+ format: int32
+ type: integer
+ conditions:
+ description: |-
+ conditions hold the latest available observations of the ClusterQueue
+ current state.
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ fairSharing:
+ description: FairSharing contains the information about the current
+ status of fair sharing.
+ properties:
+ weightedShare:
+ description: |-
+ WeightedShare represent the maximum of the ratios of usage above nominal
+ quota to the lendable resources in the cohort, among all the resources
+ provided by the ClusterQueue, and divided by the weight.
+ If zero, it means that the usage of the ClusterQueue is below the nominal quota.
+ If the ClusterQueue has a weight of zero, this will return 9223372036854775807,
+ the maximum possible share value.
+ format: int64
+ type: integer
+ required:
+ - weightedShare
+ type: object
+ flavorsReservation:
+ description: |-
+ flavorsReservation are the reserved quotas, by flavor, currently in use by the
+ workloads assigned to this ClusterQueue.
+ items:
+ properties:
+ name:
+ description: name of the flavor.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ resources:
+ description: resources lists the quota usage for the resources
+ in this flavor.
+ items:
+ properties:
+ borrowed:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Borrowed is quantity of quota that is borrowed from the cohort. In other
+ words, it's the used quota that is over the nominalQuota.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ name:
+ description: name of the resource
+ type: string
+ total:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ total is the total quantity of used quota, including the amount borrowed
+ from the cohort.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - name
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - name
+ - resources
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ flavorsUsage:
+ description: |-
+ flavorsUsage are the used quotas, by flavor, currently in use by the
+ workloads admitted in this ClusterQueue.
+ items:
+ properties:
+ name:
+ description: name of the flavor.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ resources:
+ description: resources lists the quota usage for the resources
+ in this flavor.
+ items:
+ properties:
+ borrowed:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Borrowed is quantity of quota that is borrowed from the cohort. In other
+ words, it's the used quota that is over the nominalQuota.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ name:
+ description: name of the resource
+ type: string
+ total:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ total is the total quantity of used quota, including the amount borrowed
+ from the cohort.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - name
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - name
+ - resources
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ pendingWorkloads:
+ description: |-
+ pendingWorkloads is the number of workloads currently waiting to be
+ admitted to this clusterQueue.
+ format: int32
+ type: integer
+ pendingWorkloadsStatus:
+ description: |-
+ PendingWorkloadsStatus contains the information exposed about the current
+ status of the pending workloads in the cluster queue.
+ Deprecated: This field will be removed on v1beta2, use VisibilityOnDemand
+ (https://kueue.sigs.k8s.io/docs/tasks/manage/monitor_pending_workloads/pending_workloads_on_demand/)
+ instead.
+ properties:
+ clusterQueuePendingWorkload:
+ description: Head contains the list of top pending workloads.
+ items:
+ description: |-
+ ClusterQueuePendingWorkload contains the information identifying a pending workload
+ in the cluster queue.
+ properties:
+ name:
+ description: Name indicates the name of the pending workload.
+ type: string
+ namespace:
+ description: Namespace indicates the name of the pending
+ workload.
+ type: string
+ required:
+ - name
+ - namespace
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ lastChangeTime:
+ description: LastChangeTime indicates the time of the last change
+ of the structure.
+ format: date-time
+ type: string
+ required:
+ - lastChangeTime
+ type: object
+ reservingWorkloads:
+ description: |-
+ reservingWorkloads is the number of workloads currently reserving quota in this
+ clusterQueue.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.5
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: cohorts.kueue.x-k8s.io
+spec:
+ group: kueue.x-k8s.io
+ names:
+ kind: Cohort
+ listKind: CohortList
+ plural: cohorts
+ singular: cohort
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Cohort is the Schema for the cohorts API. Using Hierarchical
+ Cohorts (any Cohort which has a parent) with Fair Sharing
+ results in undefined behavior in 0.9
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CohortSpec defines the desired state of Cohort
+ properties:
+ parent:
+ description: |-
+ Parent references the name of the Cohort's parent, if
+ any. It satisfies one of three cases:
+ 1) Unset. This Cohort is the root of its Cohort tree.
+ 2) References a non-existent Cohort. We use default Cohort (no borrowing/lending limits).
+ 3) References an existent Cohort.
+
+ If a cycle is created, we disable all members of the
+ Cohort, including ClusterQueues, until the cycle is
+ removed. We prevent further admission while the cycle
+ exists.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ resourceGroups:
+ description: |-
+ ResourceGroups describes groupings of Resources and
+ Flavors. Each ResourceGroup defines a list of Resources
+ and a list of Flavors which provide quotas for these
+ Resources. Each Resource and each Flavor may only form part
+ of one ResourceGroup. There may be up to 16 ResourceGroups
+ within a Cohort.
+
+ BorrowingLimit limits how much members of this Cohort
+ subtree can borrow from the parent subtree.
+
+ LendingLimit limits how much members of this Cohort subtree
+ can lend to the parent subtree.
+
+ Borrowing and Lending limits must only be set when the
+ Cohort has a parent. Otherwise, the Cohort create/update
+ will be rejected by the webhook.
+ items:
+ properties:
+ coveredResources:
+ description: |-
+ coveredResources is the list of resources covered by the flavors in this
+ group.
+ Examples: cpu, memory, vendor.com/gpu.
+ The list cannot be empty and it can contain up to 16 resources.
+ items:
+ description: ResourceName is the name identifying various
+ resources in a ResourceList.
+ type: string
+ maxItems: 16
+ minItems: 1
+ type: array
+ flavors:
+ description: |-
+ flavors is the list of flavors that provide the resources of this group.
+ Typically, different flavors represent different hardware models
+ (e.g., gpu models, cpu architectures) or pricing models (on-demand vs spot
+ cpus).
+ Each flavor MUST list all the resources listed for this group in the same
+ order as the .resources field.
+ The list cannot be empty and it can contain up to 16 flavors.
+ items:
+ properties:
+ name:
+ description: |-
+ name of this flavor. The name should match the .metadata.name of a
+ ResourceFlavor. If a matching ResourceFlavor does not exist, the
+ ClusterQueue will have an Active condition set to False.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ resources:
+ description: |-
+ resources is the list of quotas for this flavor per resource.
+ There could be up to 16 resources.
+ items:
+ properties:
+ borrowingLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ borrowingLimit is the maximum amount of quota for the [flavor, resource]
+ combination that this ClusterQueue is allowed to borrow from the unused
+ quota of other ClusterQueues in the same cohort.
+ In total, at a given time, Workloads in a ClusterQueue can consume a
+ quantity of quota equal to nominalQuota+borrowingLimit, assuming the other
+ ClusterQueues in the cohort have enough unused quota.
+ If null, it means that there is no borrowing limit.
+ If not null, it must be non-negative.
+ borrowingLimit must be null if spec.cohort is empty.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ lendingLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ lendingLimit is the maximum amount of unused quota for the [flavor, resource]
+ combination that this ClusterQueue can lend to other ClusterQueues in the same cohort.
+ In total, at a given time, ClusterQueue reserves for its exclusive use
+ a quantity of quota equals to nominalQuota - lendingLimit.
+ If null, it means that there is no lending limit, meaning that
+ all the nominalQuota can be borrowed by other clusterQueues in the cohort.
+ If not null, it must be non-negative.
+ lendingLimit must be null if spec.cohort is empty.
+ This field is in beta stage and is enabled by default.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ name:
+ description: name of this resource.
+ type: string
+ nominalQuota:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ nominalQuota is the quantity of this resource that is available for
+ Workloads admitted by this ClusterQueue at a point in time.
+ The nominalQuota must be non-negative.
+ nominalQuota should represent the resources in the cluster available for
+ running jobs (after discounting resources consumed by system components
+ and pods not managed by kueue). In an autoscaled cluster, nominalQuota
+ should account for resources that can be provided by a component such as
+ Kubernetes cluster-autoscaler.
+
+ If the ClusterQueue belongs to a cohort, the sum of the quotas for each
+ (flavor, resource) combination defines the maximum quantity that can be
+ allocated by a ClusterQueue in the cohort.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - name
+ - nominalQuota
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - name
+ - resources
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - coveredResources
+ - flavors
+ type: object
+ x-kubernetes-validations:
+ - message: flavors must have the same number of resources as the
+ coveredResources
+ rule: self.flavors.all(x, size(x.resources) == size(self.coveredResources))
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+ controller-gen.kubebuilder.io/version: v0.16.5
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: localqueues.kueue.x-k8s.io
+spec:
+ group: kueue.x-k8s.io
+ names:
+ kind: LocalQueue
+ listKind: LocalQueueList
+ plural: localqueues
+ shortNames:
+ - queue
+ - queues
+ - lq
+ singular: localqueue
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Backing ClusterQueue
+ jsonPath: .spec.clusterQueue
+ name: ClusterQueue
+ type: string
+ - description: Number of pending workloads
+ jsonPath: .status.pendingWorkloads
+ name: Pending Workloads
+ type: integer
+ - description: Number of admitted workloads that haven't finished yet.
+ jsonPath: .status.admittedWorkloads
+ name: Admitted Workloads
+ type: integer
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: LocalQueue is the Schema for the localQueues API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: LocalQueueSpec defines the desired state of LocalQueue
+ properties:
+ clusterQueue:
+ description: clusterQueue is a reference to a clusterQueue that backs
+ this localQueue.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ x-kubernetes-validations:
+ - message: field is immutable
+ rule: self == oldSelf
+ stopPolicy:
+ default: None
+ description: |-
+ stopPolicy - if set to a value different from None, the LocalQueue is considered Inactive,
+ no new reservation being made.
+
+ Depending on its value, its associated workloads will:
+
+ - None - Workloads are admitted
+ - HoldAndDrain - Admitted workloads are evicted and Reserving workloads will cancel the reservation.
+ - Hold - Admitted workloads will run to completion and Reserving workloads will cancel the reservation.
+ enum:
+ - None
+ - Hold
+ - HoldAndDrain
+ type: string
+ type: object
+ status:
+ description: LocalQueueStatus defines the observed state of LocalQueue
+ properties:
+ admittedWorkloads:
+ description: |-
+ admittedWorkloads is the number of workloads in this LocalQueue
+ admitted to a ClusterQueue and that haven't finished yet.
+ format: int32
+ type: integer
+ conditions:
+ description: |-
+ Conditions hold the latest available observations of the LocalQueue
+ current state.
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ flavorUsage:
+ description: |-
+ flavorsUsage are the used quotas, by flavor currently in use by the
+ workloads assigned to this LocalQueue.
+ items:
+ properties:
+ name:
+ description: name of the flavor.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ resources:
+ description: resources lists the quota usage for the resources
+ in this flavor.
+ items:
+ properties:
+ name:
+ description: name of the resource.
+ type: string
+ total:
+ anyOf:
+ - type: integer
+ - type: string
+ description: total is the total quantity of used quota.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - name
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - name
+ - resources
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ flavors:
+ description: flavors lists all currently available ResourceFlavors
+ in specified ClusterQueue.
+ items:
+ properties:
+ name:
+ description: name of the flavor.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ nodeLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeLabels are labels that associate the ResourceFlavor with Nodes that
+ have the same labels.
+ maxProperties: 8
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeTaints:
+ description: |-
+ nodeTaints are taints that the nodes associated with this ResourceFlavor
+ have.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to
+ a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint
+ key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: resources used in the flavor.
+ items:
+ description: ResourceName is the name identifying various
+ resources in a ResourceList.
+ type: string
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - name
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ flavorsReservation:
+ description: |-
+ flavorsReservation are the reserved quotas, by flavor currently in use by the
+ workloads assigned to this LocalQueue.
+ items:
+ properties:
+ name:
+ description: name of the flavor.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ resources:
+ description: resources lists the quota usage for the resources
+ in this flavor.
+ items:
+ properties:
+ name:
+ description: name of the resource.
+ type: string
+ total:
+ anyOf:
+ - type: integer
+ - type: string
+ description: total is the total quantity of used quota.
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ required:
+ - name
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - name
+ - resources
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ pendingWorkloads:
+ description: PendingWorkloads is the number of Workloads in the LocalQueue
+ not yet admitted to a ClusterQueue
+ format: int32
+ type: integer
+ reservingWorkloads:
+ description: |-
+ reservingWorkloads is the number of workloads in this LocalQueue
+ reserving quota in a ClusterQueue and that haven't finished yet.
+ format: int32
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.5
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: multikueueclusters.kueue.x-k8s.io
+spec:
+ group: kueue.x-k8s.io
+ names:
+ kind: MultiKueueCluster
+ listKind: MultiKueueClusterList
+ plural: multikueueclusters
+ singular: multikueuecluster
+ scope: Cluster
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MultiKueueCluster is the Schema for the multikueue API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ properties:
+ kubeConfig:
+ description: Information how to connect to the cluster.
+ properties:
+ location:
+ description: |-
+ Location of the KubeConfig.
+
+ If LocationType is Secret then Location is the name of the secret inside the namespace in
+ which the kueue controller manager is running. The config should be stored in the "kubeconfig" key.
+ type: string
+ locationType:
+ default: Secret
+ description: Type of the KubeConfig location.
+ enum:
+ - Secret
+ - Path
+ type: string
+ required:
+ - location
+ - locationType
+ type: object
+ required:
+ - kubeConfig
+ type: object
+ status:
+ properties:
+ conditions:
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.5
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: multikueueconfigs.kueue.x-k8s.io
+spec:
+ group: kueue.x-k8s.io
+ names:
+ kind: MultiKueueConfig
+ listKind: MultiKueueConfigList
+ plural: multikueueconfigs
+ singular: multikueueconfig
+ scope: Cluster
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MultiKueueConfig is the Schema for the multikueue API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MultiKueueConfigSpec defines the desired state of MultiKueueConfig
+ properties:
+ clusters:
+ description: List of MultiKueueClusters names where the workloads
+ from the ClusterQueue should be distributed.
+ items:
+ type: string
+ maxItems: 10
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - clusters
+ type: object
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.5
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: provisioningrequestconfigs.kueue.x-k8s.io
+spec:
+ group: kueue.x-k8s.io
+ names:
+ kind: ProvisioningRequestConfig
+ listKind: ProvisioningRequestConfigList
+ plural: provisioningrequestconfigs
+ singular: provisioningrequestconfig
+ scope: Cluster
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ProvisioningRequestConfig is the Schema for the provisioningrequestconfig
+ API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ProvisioningRequestConfigSpec defines the desired state of
+ ProvisioningRequestConfig
+ properties:
+ managedResources:
+ description: |-
+ managedResources contains the list of resources managed by the autoscaling.
+
+ If empty, all resources are considered managed.
+
+ If not empty, the ProvisioningRequest will contain only the podsets that are
+ requesting at least one of them.
+
+ If none of the workloads podsets is requesting at least a managed resource,
+ the workload is considered ready.
+ items:
+ description: ResourceName is the name identifying various resources
+ in a ResourceList.
+ type: string
+ maxItems: 100
+ type: array
+ x-kubernetes-list-type: set
+ parameters:
+ additionalProperties:
+ description: Parameter is limited to 255 characters.
+ maxLength: 255
+ type: string
+ description: Parameters contains all other parameters classes may
+ require.
+ maxProperties: 100
+ type: object
+ provisioningClassName:
+ description: |-
+ ProvisioningClassName describes the different modes of provisioning the resources.
+ Check autoscaling.x-k8s.io ProvisioningRequestSpec.ProvisioningClassName for details.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ retryStrategy:
+ default:
+ backoffBaseSeconds: 60
+ backoffLimitCount: 3
+ backoffMaxSeconds: 1800
+ description: |-
+ retryStrategy defines strategy for retrying ProvisioningRequest.
+ If null, then the default configuration is applied with the following parameter values:
+ backoffLimitCount: 3
+ backoffBaseSeconds: 60 - 1 min
+ backoffMaxSeconds: 1800 - 30 mins
+
+ To switch off retry mechanism
+ set retryStrategy.backoffLimitCount to 0.
+ properties:
+ backoffBaseSeconds:
+ default: 60
+ description: |-
+ BackoffBaseSeconds defines the base for the exponential backoff for
+ re-queuing an evicted workload.
+
+ Defaults to 60.
+ format: int32
+ type: integer
+ backoffLimitCount:
+ default: 3
+ description: |-
+ BackoffLimitCount defines the maximum number of re-queuing retries.
+ Once the number is reached, the workload is deactivated (`.spec.activate`=`false`).
+
+ Every backoff duration is about "b*2^(n-1)+Rand" where:
+ - "b" represents the base set by "BackoffBaseSeconds" parameter,
+ - "n" represents the "workloadStatus.requeueState.count",
+ - "Rand" represents the random jitter.
+ During this time, the workload is taken as an inadmissible and
+ other workloads will have a chance to be admitted.
+ By default, the consecutive requeue delays are around: (60s, 120s, 240s, ...).
+
+ Defaults to 3.
+ format: int32
+ type: integer
+ backoffMaxSeconds:
+ default: 1800
+ description: |-
+ BackoffMaxSeconds defines the maximum backoff time to re-queue an evicted workload.
+
+ Defaults to 1800.
+ format: int32
+ type: integer
+ type: object
+ required:
+ - provisioningClassName
+ type: object
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.5
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: resourceflavors.kueue.x-k8s.io
+spec:
+ group: kueue.x-k8s.io
+ names:
+ kind: ResourceFlavor
+ listKind: ResourceFlavorList
+ plural: resourceflavors
+ shortNames:
+ - flavor
+ - flavors
+ - rf
+ singular: resourceflavor
+ scope: Cluster
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ResourceFlavor is the Schema for the resourceflavors API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ResourceFlavorSpec defines the desired state of the ResourceFlavor
+ properties:
+ nodeLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ nodeLabels are labels that associate the ResourceFlavor with Nodes that
+ have the same labels.
+ When a Workload is admitted, its podsets can only get assigned
+ ResourceFlavors whose nodeLabels match the nodeSelector and nodeAffinity
+ fields.
+ Once a ResourceFlavor is assigned to a podSet, the ResourceFlavor's
+ nodeLabels should be injected into the pods of the Workload by the
+ controller that integrates with the Workload object.
+
+ nodeLabels can be up to 8 elements.
+ maxProperties: 8
+ type: object
+ x-kubernetes-map-type: atomic
+ nodeTaints:
+ description: |-
+ nodeTaints are taints that the nodes associated with this ResourceFlavor
+ have.
+ Workloads' podsets must have tolerations for these nodeTaints in order to
+ get assigned this ResourceFlavor during admission.
+
+ An example of a nodeTaint is
+ cloud.provider.com/preemptible="true":NoSchedule
+
+ nodeTaints can be up to 8 elements.
+ items:
+ description: |-
+ The node this Taint is attached to has the "effect" on
+ any pod that does not tolerate the Taint.
+ properties:
+ effect:
+ description: |-
+ Required. The effect of the taint on pods
+ that do not tolerate the taint.
+ Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: Required. The taint key to be applied to a node.
+ type: string
+ timeAdded:
+ description: |-
+ TimeAdded represents the time at which the taint was added.
+ It is only written for NoExecute taints.
+ format: date-time
+ type: string
+ value:
+ description: The taint value corresponding to the taint key.
+ type: string
+ required:
+ - effect
+ - key
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: 'supported taint effect values: ''NoSchedule'', ''PreferNoSchedule'',
+ ''NoExecute'''
+ rule: self.all(x, x.effect in ['NoSchedule', 'PreferNoSchedule',
+ 'NoExecute'])
+ tolerations:
+ description: |-
+ tolerations are extra tolerations that will be added to the pods admitted in
+ the quota associated with this resource flavor.
+
+ An example of a toleration is
+ cloud.provider.com/preemptible="true":NoSchedule
+
+ tolerations can be up to 8 elements.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-type: atomic
+ x-kubernetes-validations:
+ - message: operator must be Exists when 'key' is empty, which means
+ 'match all values and all keys'
+ rule: 'self.all(x, !has(x.key) ? x.operator == ''Exists'' : true)'
+ - message: effect must be 'NoExecute' when 'tolerationSeconds' is
+ set
+ rule: 'self.all(x, has(x.tolerationSeconds) ? x.effect == ''NoExecute''
+ : true)'
+ - message: 'supported toleration values: ''Equal''(default), ''Exists'''
+ rule: self.all(x, !has(x.operator) || x.operator in ['Equal', 'Exists'])
+ - message: a value must be empty when 'operator' is 'Exists'
+ rule: 'self.all(x, has(x.operator) && x.operator == ''Exists'' ?
+ !has(x.value) : true)'
+ - message: 'supported taint effect values: ''NoSchedule'', ''PreferNoSchedule'',
+ ''NoExecute'''
+ rule: self.all(x, !has(x.effect) || x.effect in ['NoSchedule', 'PreferNoSchedule',
+ 'NoExecute'])
+ topologyName:
+ description: |-
+ topologyName indicates topology for the TAS ResourceFlavor.
+ When specified, it enables scraping of the topology information from the
+ nodes matching to the Resource Flavor node labels.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: at least one nodeLabel is required when topology is set
+ rule: '!has(self.topologyName) || self.nodeLabels.size() >= 1'
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.5
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: topologies.kueue.x-k8s.io
+spec:
+ group: kueue.x-k8s.io
+ names:
+ kind: Topology
+ listKind: TopologyList
+ plural: topologies
+ singular: topology
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Topology is the Schema for the topology API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TopologySpec defines the desired state of Topology
+ properties:
+ levels:
+ description: levels define the levels of topology.
+ items:
+ description: TopologyLevel defines the desired state of TopologyLevel
+ properties:
+ nodeLabel:
+ description: |-
+ nodeLabel indicates the name of the node label for a specific topology
+ level.
+
+ Examples:
+ - cloud.provider.com/topology-block
+ - cloud.provider.com/topology-rack
+ maxLength: 316
+ minLength: 1
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - nodeLabel
+ type: object
+ maxItems: 8
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - levels
+ type: object
+ type: object
+ served: true
+ storage: true
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.5
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: workloadpriorityclasses.kueue.x-k8s.io
+spec:
+ group: kueue.x-k8s.io
+ names:
+ kind: WorkloadPriorityClass
+ listKind: WorkloadPriorityClassList
+ plural: workloadpriorityclasses
+ singular: workloadpriorityclass
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - description: Value of workloadPriorityClass's Priority
+ jsonPath: .value
+ name: Value
+ type: integer
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: WorkloadPriorityClass is the Schema for the workloadPriorityClass
+ API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ description:
+ description: |-
+ description is an arbitrary string that usually provides guidelines on
+ when this workloadPriorityClass should be used.
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ value:
+ description: |-
+ value represents the integer value of this workloadPriorityClass. This is the actual priority that workloads
+ receive when jobs have the name of this class in their workloadPriorityClass label.
+ Changing the value of workloadPriorityClass doesn't affect the priority of workloads that were already created.
+ format: int32
+ type: integer
+ required:
+ - value
+ type: object
+ served: true
+ storage: true
+ subresources: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+ controller-gen.kubebuilder.io/version: v0.16.5
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: workloads.kueue.x-k8s.io
+spec:
+ group: kueue.x-k8s.io
+ names:
+ kind: Workload
+ listKind: WorkloadList
+ plural: workloads
+ shortNames:
+ - wl
+ singular: workload
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Name of the queue this workload was submitted to
+ jsonPath: .spec.queueName
+ name: Queue
+ type: string
+ - description: Name of the ClusterQueue where the workload is reserving quota
+ jsonPath: .status.admission.clusterQueue
+ name: Reserved in
+ type: string
+ - description: Admission status
+ jsonPath: .status.conditions[?(@.type=='Admitted')].status
+ name: Admitted
+ type: string
+ - description: Workload finished
+ jsonPath: .status.conditions[?(@.type=='Finished')].status
+ name: Finished
+ type: string
+ - description: Time this workload was created
+ jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: Workload is the Schema for the workloads API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: WorkloadSpec defines the desired state of Workload
+ properties:
+ active:
+ default: true
+ description: |-
+ Active determines if a workload can be admitted into a queue.
+ Changing active from true to false will evict any running workloads.
+ Possible values are:
+
+ - false: indicates that a workload should never be admitted and evicts running workloads
+ - true: indicates that a workload can be evaluated for admission into it's respective queue.
+
+ Defaults to true
+ type: boolean
+ maximumExecutionTimeSeconds:
+ description: |-
+ maximumExecutionTimeSeconds if provided, determines the maximum time, in seconds,
+ the workload can be admitted before it's automatically deactivated.
+
+ If unspecified, no execution time limit is enforced on the Workload.
+ format: int32
+ minimum: 1
+ type: integer
+ podSets:
+ description: |-
+ podSets is a list of sets of homogeneous pods, each described by a Pod spec
+ and a count.
+ There must be at least one element and at most 8.
+ podSets cannot be changed.
+ items:
+ properties:
+ count:
+ default: 1
+ description: count is the number of pods for the spec.
+ format: int32
+ minimum: 0
+ type: integer
+ minCount:
+ description: |-
+ minCount is the minimum number of pods for the spec acceptable
+ if the workload supports partial admission.
+
+ If not provided, partial admission for the current PodSet is not
+ enabled.
+
+ Only one podSet within the workload can use this.
+
+ This is an alpha field and requires enabling PartialAdmission feature gate.
+ format: int32
+ minimum: 1
+ type: integer
+ name:
+ default: main
+ description: name is the PodSet name.
+ maxLength: 63
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ template:
+ description: |-
+ template is the Pod template.
+
+ The only allowed fields in template.metadata are labels and annotations.
+
+ If requests are omitted for a container or initContainer,
+ they default to the limits if they are explicitly specified for the
+ container or initContainer.
+
+ During admission, the rules in nodeSelector and
+ nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution that match
+ the keys in the nodeLabels from the ResourceFlavors considered for this
+ Workload are used to filter the ResourceFlavors that can be assigned to
+ this podSet.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the pod.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ activeDeadlineSeconds:
+ description: |-
+ Optional duration in seconds the pod may be active on the node relative to
+ StartTime before the system will actively try to mark it failed and kill associated containers.
+ Value must be a positive integer.
+ format: int64
+ type: integer
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling
+ rules for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector
+ requirements by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector
+ requirements by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector
+ requirements by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector
+ requirements by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added
+ per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity
+ term, associated with the corresponding
+ weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same
+ node, zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added
+ per-node to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity
+ term, associated with the corresponding
+ weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates
+ whether a service account token should be automatically
+ mounted.
+ type: boolean
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ items:
+ description: A single application container that you
+ want to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if value
+ is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source
+ of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be
+ a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the pod
+ IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the pod
+ IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a
+ custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a
+ custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default value is Default which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label
+ that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label
+ that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label
+ that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label
+ that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is
+ the name of the GMSA credential spec
+ to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a
+ custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will
+ be mapped to.
+ type: string
+ name:
+ description: name must match the name of
+ a persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
+ type: string
+ name:
+ description: This must match the Name of
+ a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ dnsConfig:
+ description: |-
+ Specifies the DNS parameters of a pod.
+ Parameters specified here will be merged to the generated DNS
+ configuration based on DNSPolicy.
+ properties:
+ nameservers:
+ description: |-
+ A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated from DNSPolicy.
+ Duplicated nameservers will be removed.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ options:
+ description: |-
+ A list of DNS resolver options.
+ This will be merged with the base options generated from DNSPolicy.
+ Duplicated entries will be removed. Resolution options given in Options
+ will override those that appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver
+ options of a pod.
+ properties:
+ name:
+ description: Required.
+ type: string
+ value:
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ searches:
+ description: |-
+ A list of DNS search domains for host-name lookup.
+ This will be appended to the base search paths generated from DNSPolicy.
+ Duplicated search paths will be removed.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ dnsPolicy:
+ description: |-
+ Set DNS policy for the pod.
+ Defaults to "ClusterFirst".
+ Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+ DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
+ To have DNS options set along with hostNetwork, you have to specify DNS policy
+ explicitly to 'ClusterFirstWithHostNet'.
+ type: string
+ enableServiceLinks:
+ description: |-
+ EnableServiceLinks indicates whether information about services should be injected into pod's
+ environment variables, matching the syntax of Docker links.
+ Optional: Defaults to true.
+ type: boolean
+ ephemeralContainers:
+ description: |-
+ List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing
+ pod to perform user-initiated actions such as debugging. This list cannot be specified when
+ creating a pod, and it cannot be modified by updating the pod spec. In order to add an
+ ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+ items:
+ description: |-
+ An EphemeralContainer is a temporary container that you may add to an existing Pod for
+ user-initiated activities such as debugging. Ephemeral containers have no resource or
+ scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+ removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+ Pod to exceed its resource allocation.
+
+ To add an ephemeral container, use the ephemeralcontainers subresource of an existing
+ Pod. Ephemeral containers may not be removed or restarted.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if value
+ is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source
+ of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be
+ a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: Lifecycle is not allowed for ephemeral
+ containers.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the pod
+ IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the pod
+ IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a
+ custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the ephemeral container specified as a DNS_LABEL.
+ This name must be unique among all containers, init containers and ephemeral containers.
+ type: string
+ ports:
+ description: Ports are not allowed for ephemeral
+ containers.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a
+ custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
+ already allocated to the pod.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ Restart policy for the container to manage the restart behavior of each
+ container within a pod.
+ This may only be set for init containers. You cannot set this field on
+ ephemeral containers.
+ type: string
+ securityContext:
+ description: |-
+ Optional: SecurityContext defines the security options the ephemeral container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default value is Default which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label
+ that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label
+ that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label
+ that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label
+ that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is
+ the name of the GMSA credential spec
+ to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a
+ custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ targetContainerName:
+ description: |-
+ If set, the name of the container from PodSpec that this ephemeral container targets.
+ The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+ If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+ The container runtime must implement support for this feature. If the runtime does not
+ support namespace targeting then the result of setting this field is undefined.
+ type: string
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will
+ be mapped to.
+ type: string
+ name:
+ description: name must match the name of
+ a persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
+ type: string
+ name:
+ description: This must match the Name of
+ a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ hostAliases:
+ description: |-
+ HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+ file if specified.
+ items:
+ description: |-
+ HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+ pod's hosts file.
+ properties:
+ hostnames:
+ description: Hostnames for the above IP address.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ ip:
+ description: IP address of the host file entry.
+ type: string
+ required:
+ - ip
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - ip
+ x-kubernetes-list-type: map
+ hostIPC:
+ description: |-
+ Use the host's ipc namespace.
+ Optional: Default to false.
+ type: boolean
+ hostNetwork:
+ description: |-
+ Host networking requested for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ Default to false.
+ type: boolean
+ hostPID:
+ description: |-
+ Use the host's pid namespace.
+ Optional: Default to false.
+ type: boolean
+ hostUsers:
+ description: |-
+ Use the host's user namespace.
+ Optional: Default to true.
+ If set to true or not present, the pod will be run in the host user namespace, useful
+ for when the pod needs a feature only available to the host user namespace, such as
+ loading a kernel module with CAP_SYS_MODULE.
+ When set to false, a new userns is created for the pod. Setting false is useful for
+ mitigating container breakout vulnerabilities even allowing users to run their
+ containers as root without actually having root privileges on the host.
+ This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+ type: boolean
+ hostname:
+ description: |-
+ Specifies the hostname of the Pod
+ If not specified, the pod's hostname will be set to a system-defined value.
+ type: string
+ imagePullSecrets:
+ description: |-
+ ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+ If specified, these secrets will be passed to individual puller implementations for them to use.
+ More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ initContainers:
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ items:
+ description: A single application container that you
+ want to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment
+ variable's value. Cannot be used if value
+ is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ ConfigMap or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the
+ Secret or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source
+ of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be
+ a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the pod
+ IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action
+ to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set
+ in the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in
+ HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the
+ HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration
+ that the container should sleep before
+ being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number
+ of seconds to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name
+ to connect to, defaults to the pod
+ IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a
+ custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a
+ custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by this container. If set, this profile
+ overrides the pod's appArmorProfile.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default value is Default which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label
+ that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label
+ that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label
+ that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label
+ that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is
+ the name of the GMSA credential spec
+ to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ default: ""
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a
+ custom header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action
+ involving a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will
+ be mapped to.
+ type: string
+ name:
+ description: name must match the name of
+ a persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - devicePath
+ x-kubernetes-list-type: map
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+ (which defaults to None).
+ type: string
+ name:
+ description: This must match the Name of
+ a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ recursiveReadOnly:
+ description: |-
+ RecursiveReadOnly specifies whether read-only mounts should be handled
+ recursively.
+
+ If ReadOnly is false, this field has no meaning and must be unspecified.
+
+ If ReadOnly is true, and this field is set to Disabled, the mount is not made
+ recursively read-only. If this field is set to IfPossible, the mount is made
+ recursively read-only, if it is supported by the container runtime. If this
+ field is set to Enabled, the mount is made recursively read-only if it is
+ supported by the container runtime, otherwise the pod will not be started and
+ an error will be generated to indicate the reason.
+
+ If this field is set to IfPossible or Enabled, MountPropagation must be set to
+ None (or be unspecified, which defaults to None).
+
+ If this field is not specified, it is treated as an equivalent of Disabled.
+ type: string
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - mountPath
+ x-kubernetes-list-type: map
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ nodeName:
+ description: |-
+ NodeName indicates in which node this pod is scheduled.
+ If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName.
+ Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod.
+ This field should not be used to express a desire for the pod to be scheduled on a specific node.
+ https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ x-kubernetes-map-type: atomic
+ os:
+ description: |-
+ Specifies the OS of the containers in the pod.
+ Some pod and container fields are restricted if this is set.
+
+ If the OS field is set to linux, the following fields must be unset:
+ -securityContext.windowsOptions
+
+ If the OS field is set to windows, following fields must be unset:
+ - spec.hostPID
+ - spec.hostIPC
+ - spec.hostUsers
+ - spec.securityContext.appArmorProfile
+ - spec.securityContext.seLinuxOptions
+ - spec.securityContext.seccompProfile
+ - spec.securityContext.fsGroup
+ - spec.securityContext.fsGroupChangePolicy
+ - spec.securityContext.sysctls
+ - spec.shareProcessNamespace
+ - spec.securityContext.runAsUser
+ - spec.securityContext.runAsGroup
+ - spec.securityContext.supplementalGroups
+ - spec.securityContext.supplementalGroupsPolicy
+ - spec.containers[*].securityContext.appArmorProfile
+ - spec.containers[*].securityContext.seLinuxOptions
+ - spec.containers[*].securityContext.seccompProfile
+ - spec.containers[*].securityContext.capabilities
+ - spec.containers[*].securityContext.readOnlyRootFilesystem
+ - spec.containers[*].securityContext.privileged
+ - spec.containers[*].securityContext.allowPrivilegeEscalation
+ - spec.containers[*].securityContext.procMount
+ - spec.containers[*].securityContext.runAsUser
+ - spec.containers[*].securityContext.runAsGroup
+ properties:
+ name:
+ description: |-
+ Name is the name of the operating system. The currently supported values are linux and windows.
+ Additional value may be defined in future and can be one of:
+ https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+ Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+ type: string
+ required:
+ - name
+ type: object
+ overhead:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.
+ This field will be autopopulated at admission time by the RuntimeClass admission controller. If
+ the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.
+ The RuntimeClass admission controller will reject Pod create requests which have the overhead already
+ set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value
+ defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+ type: object
+ preemptionPolicy:
+ description: |-
+ PreemptionPolicy is the Policy for preempting pods with lower priority.
+ One of Never, PreemptLowerPriority.
+ Defaults to PreemptLowerPriority if unset.
+ type: string
+ priority:
+ description: |-
+ The priority value. Various system components use this field to find the
+ priority of the pod. When Priority Admission Controller is enabled, it
+ prevents users from setting this field. The admission controller populates
+ this field from PriorityClassName.
+ The higher the value, the higher the priority.
+ format: int32
+ type: integer
+ priorityClassName:
+ description: |-
+ If specified, indicates the pod's priority. "system-node-critical" and
+ "system-cluster-critical" are two special keywords which indicate the
+ highest priorities with the former being the highest priority. Any other
+ name must be defined by creating a PriorityClass object with that name.
+ If not specified, the pod priority will be default or zero if there is no
+ default.
+ type: string
+ readinessGates:
+ description: |-
+ If specified, all readiness gates will be evaluated for pod readiness.
+ A pod is ready when all its containers are ready AND
+ all conditions specified in the readiness gates have status equal to "True"
+ More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+ items:
+ description: PodReadinessGate contains the reference
+ to a pod condition
+ properties:
+ conditionType:
+ description: ConditionType refers to a condition
+ in the pod's condition list with matching type.
+ type: string
+ required:
+ - conditionType
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resourceClaims:
+ description: |-
+ ResourceClaims defines which ResourceClaims must be allocated
+ and reserved before the Pod is allowed to start. The resources
+ will be made available to those containers which consume them
+ by name.
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable.
+ items:
+ description: |-
+ PodResourceClaim references exactly one ResourceClaim, either directly
+ or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim
+ for the pod.
+
+ It adds a name to it that uniquely identifies the ResourceClaim inside the Pod.
+ Containers that need access to the ResourceClaim reference it with this name.
+ properties:
+ name:
+ description: |-
+ Name uniquely identifies this resource claim inside the pod.
+ This must be a DNS_LABEL.
+ type: string
+ resourceClaimName:
+ description: |-
+ ResourceClaimName is the name of a ResourceClaim object in the same
+ namespace as this pod.
+
+ Exactly one of ResourceClaimName and ResourceClaimTemplateName must
+ be set.
+ type: string
+ resourceClaimTemplateName:
+ description: |-
+ ResourceClaimTemplateName is the name of a ResourceClaimTemplate
+ object in the same namespace as this pod.
+
+ The template will be used to create a new ResourceClaim, which will
+ be bound to this pod. When this pod is deleted, the ResourceClaim
+ will also be deleted. The pod name and resource name, along with a
+ generated component, will be used to form a unique name for the
+ ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.
+
+ This field is immutable and no changes will be made to the
+ corresponding ResourceClaim by the control plane after creating the
+ ResourceClaim.
+
+ Exactly one of ResourceClaimName and ResourceClaimTemplateName must
+ be set.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ restartPolicy:
+ description: |-
+ Restart policy for all containers within the pod.
+ One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.
+ Default to Always.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+ type: string
+ runtimeClassName:
+ description: |-
+ RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+ to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.
+ If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an
+ empty definition that uses the default runtime handler.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+ type: string
+ schedulerName:
+ description: |-
+ If specified, the pod will be dispatched by specified scheduler.
+ If not specified, the pod will be dispatched by default scheduler.
+ type: string
+ schedulingGates:
+ description: |-
+ SchedulingGates is an opaque list of values that if specified will block scheduling the pod.
+ If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the
+ scheduler will not attempt to schedule the pod.
+
+ SchedulingGates can only be set at pod creation time, and be removed only afterwards.
+ items:
+ description: PodSchedulingGate is associated to a
+ Pod to guard its scheduling.
+ properties:
+ name:
+ description: |-
+ Name of the scheduling gate.
+ Each scheduling gate must have a unique name field.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ securityContext:
+ description: |-
+ SecurityContext holds pod-level security attributes and common container settings.
+ Optional: Defaults to empty. See type description for default values of each field.
+ properties:
+ appArmorProfile:
+ description: |-
+ appArmorProfile is the AppArmor options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile loaded on the node that should be used.
+ The profile must be preconfigured on the node to work.
+ Must match the loaded name of the profile.
+ Must be set if and only if type is "Localhost".
+ type: string
+ type:
+ description: |-
+ type indicates which kind of AppArmor profile will be applied.
+ Valid options are:
+ Localhost - a profile pre-loaded on the node.
+ RuntimeDefault - the container runtime's default profile.
+ Unconfined - no AppArmor enforcement.
+ type: string
+ required:
+ - type
+ type: object
+ fsGroup:
+ description: |-
+ A special supplemental group that applies to all containers in a pod.
+ Some volume types allow the Kubelet to change the ownership of that volume
+ to be owned by the pod:
+
+ 1. The owning GID will be the FSGroup
+ 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw----
+
+ If unset, the Kubelet will not modify the ownership and permissions of any volume.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: |-
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will only apply to
+ volume types which support fsGroup based ownership(and permissions).
+ It will have no effect on ephemeral volume types such as: secret, configmaps
+ and emptydir.
+ Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in SecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence
+ for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to all containers.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If set in
+ both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by the containers in this pod.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: |-
+ A list of groups applied to the first process run in each container, in
+ addition to the container's primary GID and fsGroup (if specified). If
+ the SupplementalGroupsPolicy feature is enabled, the
+ supplementalGroupsPolicy field determines whether these are in addition
+ to or instead of any group memberships defined in the container image.
+ If unspecified, no additional groups are added, though group memberships
+ defined in the container image may still be used, depending on the
+ supplementalGroupsPolicy field.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ x-kubernetes-list-type: atomic
+ supplementalGroupsPolicy:
+ description: |-
+ Defines how supplemental groups of the first container processes are calculated.
+ Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
+ (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
+ and the container runtime must implement support for this feature.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ sysctls:
+ description: |-
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+ sysctls (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name is windows.
+ items:
+ description: Sysctl defines a kernel parameter
+ to be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options within a container's SecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccount:
+ description: |-
+ DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.
+ Deprecated: Use serviceAccountName instead.
+ type: string
+ serviceAccountName:
+ description: |-
+ ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ type: string
+ setHostnameAsFQDN:
+ description: |-
+ If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+ In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).
+ In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN.
+ If a pod does not have FQDN, this has no effect.
+ Default to false.
+ type: boolean
+ shareProcessNamespace:
+ description: |-
+ Share a single process namespace between all of the containers in a pod.
+ When this is set containers will be able to view and signal processes from other containers
+ in the same pod, and the first process in each container will not be assigned PID 1.
+ HostPID and ShareProcessNamespace cannot both be set.
+ Optional: Default to false.
+ type: boolean
+ subdomain:
+ description: |-
+ If specified, the fully qualified Pod hostname will be "...svc.".
+ If not specified, the pod will not have a domainname at all.
+ type: string
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ If this value is nil, the default grace period will be used instead.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ Defaults to 30 seconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ topologySpreadConstraints:
+ description: |-
+ TopologySpreadConstraints describes how a group of pods ought to spread across topology
+ domains. Scheduler will schedule pods in a way which abides by the constraints.
+ All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how
+ to spread matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: |-
+ LabelSelector is used to find matching pods.
+ Pods that match this label selector are counted to determine the number of pods
+ in their corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of
+ label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select the pods over which
+ spreading will be calculated. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are ANDed with labelSelector
+ to select the group of existing pods over which spreading will be calculated
+ for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+ MatchLabelKeys cannot be set when LabelSelector isn't set.
+ Keys that don't exist in the incoming pod labels will
+ be ignored. A null or empty list means only match against labelSelector.
+
+ This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: |-
+ MaxSkew describes the degree to which pods may be unevenly distributed.
+ When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+ between the number of matching pods in the target topology and the global minimum.
+ The global minimum is the minimum number of matching pods in an eligible domain
+ or zero if the number of eligible domains is less than MinDomains.
+ For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+ labelSelector spread as 2/2/1:
+ In this case, the global minimum is 1.
+ | zone1 | zone2 | zone3 |
+ | P P | P P | P |
+ - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
+ scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
+ violate MaxSkew(1).
+ - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
+ When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
+ to topologies that satisfy it.
+ It's a required field. Default value is 1 and 0 is not allowed.
+ format: int32
+ type: integer
+ minDomains:
+ description: |-
+ MinDomains indicates a minimum number of eligible domains.
+ When the number of eligible domains with matching topology keys is less than minDomains,
+ Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+ And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+ this value has no effect on scheduling.
+ As a result, when the number of eligible domains is less than minDomains,
+ scheduler won't schedule more than maxSkew Pods to those domains.
+ If value is nil, the constraint behaves as if MinDomains is equal to 1.
+ Valid values are integers greater than 0.
+ When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
+
+ For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
+ labelSelector spread as 2/2/2:
+ | zone1 | zone2 | zone3 |
+ | P P | P P | P P |
+ The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
+ In this situation, new pod with the same labelSelector cannot be scheduled,
+ because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
+ it will violate MaxSkew.
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: |-
+ NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+ when calculating pod topology spread skew. Options are:
+ - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+ - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+ If this value is nil, the behavior is equivalent to the Honor policy.
+ This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ type: string
+ nodeTaintsPolicy:
+ description: |-
+ NodeTaintsPolicy indicates how we will treat node taints when calculating
+ pod topology spread skew. Options are:
+ - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+ has a toleration, are included.
+ - Ignore: node taints are ignored. All nodes are included.
+
+ If this value is nil, the behavior is equivalent to the Ignore policy.
+ This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ type: string
+ topologyKey:
+ description: |-
+ TopologyKey is the key of node labels. Nodes that have a label with this key
+ and identical values are considered to be in the same topology.
+ We consider each as a "bucket", and try to put balanced number
+ of pods into each bucket.
+ We define a domain as a particular instance of a topology.
+ Also, we define an eligible domain as a domain whose nodes meet the requirements of
+ nodeAffinityPolicy and nodeTaintsPolicy.
+ e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
+ And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
+ It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: |-
+ WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+ the spread constraint.
+ - DoNotSchedule (default) tells the scheduler not to schedule it.
+ - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+ but giving higher precedence to topologies that would help reduce the
+ skew.
+ A constraint is considered "Unsatisfiable" for an incoming pod
+ if and only if every possible node assignment for that pod would violate
+ "MaxSkew" on some topology.
+ For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+ labelSelector spread as 3/1/1:
+ | zone1 | zone2 | zone3 |
+ | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
+ to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
+ MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
+ won't make it *more* imbalanced.
+ It's a required field.
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ items:
+ description: Volume represents a named volume in a
+ pod that may be accessed by any container in the
+ pod.
+ properties:
+ awsElasticBlockStore:
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: boolean
+ volumeID:
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data
+ Disk mount on the host and bind mount to the
+ pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching
+ mode: None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data
+ disk in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk
+ in the blob storage
+ type: string
+ fsType:
+ default: ext4
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared:
+ multiple blob disks per storage account Dedicated:
+ single blob disk per storage account Managed:
+ azure managed data disk (only in managed
+ availability set). defaults to shared'
+ type: string
+ readOnly:
+ default: false
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File
+ Service mount on the host and bind mount to
+ the pod.
+ properties:
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret
+ that contains Azure Storage Account Name
+ and Key
+ type: string
+ shareName:
+ description: shareName is the azure share
+ Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount
+ on the host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ path:
+ description: 'path is Optional: Used as the
+ mounted root, rather than the full Ceph
+ tree, default is /'
+ type: string
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: boolean
+ secretFile:
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ secretRef:
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap
+ that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: optional specify whether the
+ ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface)
+ represents ephemeral storage that is handled
+ by certain external CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API
+ about the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API
+ volume file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name, namespace and uid are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file to
+ be created. Must not be absolute or
+ contain the ''..'' path. Must be utf-8
+ encoded. The first item of the relative
+ path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env
+ vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ emptyDir:
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ properties:
+ medium:
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+
+ Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
+ properties:
+ volumeClaimTemplate:
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `-` where
+ `` is the name from the `PodSpec.Volumes` array
+ entry. Pod validation will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+
+ An existing PVC with that name that is not owned by the pod
+ will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to updated with an
+ owner reference to the pod once the pod exists. Normally
+ this should not be necessary, but it may be useful when
+ manually reconstructing a broken cluster.
+
+ This field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+
+ Required, must not be nil.
+ properties:
+ metadata:
+ description: |-
+ May contain labels and annotations that will be copied into the PVC
+ when creating it. No other fields are allowed and will be rejected during
+ validation.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: |-
+ The specification for the PersistentVolumeClaim. The entire content is
+ copied unchanged into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type
+ of resource being referenced
+ type: string
+ name:
+ description: Name is the name
+ of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type
+ of resource being referenced
+ type: string
+ name:
+ description: Name is the name
+ of resource being referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query
+ over volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+ (Beta) Using this field requires the VolumeAttributesClass feature gate to be enabled (off by default).
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding
+ reference to the PersistentVolume
+ backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine
+ and then exposed to the pod.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun
+ number'
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ wwids:
+ description: |-
+ wwids Optional: FC volume world wide identifiers (wwids)
+ Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ flexVolume:
+ description: |-
+ flexVolume represents a generic volume resource that is
+ provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver
+ to use for this volume.
+ type: string
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field
+ holds extra command options if any.'
+ type: object
+ readOnly:
+ description: |-
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is Optional: secretRef is reference to the secret object containing
+ sensitive information to pass to the plugin scripts. This may be
+ empty if no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed to the plugin
+ scripts.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume
+ attached to a kubelet's host machine. This depends
+ on the Flocker control service being running
+ properties:
+ datasetName:
+ description: |-
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+ should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the
+ dataset. This is unique identifier of a
+ Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: |-
+ gcePersistentDisk represents a GCE Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ format: int32
+ type: integer
+ pdName:
+ description: |-
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: |-
+ gitRepo represents a git repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ into the Pod's container.
+ properties:
+ directory:
+ description: |-
+ directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
+ git repository. Otherwise, if specified, the volume will contain the git repository in
+ the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for
+ the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: |-
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ properties:
+ endpoints:
+ description: |-
+ endpoints is the endpoint name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ path:
+ description: |-
+ path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: |-
+ hostPath represents a pre-existing file or directory on the host
+ machine that is directly exposed to the container. This is generally
+ used for system agents or other privileged things that are allowed
+ to see the host machine. Most containers will NOT need this.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ properties:
+ path:
+ description: |-
+ path of the directory on the host.
+ If the path is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ type:
+ description: |-
+ type for HostPath Volume
+ Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ required:
+ - path
+ type: object
+ image:
+ description: |-
+ image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine.
+ The volume is resolved at pod startup depending on which PullPolicy value is provided:
+
+ - Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+ - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+ - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+
+ The volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation.
+ A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message.
+ The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field.
+ The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images.
+ The volume will be mounted read-only (ro) and non-executable files (noexec).
+ Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath).
+ The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.
+ properties:
+ pullPolicy:
+ description: |-
+ Policy for pulling OCI objects. Possible values are:
+ Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails.
+ Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present.
+ IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ type: string
+ reference:
+ description: |-
+ Required: Image or artifact reference to be used.
+ Behaves in the same way as pod.spec.containers[*].image.
+ Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ type: object
+ iscsi:
+ description: |-
+ iscsi represents an ISCSI Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether
+ support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether
+ support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ type: string
+ initiatorName:
+ description: |-
+ initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+ : will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified
+ Name.
+ type: string
+ iscsiInterface:
+ default: default
+ description: |-
+ iscsiInterface is the interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun
+ number.
+ format: int32
+ type: integer
+ portals:
+ description: |-
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret
+ for iSCSI target and initiator authentication
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: |-
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ nfs:
+ description: |-
+ nfs represents an NFS mount on the host that shares a pod's lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ properties:
+ path:
+ description: |-
+ path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the NFS export to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: boolean
+ server:
+ description: |-
+ server is the hostname or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: |-
+ persistentVolumeClaimVolumeSource represents a reference to a
+ PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ claimName:
+ description: |-
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ type: string
+ readOnly:
+ description: |-
+ readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a
+ PhotonController persistent disk attached and
+ mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies
+ Photon Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx
+ volume attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: |-
+ fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies
+ a Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: |-
+ sources is the list of volume projections. Each entry in this list
+ handles one source.
+ items:
+ description: |-
+ Projection that may be projected along with other supported volume types.
+ Exactly one of these fields must be set.
+ properties:
+ clusterTrustBundle:
+ description: |-
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+ of ClusterTrustBundle objects in an auto-updating file.
+
+ Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+ ClusterTrustBundle objects can either be selected by name, or by the
+ combination of signer name and a label selector.
+
+ Kubelet performs aggressive normalization of the PEM contents written
+ into the pod filesystem. Esoteric PEM features such as inter-block
+ comments and block headers are stripped. Certificates are deduplicated.
+ The ordering of certificates within the file is arbitrary, and Kubelet
+ may change the order over time.
+ properties:
+ labelSelector:
+ description: |-
+ Select all ClusterTrustBundles that match this label selector. Only has
+ effect if signerName is set. Mutually-exclusive with name. If unset,
+ interpreted as "match nothing". If set but empty, interpreted as "match
+ everything".
+ properties:
+ matchExpressions:
+ description: matchExpressions
+ is a list of label selector
+ requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the
+ label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ name:
+ description: |-
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
+ with signerName and labelSelector.
+ type: string
+ optional:
+ description: |-
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+ aren't available. If using name, then the named ClusterTrustBundle is
+ allowed not to exist. If using signerName, then the combination of
+ signerName and labelSelector is allowed to match zero
+ ClusterTrustBundles.
+ type: boolean
+ path:
+ description: Relative path from
+ the volume root to write the bundle.
+ type: string
+ signerName:
+ description: |-
+ Select all ClusterTrustBundles that match this signer name.
+ Mutually-exclusive with name. The contents of all selected
+ ClusterTrustBundles will be unified and deduplicated.
+ type: string
+ required:
+ - path
+ type: object
+ configMap:
+ description: configMap information about
+ the configMap data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key
+ to a path within a volume.
+ properties:
+ key:
+ description: key is the key
+ to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information
+ about the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of
+ DownwardAPIVolume file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information to create
+ the file containing the pod
+ field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only
+ annotations, labels, name,
+ namespace and uid are supported.'
+ properties:
+ apiVersion:
+ description: Version of
+ the schema the FieldPath
+ is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the
+ field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path
+ is the relative path name
+ of the file to be created.
+ Must not be absolute or
+ contain the ''..'' path.
+ Must be utf-8 encoded. The
+ first item of the relative
+ path must not start with
+ ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container
+ name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies
+ the output format of
+ the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required:
+ resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ secret:
+ description: secret information about
+ the secret data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key
+ to a path within a volume.
+ properties:
+ key:
+ description: key is the key
+ to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: optional field specify
+ whether the Secret or its key
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is
+ information about the serviceAccountToken
+ data to project
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount
+ on the host that shares a pod's lifetime
+ properties:
+ group:
+ description: |-
+ group to map volume access to
+ Default is no group
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: |-
+ registry represents a single or multiple Quobyte Registry services
+ specified as a string as host:port pair (multiple entries are separated with commas)
+ which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: |-
+ tenant owning the given Quobyte volume in the Backend
+ Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: |-
+ user to map volume access to
+ Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: |-
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ type: string
+ image:
+ description: |-
+ image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ keyring:
+ default: /etc/ceph/keyring
+ description: |-
+ keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ monitors:
+ description: |-
+ monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ pool:
+ default: rbd
+ description: |-
+ pool is the rados pool name.
+ Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is name of the authentication secret for RBDUser. If provided
+ overrides keyring.
+ Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ default: admin
+ description: |-
+ user is the rados user name.
+ Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ default: xfs
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs".
+ Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of
+ the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name
+ of the ScaleIO Protection Domain for the
+ configured storage.
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef references to the secret for ScaleIO user and other
+ sensitive information. If this is not provided, Login operation will fail.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable
+ SSL communication with Gateway, default
+ false
+ type: boolean
+ storageMode:
+ default: ThinProvisioned
+ description: |-
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage
+ system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: |-
+ volumeName is the name of a volume already created in the ScaleIO system
+ that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path
+ within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ optional:
+ description: optional field specify whether
+ the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef specifies the secret to use for obtaining the StorageOS API
+ credentials. If not specified, default values will be attempted.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: |-
+ volumeName is the human-readable name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: |-
+ volumeNamespace specifies the scope of the volume within StorageOS. If no
+ namespace is specified then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces within StorageOS.
+ Namespaces that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere
+ volume attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage
+ Policy Based Management (SPBM) profile ID
+ associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage
+ Policy Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - containers
+ type: object
+ type: object
+ topologyRequest:
+ description: topologyRequest defines the topology request for
+ the PodSet.
+ properties:
+ preferred:
+ description: |-
+ preferred indicates the topology level preferred by the PodSet, as
+ indicated by the `kueue.x-k8s.io/podset-preferred-topology` PodSet
+ annotation.
+ type: string
+ required:
+ description: |-
+ required indicates the topology level required by the PodSet, as
+ indicated by the `kueue.x-k8s.io/podset-required-topology` PodSet
+ annotation.
+ type: string
+ type: object
+ required:
+ - count
+ - template
+ type: object
+ x-kubernetes-validations:
+ - message: minCount should be positive and less or equal to count
+ rule: 'has(self.minCount) ? self.minCount <= self.count : true'
+ maxItems: 8
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ priority:
+ description: |-
+ Priority determines the order of access to the resources managed by the
+ ClusterQueue where the workload is queued.
+ The priority value is populated from PriorityClassName.
+ The higher the value, the higher the priority.
+ If priorityClassName is specified, priority must not be null.
+ format: int32
+ type: integer
+ priorityClassName:
+ description: |-
+ If specified, indicates the workload's priority.
+ "system-node-critical" and "system-cluster-critical" are two special
+ keywords which indicate the highest priorities with the former being
+ the highest priority. Any other name must be defined by creating a
+ PriorityClass object with that name. If not specified, the workload
+ priority will be default or zero if there is no default.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ priorityClassSource:
+ default: ""
+ description: |-
+ priorityClassSource determines whether the priorityClass field refers to a pod PriorityClass or kueue.x-k8s.io/workloadpriorityclass.
+ Workload's PriorityClass can accept the name of a pod priorityClass or a workloadPriorityClass.
+ When using pod PriorityClass, a priorityClassSource field has the scheduling.k8s.io/priorityclass value.
+ enum:
+ - kueue.x-k8s.io/workloadpriorityclass
+ - scheduling.k8s.io/priorityclass
+ - ""
+ type: string
+ queueName:
+ description: |-
+ queueName is the name of the LocalQueue the Workload is associated with.
+ queueName cannot be changed while .status.admission is not null.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ required:
+ - podSets
+ type: object
+ x-kubernetes-validations:
+ - message: priority should not be nil when priorityClassName is set
+ rule: 'has(self.priorityClassName) ? has(self.priority) : true'
+ status:
+ description: WorkloadStatus defines the observed state of Workload
+ properties:
+ accumulatedPastExexcutionTimeSeconds:
+ description: |-
+ accumulatedPastExexcutionTimeSeconds holds the total time, in seconds, the workload spent
+ in Admitted state, in the previous `Admit` - `Evict` cycles.
+ format: int32
+ type: integer
+ admission:
+ description: |-
+ admission holds the parameters of the admission of the workload by a
+ ClusterQueue. admission can be set back to null, but its fields cannot be
+ changed once set.
+ properties:
+ clusterQueue:
+ description: clusterQueue is the name of the ClusterQueue that
+ admitted this workload.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ podSetAssignments:
+ description: PodSetAssignments hold the admission results for
+ each of the .spec.podSets entries.
+ items:
+ properties:
+ count:
+ description: |-
+ count is the number of pods taken into account at admission time.
+ This field will not change in case of quota reclaim.
+ Value could be missing for Workloads created before this field was added,
+ in that case spec.podSets[*].count value will be used.
+ format: int32
+ minimum: 0
+ type: integer
+ flavors:
+ additionalProperties:
+ description: ResourceFlavorReference is the name of the
+ ResourceFlavor.
+ maxLength: 253
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ description: Flavors are the flavors assigned to the workload
+ for each resource.
+ type: object
+ name:
+ default: main
+ description: Name is the name of the podSet. It should match
+ one of the names in .spec.podSets.
+ maxLength: 63
+ pattern: ^(?i)[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ resourceUsage:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ resourceUsage keeps track of the total resources all the pods in the podset need to run.
+
+ Beside what is provided in podSet's specs, this calculation takes into account
+ the LimitRange defaults and RuntimeClass overheads at the moment of admission.
+ This field will not change in case of quota reclaim.
+ type: object
+ topologyAssignment:
+ description: |-
+ topologyAssignment indicates the topology assignment divided into
+ topology domains corresponding to the lowest level of the topology.
+ The assignment specifies the number of Pods to be scheduled per topology
+ domain and specifies the node selectors for each topology domain, in the
+ following way: the node selector keys are specified by the levels field
+ (same for all domains), and the corresponding node selector value is
+ specified by the domains.values subfield.
+
+ Example:
+
+ topologyAssignment:
+ levels:
+ - cloud.provider.com/topology-block
+ - cloud.provider.com/topology-rack
+ domains:
+ - values: [block-1, rack-1]
+ count: 4
+ - values: [block-1, rack-2]
+ count: 2
+
+ Here:
+ - 4 Pods are to be scheduled on nodes matching the node selector:
+ cloud.provider.com/topology-block: block-1
+ cloud.provider.com/topology-rack: rack-1
+ - 2 Pods are to be scheduled on nodes matching the node selector:
+ cloud.provider.com/topology-block: block-1
+ cloud.provider.com/topology-rack: rack-2
+ properties:
+ domains:
+ description: |-
+ domains is a list of topology assignments split by topology domains at
+ the lowest level of the topology.
+ items:
+ properties:
+ count:
+ description: |-
+ count indicates the number of Pods to be scheduled in the topology
+ domain indicated by the values field.
+ format: int32
+ minimum: 1
+ type: integer
+ values:
+ description: |-
+ values is an ordered list of node selector values describing a topology
+ domain. The values correspond to the consecutive topology levels, from
+ the highest to the lowest.
+ items:
+ type: string
+ maxItems: 8
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - count
+ - values
+ type: object
+ type: array
+ levels:
+ description: |-
+ levels is an ordered list of keys denoting the levels of the assigned
+ topology (i.e. node label keys), from the highest to the lowest level of
+ the topology.
+ items:
+ type: string
+ maxItems: 8
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - domains
+ - levels
+ type: object
+ required:
+ - name
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - clusterQueue
+ - podSetAssignments
+ type: object
+ admissionChecks:
+ description: admissionChecks list all the admission checks required
+ by the workload and the current status
+ items:
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ name:
+ description: name identifies the admission check.
+ maxLength: 316
+ type: string
+ podSetUpdates:
+ items:
+ description: |-
+ PodSetUpdate contains a list of pod set modifications suggested by AdmissionChecks.
+ The modifications should be additive only - modifications of already existing keys
+ or having the same key provided by multiple AdmissionChecks is not allowed and will
+ result in failure during workload admission.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ description: Name of the PodSet to modify. Should match
+ to one of the Workload's PodSets.
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ type: object
+ tolerations:
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-validations:
+ - message: operator must be Exists when 'key' is empty,
+ which means 'match all values and all keys'
+ rule: 'self.all(x, !has(x.key) ? x.operator == ''Exists''
+ : true)'
+ - message: effect must be 'NoExecute' when 'tolerationSeconds'
+ is set
+ rule: 'self.all(x, has(x.tolerationSeconds) ? x.effect
+ == ''NoExecute'' : true)'
+ - message: 'supported toleration values: ''Equal''(default),
+ ''Exists'''
+ rule: self.all(x, !has(x.operator) || x.operator in
+ ['Equal', 'Exists'])
+ - message: a value must be empty when 'operator' is 'Exists'
+ rule: 'self.all(x, has(x.operator) && x.operator ==
+ ''Exists'' ? !has(x.value) : true)'
+ - message: 'supported taint effect values: ''NoSchedule'',
+ ''PreferNoSchedule'', ''NoExecute'''
+ rule: self.all(x, !has(x.effect) || x.effect in ['NoSchedule',
+ 'PreferNoSchedule', 'NoExecute'])
+ required:
+ - name
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-type: atomic
+ state:
+ description: state of the admissionCheck, one of Pending, Ready,
+ Retry, Rejected
+ enum:
+ - Pending
+ - Ready
+ - Retry
+ - Rejected
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - name
+ - state
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ conditions:
+ description: |-
+ conditions hold the latest available observations of the Workload
+ current state.
+
+ The type of the condition could be:
+
+ - Admitted: the Workload was admitted through a ClusterQueue.
+ - Finished: the associated workload finished running (failed or succeeded).
+ - PodsReady: at least `.spec.podSets[*].count` Pods are ready or have
+ succeeded.
+ items:
+ description: Condition contains details for one aspect of the current
+ state of this API Resource.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: type of condition in CamelCase or in foo.example.com/CamelCase.
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ reclaimablePods:
+ description: |-
+ reclaimablePods keeps track of the number pods within a podset for which
+ the resource reservation is no longer needed.
+ items:
+ properties:
+ count:
+ description: count is the number of pods for which the requested
+ resources are no longer needed.
+ format: int32
+ minimum: 0
+ type: integer
+ name:
+ description: name is the PodSet name.
+ type: string
+ required:
+ - count
+ - name
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ requeueState:
+ description: |-
+ requeueState holds the re-queue state
+ when a workload meets Eviction with PodsReadyTimeout reason.
+ properties:
+ count:
+ description: |-
+ count records the number of times a workload has been re-queued
+ When a deactivated (`.spec.activate`=`false`) workload is reactivated (`.spec.activate`=`true`),
+ this count would be reset to null.
+ format: int32
+ minimum: 0
+ type: integer
+ requeueAt:
+ description: |-
+ requeueAt records the time when a workload will be re-queued.
+ When a deactivated (`.spec.activate`=`false`) workload is reactivated (`.spec.activate`=`true`),
+ this time would be reset to null.
+ format: date-time
+ type: string
+ type: object
+ resourceRequests:
+ description: |-
+ resourceRequests provides a detailed view of the resources that were
+ requested by a non-admitted workload when it was considered for admission.
+ If admission is non-null, resourceRequests will be empty because
+ admission.resourceUsage contains the detailed information.
+ items:
+ properties:
+ name:
+ default: main
+ description: name is the name of the podSet. It should match
+ one of the names in .spec.podSets.
+ maxLength: 63
+ pattern: ^(?i)[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ resources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ resources is the total resources all the pods in the podset need to run.
+
+ Beside what is provided in podSet's specs, this value also takes into account
+ the LimitRange defaults and RuntimeClass overheads at the moment of consideration
+ and the application of resource.excludeResourcePrefixes and resource.transformations.
+ type: object
+ required:
+ - name
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: podSetAssignments must have the same number of podSets as the spec
+ rule: 'has(self.status) && has(self.status.conditions) && self.status.conditions.exists(c,
+ c.type == ''QuotaReserved'' && c.status == ''True'') && has(self.status.admission)
+ ? size(self.spec.podSets) == size(self.status.admission.podSetAssignments)
+ : true'
+ - message: field is immutable
+ rule: '(has(oldSelf.status) && has(oldSelf.status.conditions) && oldSelf.status.conditions.exists(c,
+ c.type == ''QuotaReserved'' && c.status == ''True'')) ? (oldSelf.spec.priorityClassSource
+ == self.spec.priorityClassSource) : true'
+ - message: field is immutable
+ rule: '(has(oldSelf.status) && has(oldSelf.status.conditions) && oldSelf.status.conditions.exists(c,
+ c.type == ''QuotaReserved'' && c.status == ''True'') && has(oldSelf.spec.priorityClassName)
+ && has(self.spec.priorityClassName)) ? (oldSelf.spec.priorityClassName
+ == self.spec.priorityClassName) : true'
+ - message: field is immutable
+ rule: '(has(oldSelf.status) && has(oldSelf.status.conditions) && oldSelf.status.conditions.exists(c,
+ c.type == ''QuotaReserved'' && c.status == ''True'')) && (has(self.status)
+ && has(self.status.conditions) && self.status.conditions.exists(c, c.type
+ == ''QuotaReserved'' && c.status == ''True'')) && has(oldSelf.spec.queueName)
+ && has(self.spec.queueName) ? oldSelf.spec.queueName == self.spec.queueName
+ : true'
+ - message: maximumExecutionTimeSeconds is immutable while admitted
+ rule: ((has(oldSelf.status) && has(oldSelf.status.conditions) && oldSelf.status.conditions.exists(c,
+ c.type == 'Admitted' && c.status == 'True')) && (has(self.status) && has(self.status.conditions)
+ && self.status.conditions.exists(c, c.type == 'Admitted' && c.status ==
+ 'True')))?((has(oldSelf.spec.maximumExecutionTimeSeconds)?oldSelf.spec.maximumExecutionTimeSeconds:0)
+ == (has(self.spec.maximumExecutionTimeSeconds)?self.spec.maximumExecutionTimeSeconds:0)):true
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-controller-manager
+ namespace: kueue-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-leader-election-role
+ namespace: kueue-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-batch-admin-role
+---
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rbac.kueue.x-k8s.io/batch-user: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-batch-user-role
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ name: kueue-clusterqueue-editor-role
+rules:
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - clusterqueues
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - clusterqueues/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ name: kueue-clusterqueue-viewer-role
+rules:
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - clusterqueues
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - clusterqueues/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-job-editor-role
+rules:
+- apiGroups:
+ - batch
+ resources:
+ - jobs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch
+ resources:
+ - jobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-job-viewer-role
+rules:
+- apiGroups:
+ - batch
+ resources:
+ - jobs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - batch
+ resources:
+ - jobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-jobset-editor-role
+rules:
+- apiGroups:
+ - jobset.x-k8s.io
+ resources:
+ - jobsets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - jobset.x-k8s.io
+ resources:
+ - jobsets/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-jobset-viewer-role
+rules:
+- apiGroups:
+ - jobset.x-k8s.io
+ resources:
+ - jobsets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - jobset.x-k8s.io
+ resources:
+ - jobsets/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ name: kueue-localqueue-editor-role
+rules:
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - localqueues
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - localqueues/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-localqueue-viewer-role
+rules:
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - localqueues
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - localqueues/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - limitranges
+ - namespaces
+ - nodes
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods/finalizers
+ verbs:
+ - get
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods/status
+ verbs:
+ - get
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - podtemplates
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - mutatingwebhookconfigurations
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingadmissionpolicies
+ - validatingadmissionpolicybindings
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - autoscaling.x-k8s.io
+ resources:
+ - provisioningrequests
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - autoscaling.x-k8s.io
+ resources:
+ - provisioningrequests/status
+ verbs:
+ - get
+- apiGroups:
+ - batch
+ resources:
+ - jobs
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch
+ resources:
+ - jobs/finalizers
+ - jobs/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - flowcontrol.apiserver.k8s.io
+ resources:
+ - flowschemas
+ - prioritylevelconfigurations
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - flowcontrol.apiserver.k8s.io
+ resources:
+ - flowschemas/status
+ verbs:
+ - patch
+- apiGroups:
+ - jobset.x-k8s.io
+ resources:
+ - jobsets
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - jobset.x-k8s.io
+ resources:
+ - jobsets/finalizers
+ verbs:
+ - get
+ - update
+- apiGroups:
+ - jobset.x-k8s.io
+ resources:
+ - jobsets/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - mpijobs
+ - mxjobs
+ - paddlejobs
+ - pytorchjobs
+ - tfjobs
+ - xgboostjobs
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - mpijobs/finalizers
+ - mxjobs/finalizers
+ - mxjobs/status
+ - paddlejobs/finalizers
+ - pytorchjobs/finalizers
+ - tfjobs/finalizers
+ - xgboostjobs/finalizers
+ verbs:
+ - get
+ - update
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - mpijobs/status
+ - paddlejobs/status
+ - pytorchjobs/status
+ - tfjobs/status
+ - xgboostjobs/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - admissionchecks
+ - clusterqueues
+ - cohorts
+ - localqueues
+ - workloads
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - admissionchecks/finalizers
+ - clusterqueues/finalizers
+ - localqueues/finalizers
+ - resourceflavors/finalizers
+ - workloads/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - admissionchecks/status
+ - clusterqueues/status
+ - localqueues/status
+ - multikueueclusters/status
+ - workloads/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - multikueueclusters
+ - multikueueconfigs
+ - provisioningrequestconfigs
+ - topologies
+ - workloadpriorityclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - resourceflavors
+ verbs:
+ - delete
+ - get
+ - list
+ - update
+ - watch
+- apiGroups:
+ - node.k8s.io
+ resources:
+ - runtimeclasses
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ray.io
+ resources:
+ - rayclusters
+ - rayjobs
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ray.io
+ resources:
+ - rayclusters/finalizers
+ - rayclusters/status
+ - rayjobs/finalizers
+ - rayjobs/status
+ verbs:
+ - get
+ - update
+- apiGroups:
+ - scheduling.k8s.io
+ resources:
+ - priorityclasses
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-metrics-reader
+rules:
+- nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-mpijob-editor-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - mpijobs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - mpijobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-mpijob-viewer-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - mpijobs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - mpijobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-mxjob-editor-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - mxjobs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - mxjobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-mxjob-viewer-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - mxjobs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - mxjobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-paddlejob-editor-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - paddlejobs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - paddlejobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-paddlejob-viewer-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - paddlejobs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - paddlejobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ name: kueue-pending-workloads-cq-viewer-role
+rules:
+- apiGroups:
+ - visibility.kueue.x-k8s.io
+ resources:
+ - clusterqueues/pendingworkloads
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-pending-workloads-lq-viewer-role
+rules:
+- apiGroups:
+ - visibility.kueue.x-k8s.io
+ resources:
+ - localqueues/pendingworkloads
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-proxy-role
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-pytorchjob-editor-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - pytorchjobs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - pytorchjobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-pytorchjob-viewer-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - pytorchjobs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - pytorchjobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-raycluster-editor-role
+rules:
+- apiGroups:
+ - ray.io
+ resources:
+ - rayclusters
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ray.io
+ resources:
+ - rayclusters/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ name: kueue-raycluster-viewer-role
+rules:
+- apiGroups:
+ - ray.io
+ resources:
+ - rayclusters
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ray.io
+ resources:
+ - rayclusters/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-rayjob-editor-role
+rules:
+- apiGroups:
+ - ray.io
+ resources:
+ - rayjobs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ray.io
+ resources:
+ - rayjobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-rayjob-viewer-role
+rules:
+- apiGroups:
+ - ray.io
+ resources:
+ - rayjobs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ray.io
+ resources:
+ - rayjobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ name: kueue-resourceflavor-editor-role
+rules:
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - resourceflavors
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ name: kueue-resourceflavor-viewer-role
+rules:
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - resourceflavors
+ verbs:
+ - get
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-tfjob-editor-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - tfjobs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - tfjobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-tfjob-viewer-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - tfjobs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - tfjobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ name: kueue-workload-editor-role
+rules:
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - workloads
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - workloads/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-workload-viewer-role
+rules:
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - workloads
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kueue.x-k8s.io
+ resources:
+ - workloads/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-xgboostjob-editor-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - xgboostjobs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - xgboostjobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ rbac.kueue.x-k8s.io/batch-admin: "true"
+ rbac.kueue.x-k8s.io/batch-user: "true"
+ name: kueue-xgboostjob-viewer-role
+rules:
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - xgboostjobs
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - kubeflow.org
+ resources:
+ - xgboostjobs/status
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-visibility-server-auth-reader
+ namespace: kube-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: extension-apiserver-authentication-reader
+subjects:
+- kind: ServiceAccount
+ name: kueue-controller-manager
+ namespace: kueue-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-leader-election-rolebinding
+ namespace: kueue-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: kueue-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: kueue-controller-manager
+ namespace: kueue-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kueue-manager-role
+subjects:
+- kind: ServiceAccount
+ name: kueue-controller-manager
+ namespace: kueue-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: kueue-proxy-role
+subjects:
+- kind: ServiceAccount
+ name: kueue-controller-manager
+ namespace: kueue-system
+---
+apiVersion: v1
+data:
+ controller_manager_config.yaml: |
+ apiVersion: config.kueue.x-k8s.io/v1beta1
+ kind: Configuration
+ health:
+ healthProbeBindAddress: :8081
+ metrics:
+ bindAddress: :8080
+ # enableClusterQueueResources: true
+ webhook:
+ port: 9443
+ leaderElection:
+ leaderElect: true
+ resourceName: c1f6bfd2.kueue.x-k8s.io
+ controller:
+ groupKindConcurrency:
+ Job.batch: 5
+ Pod: 5
+ Workload.kueue.x-k8s.io: 5
+ LocalQueue.kueue.x-k8s.io: 1
+ Cohort.kueue.x-k8s.io: 1
+ ClusterQueue.kueue.x-k8s.io: 1
+ ResourceFlavor.kueue.x-k8s.io: 1
+ clientConnection:
+ qps: 50
+ burst: 100
+ #pprofBindAddress: :8083
+ #waitForPodsReady:
+ # enable: false
+ # timeout: 5m
+ # blockAdmission: false
+ # requeuingStrategy:
+ # timestamp: Eviction
+ # backoffLimitCount: null # null indicates infinite requeuing
+ # backoffBaseSeconds: 60
+ # backoffMaxSeconds: 3600
+ #manageJobsWithoutQueueName: true
+ #internalCertManagement:
+ # enable: false
+ # webhookServiceName: ""
+ # webhookSecretName: ""
+ integrations:
+ frameworks:
+ - "batch/job"
+ - "kubeflow.org/mpijob"
+ - "ray.io/rayjob"
+ - "ray.io/raycluster"
+ - "jobset.x-k8s.io/jobset"
+ - "kubeflow.org/mxjob"
+ - "kubeflow.org/paddlejob"
+ - "kubeflow.org/pytorchjob"
+ - "kubeflow.org/tfjob"
+ - "kubeflow.org/xgboostjob"
+ # - "pod"
+ # - "deployment" # requires enabling pod integration
+ # - "statefulset" # requires enabling pod integration
+ # externalFrameworks:
+ # - "Foo.v1.example.com"
+ # podOptions:
+ # namespaceSelector:
+ # matchExpressions:
+ # - key: kubernetes.io/metadata.name
+ # operator: NotIn
+ # values: [ kube-system, kueue-system ]
+ #fairSharing:
+ # enable: true
+ # preemptionStrategies: [LessThanOrEqualToFinalShare, LessThanInitialShare]
+ #resources:
+ # excludeResourcePrefixes: []
+ # transformations:
+ # - input: nvidia.com/mig-4g.5gb
+ # strategy: Replace | Retain
+ # outputs:
+ # example.com/accelerator-memory: 5Gi
+ # example.com/accelerator-gpc: 4
+kind: ConfigMap
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-manager-config
+ namespace: kueue-system
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-webhook-server-cert
+ namespace: kueue-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-controller-manager-metrics-service
+ namespace: kueue-system
+spec:
+ ports:
+ - name: https
+ port: 8443
+ protocol: TCP
+ targetPort: https
+ selector:
+ control-plane: controller-manager
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-visibility-server
+ namespace: kueue-system
+spec:
+ ports:
+ - name: https
+ port: 443
+ protocol: TCP
+ targetPort: 8082
+ selector:
+ control-plane: controller-manager
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-webhook-service
+ namespace: kueue-system
+spec:
+ ports:
+ - port: 443
+ protocol: TCP
+ targetPort: 9443
+ selector:
+ control-plane: controller-manager
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-controller-manager
+ namespace: kueue-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --config=/controller_manager_config.yaml
+ - --zap-log-level=2
+ - --feature-gates=TopologyAwareScheduling=true
+ command:
+ - /manager
+ image: registry.k8s.io/kueue/kueue:v0.9.1
+ imagePullPolicy: Always
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ ports:
+ - containerPort: 8082
+ name: visibility
+ protocol: TCP
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 500m
+ memory: 512Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ - mountPath: /controller_manager_config.yaml
+ name: manager-config
+ subPath: controller_manager_config.yaml
+ - args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=10
+ image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
+ name: kube-rbac-proxy
+ ports:
+ - containerPort: 8443
+ name: https
+ protocol: TCP
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: kueue-controller-manager
+ terminationGracePeriodSeconds: 10
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: kueue-webhook-server-cert
+ - configMap:
+ name: kueue-manager-config
+ name: manager-config
+ tolerations:
+ - effect: NoSchedule
+ key: components.gke.io/gke-managed-components
+ operator: Equal
+ value: "true"
+---
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: v1alpha1.visibility.kueue.x-k8s.io
+spec:
+ group: visibility.kueue.x-k8s.io
+ groupPriorityMinimum: 100
+ insecureSkipTLSVerify: true
+ service:
+ name: kueue-visibility-server
+ namespace: kueue-system
+ version: v1alpha1
+ versionPriority: 100
+---
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: v1beta1.visibility.kueue.x-k8s.io
+spec:
+ group: visibility.kueue.x-k8s.io
+ groupPriorityMinimum: 100
+ insecureSkipTLSVerify: true
+ service:
+ name: kueue-visibility-server
+ namespace: kueue-system
+ version: v1beta1
+ versionPriority: 100
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate--v1-pod
+ failurePolicy: Fail
+ name: mpod.kb.io
+ namespaceSelector:
+ matchExpressions:
+ - key: kubernetes.io/metadata.name
+ operator: NotIn
+ values:
+ - kube-system
+ - kueue-system
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - pods
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-apps-v1-deployment
+ failurePolicy: Fail
+ name: mdeployment.kb.io
+ namespaceSelector:
+ matchExpressions:
+ - key: kubernetes.io/metadata.name
+ operator: NotIn
+ values:
+ - kube-system
+ - kueue-system
+ rules:
+ - apiGroups:
+ - apps
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - deployments
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-batch-v1-job
+ failurePolicy: Fail
+ name: mjob.kb.io
+ rules:
+ - apiGroups:
+ - batch
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - jobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-jobset-x-k8s-io-v1alpha2-jobset
+ failurePolicy: Fail
+ name: mjobset.kb.io
+ rules:
+ - apiGroups:
+ - jobset.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ resources:
+ - jobsets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-kubeflow-org-v1-mxjob
+ failurePolicy: Fail
+ name: mmxjob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - mxjobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-kubeflow-org-v1-paddlejob
+ failurePolicy: Fail
+ name: mpaddlejob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - paddlejobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-kubeflow-org-v1-pytorchjob
+ failurePolicy: Fail
+ name: mpytorchjob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - pytorchjobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-kubeflow-org-v1-tfjob
+ failurePolicy: Fail
+ name: mtfjob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - tfjobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-kubeflow-org-v1-xgboostjob
+ failurePolicy: Fail
+ name: mxgboostjob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - xgboostjobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-kubeflow-org-v2beta1-mpijob
+ failurePolicy: Fail
+ name: mmpijob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v2beta1
+ operations:
+ - CREATE
+ resources:
+ - mpijobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-ray-io-v1-raycluster
+ failurePolicy: Fail
+ name: mraycluster.kb.io
+ rules:
+ - apiGroups:
+ - ray.io
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - rayclusters
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-ray-io-v1-rayjob
+ failurePolicy: Fail
+ name: mrayjob.kb.io
+ rules:
+ - apiGroups:
+ - ray.io
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - rayjobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-apps-v1-statefulset
+ failurePolicy: Fail
+ name: mstatefulset.kb.io
+ rules:
+ - apiGroups:
+ - apps
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ resources:
+ - statefulsets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-kueue-x-k8s-io-v1beta1-clusterqueue
+ failurePolicy: Fail
+ name: mclusterqueue.kb.io
+ rules:
+ - apiGroups:
+ - kueue.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ resources:
+ - clusterqueues
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-kueue-x-k8s-io-v1beta1-resourceflavor
+ failurePolicy: Fail
+ name: mresourceflavor.kb.io
+ rules:
+ - apiGroups:
+ - kueue.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ resources:
+ - resourceflavors
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /mutate-kueue-x-k8s-io-v1beta1-workload
+ failurePolicy: Fail
+ name: mworkload.kb.io
+ rules:
+ - apiGroups:
+ - kueue.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ resources:
+ - workloads
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ labels:
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/name: kueue
+ control-plane: controller-manager
+ name: kueue-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate--v1-pod
+ failurePolicy: Fail
+ name: vpod.kb.io
+ namespaceSelector:
+ matchExpressions:
+ - key: kubernetes.io/metadata.name
+ operator: NotIn
+ values:
+ - kube-system
+ - kueue-system
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - pods
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-apps-v1-deployment
+ failurePolicy: Fail
+ name: vdeployment.kb.io
+ namespaceSelector:
+ matchExpressions:
+ - key: kubernetes.io/metadata.name
+ operator: NotIn
+ values:
+ - kube-system
+ - kueue-system
+ rules:
+ - apiGroups:
+ - apps
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - deployments
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-batch-v1-job
+ failurePolicy: Fail
+ name: vjob.kb.io
+ rules:
+ - apiGroups:
+ - batch
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - jobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-jobset-x-k8s-io-v1alpha2-jobset
+ failurePolicy: Fail
+ name: vjobset.kb.io
+ rules:
+ - apiGroups:
+ - jobset.x-k8s.io
+ apiVersions:
+ - v1alpha2
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - jobsets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-kubeflow-org-v1-mxjob
+ failurePolicy: Fail
+ name: vmxjob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - mxjobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-kubeflow-org-v1-paddlejob
+ failurePolicy: Fail
+ name: vpaddlejob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - paddlejobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-kubeflow-org-v1-pytorchjob
+ failurePolicy: Fail
+ name: vpytorchjob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - pytorchjobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-kubeflow-org-v1-tfjob
+ failurePolicy: Fail
+ name: vtfjob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - tfjobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-kubeflow-org-v1-xgboostjob
+ failurePolicy: Fail
+ name: vxgboostjob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - xgboostjobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-kubeflow-org-v2beta1-mpijob
+ failurePolicy: Fail
+ name: vmpijob.kb.io
+ rules:
+ - apiGroups:
+ - kubeflow.org
+ apiVersions:
+ - v2beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - mpijobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-ray-io-v1-raycluster
+ failurePolicy: Fail
+ name: vraycluster.kb.io
+ rules:
+ - apiGroups:
+ - ray.io
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - rayclusters
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-ray-io-v1-rayjob
+ failurePolicy: Fail
+ name: vrayjob.kb.io
+ rules:
+ - apiGroups:
+ - ray.io
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - rayjobs
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-apps-v1-statefulset
+ failurePolicy: Fail
+ name: vstatefulset.kb.io
+ rules:
+ - apiGroups:
+ - apps
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - statefulsets
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-kueue-x-k8s-io-v1beta1-clusterqueue
+ failurePolicy: Fail
+ name: vclusterqueue.kb.io
+ rules:
+ - apiGroups:
+ - kueue.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - clusterqueues
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-kueue-x-k8s-io-v1alpha1-cohort
+ failurePolicy: Fail
+ name: vcohort.kb.io
+ rules:
+ - apiGroups:
+ - kueue.x-k8s.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - cohorts
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-kueue-x-k8s-io-v1beta1-resourceflavor
+ failurePolicy: Fail
+ name: vresourceflavor.kb.io
+ rules:
+ - apiGroups:
+ - kueue.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - resourceflavors
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: kueue-webhook-service
+ namespace: kueue-system
+ path: /validate-kueue-x-k8s-io-v1beta1-workload
+ failurePolicy: Fail
+ name: vworkload.kb.io
+ rules:
+ - apiGroups:
+ - kueue.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - workloads
+ - workloads/status
+ sideEffects: None
diff --git a/modules/management/kubectl-apply/variables.tf b/modules/management/kubectl-apply/variables.tf
index 5f78c81927..c493332e7c 100644
--- a/modules/management/kubectl-apply/variables.tf
+++ b/modules/management/kubectl-apply/variables.tf
@@ -15,14 +15,24 @@
*/
locals {
- supported_versions = ["v0.9.0", "v0.8.1"]
+ kueue_supported_versions = ["v0.9.1", "v0.9.0", "v0.8.1"]
+ jobset_supported_versions = ["v0.7.1", "v0.5.2"]
}
resource "terraform_data" "kueue_validations" {
lifecycle {
precondition {
- condition = !var.kueue.install || contains(local.supported_versions, var.kueue.version)
- error_message = "Supported version of Kueue are ${join(", ", local.supported_versions)}"
+ condition = !var.kueue.install || contains(local.kueue_supported_versions, var.kueue.version)
+ error_message = "Supported version of Kueue are ${join(", ", local.kueue_supported_versions)}"
+ }
+ }
+}
+
+resource "terraform_data" "jobset_validations" {
+ lifecycle {
+ precondition {
+ condition = !var.jobset.install || contains(local.jobset_supported_versions, var.jobset.version)
+ error_message = "Supported version of Jobset are ${join(", ", local.jobset_supported_versions)}"
}
}
}
@@ -60,7 +70,6 @@ variable "kueue" {
config_template_vars = optional(map(any), null)
})
default = {}
-
}
variable "jobset" {
@@ -70,9 +79,4 @@ variable "jobset" {
version = optional(string, "v0.5.2")
})
default = {}
-
- validation {
- condition = !var.jobset.install || contains(["v0.5.2"], var.jobset.version)
- error_message = "Supported version of Jobset is v0.5.2"
- }
}
diff --git a/modules/monitoring/dashboard/versions.tf b/modules/monitoring/dashboard/versions.tf
index 74189a3b70..ad1eb07abf 100644
--- a/modules/monitoring/dashboard/versions.tf
+++ b/modules/monitoring/dashboard/versions.tf
@@ -22,7 +22,7 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:dashboard/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:dashboard/v1.44.0"
}
required_version = ">= 0.14.0"
diff --git a/modules/network/firewall-rules/versions.tf b/modules/network/firewall-rules/versions.tf
index 7d7b6bd037..fefc244b8f 100644
--- a/modules/network/firewall-rules/versions.tf
+++ b/modules/network/firewall-rules/versions.tf
@@ -22,7 +22,7 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:firewall-rules/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:firewall-rules/v1.44.0"
}
required_version = ">= 1.3"
diff --git a/modules/network/gpu-rdma-vpc/README.md b/modules/network/gpu-rdma-vpc/README.md
new file mode 100644
index 0000000000..d5b8f5c894
--- /dev/null
+++ b/modules/network/gpu-rdma-vpc/README.md
@@ -0,0 +1,143 @@
+## Description
+
+This module accomplishes the following:
+
+* Creates one [VPC network][cft-network]
+ * Each VPC contains a variable number of subnetworks as specified in the
+ `subnetworks_template` variable
+ * Each subnetwork contains distinct IP address ranges
+* Outputs the following unique parameters
+ * `subnetwork_interfaces` which is compatible with Slurm and vm-instance
+ modules
+ * `subnetwork_interfaces_gke` which is compatible with GKE modules
+
+This module is a simplified version of the VPC module and its main difference
+is the variable `subnetwork_template` which is the template for all subnetworks
+created within the network. This template contains the following values:
+
+1. `count`: The number of subnetworks to be created
+1. `name_prefix`: The prefix for the subnetwork names
+1. `ip_range`: [CIDR-formatted IP range][cidr]
+1. `region`: The region where the subnetwork will be deployed
+
+> [!WARNING]
+> The `ip_range` should be always be large enough to split into `count`
+> subnetworks and the number of required connections within.
+
+[cft-network]: https://github.com/terraform-google-modules/terraform-google-network/tree/v10.0.0
+[cidr]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation
+
+### Example
+
+This snippet uses the gpu-vpc module to create a new VPC network named
+`test-rdma-net` with 8 subnetworks named `test-mrdma-sub-#` where # ranges from
+0 to 7. The subnetworks will split the `ip_range` evenly, starting from bit 16
+(0 indexed). The networks are ingested by the Slurm nodeset within the
+`additional_networks` setting.
+
+```yaml
+ - id: rdma-net
+ source: modules/network/gpu-rdma-vpc
+ settings:
+ network_name: test-rdma-net
+ network_profile: https://www.googleapis.com/compute/beta/projects/$(vars.project_id)/global/networkProfiles/$(vars.zone)-vpc-roce
+ network_routing_mode: REGIONAL
+ subnetworks_template:
+ name_prefix: test-mrdma-sub
+ count: 8
+ ip_range: 192.168.0.0/16
+ region: $(vars.region)
+
+ - id: a3_nodeset
+ source: community/modules/compute/schedmd-slurm-gcp-v6-nodeset
+ use: [network0]
+ settings:
+ machine_type: a3-ultragpu-8g
+ additional_networks:
+ $(concat(
+ [{
+ network=null,
+ subnetwork=network1.subnetwork_self_link,
+ subnetwork_project=vars.project_id,
+ nic_type="GVNIC",
+ queue_count=null,
+ network_ip="",
+ stack_type=null,
+ access_config=[],
+ ipv6_access_config=[],
+ alias_ip_range=[]
+ }],
+ rdma-net.subnetwork_interfaces
+ ))
+ ...
+```
+
+## License
+
+
+Copyright 2022 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| [terraform](#requirement\_terraform) | >= 0.15.0 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| [vpc](#module\_vpc) | terraform-google-modules/network/google | ~> 10.0 |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| [delete\_default\_internet\_gateway\_routes](#input\_delete\_default\_internet\_gateway\_routes) | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | `bool` | `false` | no |
+| [deployment\_name](#input\_deployment\_name) | The name of the current deployment | `string` | n/a | yes |
+| [enable\_internal\_traffic](#input\_enable\_internal\_traffic) | Enable a firewall rule to allow all internal TCP, UDP, and ICMP traffic within the network | `bool` | `true` | no |
+| [firewall\_log\_config](#input\_firewall\_log\_config) | Firewall log configuration for Toolkit firewall rules (var.enable\_iap\_ssh\_ingress and others) | `string` | `"DISABLE_LOGGING"` | no |
+| [firewall\_rules](#input\_firewall\_rules) | List of firewall rules | `any` | `[]` | no |
+| [mtu](#input\_mtu) | The network MTU (default: 8896). Recommended values: 0 (use Compute Engine default), 1460 (default outside HPC environments), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively. | `number` | `8896` | no |
+| [network\_description](#input\_network\_description) | An optional description of this resource (changes will trigger resource destroy/create) | `string` | `""` | no |
+| [network\_name](#input\_network\_name) | The name of the network to be created (if unsupplied, will default to "{deployment\_name}-net") | `string` | `null` | no |
+| [network\_profile](#input\_network\_profile) | A full or partial URL of the network profile to apply to this network.
This field can be set only at resource creation time. For example, the
following are valid URLs:
- https://www.googleapis.com/compute/beta/projects/{projectId}/global/networkProfiles/{network_profile_name}
- projects/{projectId}/global/networkProfiles/{network\_profile\_name}} | `string` | n/a | yes |
+| [network\_routing\_mode](#input\_network\_routing\_mode) | The network routing mode (default "REGIONAL") | `string` | `"REGIONAL"` | no |
+| [nic\_type](#input\_nic\_type) | NIC type for use in modules that use the output | `string` | `"MRDMA"` | no |
+| [project\_id](#input\_project\_id) | Project in which the HPC deployment will be created | `string` | n/a | yes |
+| [region](#input\_region) | The default region for Cloud resources | `string` | n/a | yes |
+| [shared\_vpc\_host](#input\_shared\_vpc\_host) | Makes this project a Shared VPC host if 'true' (default 'false') | `bool` | `false` | no |
+| [subnetworks\_template](#input\_subnetworks\_template) | Specifications for the subnetworks that will be created within this VPC.
count (number, required, number of subnets to create, default is 8)
name\_prefix (string, required, subnet name prefix, default is deployment name)
ip\_range (string, required, range of IPs for all subnets to share (CIDR format), default is 192.168.0.0/16)
region (string, optional, region to deploy subnets to, defaults to vars.region) | object({
count = number
name_prefix = string
ip_range = string
region = optional(string)
}) | {
"count": 8,
"ip_range": "192.168.0.0/16",
"name_prefix": null,
"region": null
} | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| [network\_id](#output\_network\_id) | ID of the new VPC network |
+| [network\_name](#output\_network\_name) | Name of the new VPC network |
+| [network\_self\_link](#output\_network\_self\_link) | Self link of the new VPC network |
+| [subnetwork\_interfaces](#output\_subnetwork\_interfaces) | Full list of subnetwork objects belonging to the new VPC network (compatible with vm-instance and Slurm modules) |
+| [subnetwork\_interfaces\_gke](#output\_subnetwork\_interfaces\_gke) | Full list of subnetwork objects belonging to the new VPC network (compatible with gke-node-pool) |
+| [subnetwork\_name\_prefix](#output\_subnetwork\_name\_prefix) | Prefix of the RDMA subnetwork names |
+| [subnetworks](#output\_subnetworks) | Full list of subnetwork objects belonging to the new VPC network |
+
diff --git a/modules/network/gpu-rdma-vpc/main.tf b/modules/network/gpu-rdma-vpc/main.tf
new file mode 100644
index 0000000000..93f4fb9dd3
--- /dev/null
+++ b/modules/network/gpu-rdma-vpc/main.tf
@@ -0,0 +1,114 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+locals {
+ autoname = replace(var.deployment_name, "_", "-")
+ network_name = var.network_name == null ? "${local.autoname}-net" : var.network_name
+ subnet_prefix = var.subnetworks_template.name_prefix == null ? "${local.autoname}-subnet" : var.subnetworks_template.name_prefix
+
+ new_bits = ceil(log(var.subnetworks_template.count, 2))
+ template_subnetworks = [for i in range(var.subnetworks_template.count) :
+ {
+ subnet_name = "${local.subnet_prefix}-${i}"
+ subnet_region = try(var.subnetworks_template.region, var.region)
+ subnet_ip = cidrsubnet(var.subnetworks_template.ip_range, local.new_bits, i)
+ }
+ ]
+
+ firewall_log_api_values = {
+ "DISABLE_LOGGING" = null
+ "INCLUDE_ALL_METADATA" = { metadata = "INCLUDE_ALL_METADATA" },
+ "EXCLUDE_ALL_METADATA" = { metadata = "EXCLUDE_ALL_METADATA" },
+ }
+ firewall_log_config = lookup(local.firewall_log_api_values, var.firewall_log_config, null)
+
+ allow_internal_traffic = {
+ name = "${local.network_name}-fw-allow-internal-traffic"
+ priority = null
+ description = "allow traffic between nodes of this VPC"
+ direction = "INGRESS"
+ ranges = [var.subnetworks_template.ip_range]
+ source_tags = null
+ source_service_accounts = null
+ target_tags = null
+ target_service_accounts = null
+ allow = [{
+ protocol = "tcp"
+ ports = ["0-65535"]
+ }, {
+ protocol = "udp"
+ ports = ["0-65535"]
+ }, {
+ protocol = "icmp"
+ ports = null
+ },
+ ]
+ deny = []
+ log_config = local.firewall_log_config
+ }
+
+ firewall_rules = concat(
+ var.firewall_rules,
+ var.enable_internal_traffic ? [local.allow_internal_traffic] : [],
+ )
+
+ output_subnets = [
+ for subnet in module.vpc.subnets : {
+ network = null
+ subnetwork = subnet.self_link
+ subnetwork_project = null # will populate from subnetwork_self_link
+ network_ip = null
+ nic_type = var.nic_type
+ stack_type = null
+ queue_count = null
+ access_config = []
+ ipv6_access_config = []
+ alias_ip_range = []
+ }
+ ]
+
+ output_subnets_gke = [
+ for i in range(length(module.vpc.subnets)) : {
+ network = local.network_name
+ subnetwork = local.template_subnetworks[i].subnet_name
+ subnetwork_project = var.project_id
+ network_ip = null
+ nic_type = var.nic_type
+ stack_type = null
+ queue_count = null
+ access_config = []
+ ipv6_access_config = []
+ alias_ip_range = []
+ }
+ ]
+}
+
+module "vpc" {
+ source = "terraform-google-modules/network/google"
+ version = "~> 10.0"
+
+ network_name = local.network_name
+ project_id = var.project_id
+ auto_create_subnetworks = false
+ subnets = local.template_subnetworks
+ routing_mode = var.network_routing_mode
+ mtu = var.mtu
+ description = var.network_description
+ shared_vpc_host = var.shared_vpc_host
+ delete_default_internet_gateway_routes = var.delete_default_internet_gateway_routes
+ firewall_rules = local.firewall_rules
+ network_profile = var.network_profile
+}
diff --git a/modules/network/gpu-rdma-vpc/metadata.yaml b/modules/network/gpu-rdma-vpc/metadata.yaml
new file mode 100644
index 0000000000..4c2f23a8d7
--- /dev/null
+++ b/modules/network/gpu-rdma-vpc/metadata.yaml
@@ -0,0 +1,19 @@
+# Copyright 2023 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+spec:
+ requirements:
+ services:
+ - compute.googleapis.com
diff --git a/modules/network/gpu-rdma-vpc/outputs.tf b/modules/network/gpu-rdma-vpc/outputs.tf
new file mode 100644
index 0000000000..0a21f1d3f2
--- /dev/null
+++ b/modules/network/gpu-rdma-vpc/outputs.tf
@@ -0,0 +1,59 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+output "network_name" {
+ description = "Name of the new VPC network"
+ value = module.vpc.network_name
+ depends_on = [module.vpc]
+}
+
+output "network_id" {
+ description = "ID of the new VPC network"
+ value = module.vpc.network_id
+ depends_on = [module.vpc]
+}
+
+output "network_self_link" {
+ description = "Self link of the new VPC network"
+ value = module.vpc.network_self_link
+ depends_on = [module.vpc]
+}
+
+output "subnetworks" {
+ description = "Full list of subnetwork objects belonging to the new VPC network"
+ value = module.vpc.subnets
+ depends_on = [module.vpc]
+}
+
+output "subnetwork_interfaces" {
+ description = "Full list of subnetwork objects belonging to the new VPC network (compatible with vm-instance and Slurm modules)"
+ value = local.output_subnets
+ depends_on = [module.vpc]
+}
+
+# The output subnetwork_interfaces is compatible with vm-instance module but not with gke-node-pool
+# See https://github.com/GoogleCloudPlatform/cluster-toolkit/blob/99493df21cecf6a092c45298bf7a45e0343cf622/modules/compute/vm-instance/variables.tf#L220
+# So, we need a separate output that makes the network and subnetwork names available
+output "subnetwork_interfaces_gke" {
+ description = "Full list of subnetwork objects belonging to the new VPC network (compatible with gke-node-pool)"
+ value = local.output_subnets_gke
+ depends_on = [module.vpc]
+}
+
+output "subnetwork_name_prefix" {
+ description = "Prefix of the RDMA subnetwork names"
+ value = var.subnetworks_template.name_prefix
+}
diff --git a/modules/network/gpu-rdma-vpc/variables.tf b/modules/network/gpu-rdma-vpc/variables.tf
new file mode 100644
index 0000000000..6c9be8ee9a
--- /dev/null
+++ b/modules/network/gpu-rdma-vpc/variables.tf
@@ -0,0 +1,162 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+variable "project_id" {
+ description = "Project in which the HPC deployment will be created"
+ type = string
+}
+
+variable "network_name" {
+ description = "The name of the network to be created (if unsupplied, will default to \"{deployment_name}-net\")"
+ type = string
+ default = null
+}
+
+variable "region" {
+ description = "The default region for Cloud resources"
+ type = string
+}
+
+variable "deployment_name" {
+ description = "The name of the current deployment"
+ type = string
+}
+
+variable "mtu" {
+ type = number
+ description = "The network MTU (default: 8896). Recommended values: 0 (use Compute Engine default), 1460 (default outside HPC environments), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively."
+ default = 8896
+}
+
+variable "subnetworks_template" {
+ description = <<-EOT
+ Specifications for the subnetworks that will be created within this VPC.
+
+ count (number, required, number of subnets to create, default is 8)
+ name_prefix (string, required, subnet name prefix, default is deployment name)
+ ip_range (string, required, range of IPs for all subnets to share (CIDR format), default is 192.168.0.0/16)
+ region (string, optional, region to deploy subnets to, defaults to vars.region)
+ EOT
+ nullable = false
+ type = object({
+ count = number
+ name_prefix = string
+ ip_range = string
+ region = optional(string)
+ })
+ default = {
+ count = 8
+ name_prefix = null
+ ip_range = "192.168.0.0/16"
+ region = null
+ }
+
+ validation {
+ condition = var.subnetworks_template.count > 0
+ error_message = "Number of subnetworks must be greater than 0"
+ }
+
+ validation {
+ condition = can(cidrhost(var.subnetworks_template.ip_range, 0))
+ error_message = "IP address range must be in CIDR format."
+ }
+}
+
+variable "network_routing_mode" {
+ type = string
+ default = "REGIONAL"
+ description = "The network routing mode (default \"REGIONAL\")"
+
+ validation {
+ condition = contains(["GLOBAL", "REGIONAL"], var.network_routing_mode)
+ error_message = "The network routing mode must either be \"GLOBAL\" or \"REGIONAL\"."
+ }
+}
+
+variable "network_description" {
+ type = string
+ description = "An optional description of this resource (changes will trigger resource destroy/create)"
+ default = ""
+}
+
+variable "shared_vpc_host" {
+ type = bool
+ description = "Makes this project a Shared VPC host if 'true' (default 'false')"
+ default = false
+}
+
+variable "delete_default_internet_gateway_routes" {
+ type = bool
+ description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted"
+ default = false
+}
+
+variable "enable_internal_traffic" {
+ type = bool
+ description = "Enable a firewall rule to allow all internal TCP, UDP, and ICMP traffic within the network"
+ default = true
+}
+
+variable "firewall_rules" {
+ type = any
+ description = "List of firewall rules"
+ default = []
+}
+
+variable "firewall_log_config" {
+ type = string
+ description = "Firewall log configuration for Toolkit firewall rules (var.enable_iap_ssh_ingress and others)"
+ default = "DISABLE_LOGGING"
+ nullable = false
+
+ validation {
+ condition = contains([
+ "INCLUDE_ALL_METADATA",
+ "EXCLUDE_ALL_METADATA",
+ "DISABLE_LOGGING",
+ ], var.firewall_log_config)
+ error_message = "var.firewall_log_config must be set to \"DISABLE_LOGGING\", or enable logging with \"INCLUDE_ALL_METADATA\" or \"EXCLUDE_ALL_METADATA\""
+ }
+}
+
+variable "network_profile" {
+ description = <<-EOT
+ A full or partial URL of the network profile to apply to this network.
+ This field can be set only at resource creation time. For example, the
+ following are valid URLs:
+ - https://www.googleapis.com/compute/beta/projects/{projectId}/global/networkProfiles/{network_profile_name}
+ - projects/{projectId}/global/networkProfiles/{network_profile_name}}
+ EOT
+ type = string
+ nullable = false
+
+ validation {
+ condition = can(coalesce(var.network_profile))
+ error_message = "var.network_profile must be specified and not an empty string"
+ }
+}
+
+variable "nic_type" {
+ description = "NIC type for use in modules that use the output"
+ type = string
+ nullable = true
+ default = "MRDMA"
+
+ validation {
+ condition = contains(["MRDMA"], var.nic_type)
+ error_message = "The nic_type must be \"MRDMA\"."
+ }
+}
diff --git a/modules/network/gpu-rdma-vpc/versions.tf b/modules/network/gpu-rdma-vpc/versions.tf
new file mode 100644
index 0000000000..71b7106734
--- /dev/null
+++ b/modules/network/gpu-rdma-vpc/versions.tf
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+*/
+
+terraform {
+ required_version = ">= 0.15.0"
+}
diff --git a/modules/network/multivpc/README.md b/modules/network/multivpc/README.md
index 605a6a3603..9f65c2b8ab 100644
--- a/modules/network/multivpc/README.md
+++ b/modules/network/multivpc/README.md
@@ -116,6 +116,7 @@ limitations under the License.
| [network\_description](#input\_network\_description) | An optional description of this resource (changes will trigger resource destroy/create) | `string` | `""` | no |
| [network\_interface\_defaults](#input\_network\_interface\_defaults) | The template of the network settings to be used on all vpcs. | object({
network = optional(string)
subnetwork = optional(string)
subnetwork_project = optional(string)
network_ip = optional(string, "")
nic_type = optional(string, "GVNIC")
stack_type = optional(string, "IPV4_ONLY")
queue_count = optional(string)
access_config = optional(list(object({
nat_ip = string
network_tier = string
public_ptr_domain_name = string
})), [])
ipv6_access_config = optional(list(object({
network_tier = string
public_ptr_domain_name = string
})), [])
alias_ip_range = optional(list(object({
ip_cidr_range = string
subnetwork_range_name = string
})), [])
}) | {
"access_config": [],
"alias_ip_range": [],
"ipv6_access_config": [],
"network": null,
"network_ip": "",
"nic_type": "GVNIC",
"queue_count": null,
"stack_type": "IPV4_ONLY",
"subnetwork": null,
"subnetwork_project": null
} | no |
| [network\_name\_prefix](#input\_network\_name\_prefix) | The base name of the vpcs and their subnets, will be appended with a sequence number | `string` | `""` | no |
+| [network\_profile](#input\_network\_profile) | A full or partial URL of the network profile to apply to this network.
This field can be set only at resource creation time. For example, the
following are valid URLs:
- https://www.googleapis.com/compute/beta/projects/{projectId}/global/networkProfiles/{network_profile_name}
- projects/{projectId}/global/networkProfiles/{network\_profile\_name}} | `string` | `null` | no |
| [network\_routing\_mode](#input\_network\_routing\_mode) | The network dynamic routing mode | `string` | `"REGIONAL"` | no |
| [project\_id](#input\_project\_id) | Project in which the HPC deployment will be created | `string` | n/a | yes |
| [region](#input\_region) | The default region for Cloud resources | `string` | n/a | yes |
diff --git a/modules/network/multivpc/main.tf b/modules/network/multivpc/main.tf
index 3b04195f8a..ad06e793c1 100644
--- a/modules/network/multivpc/main.tf
+++ b/modules/network/multivpc/main.tf
@@ -74,4 +74,5 @@ module "vpcs" {
mtu = var.mtu
network_description = var.network_description
network_routing_mode = var.network_routing_mode
+ network_profile = var.network_profile
}
diff --git a/modules/network/multivpc/variables.tf b/modules/network/multivpc/variables.tf
index 84d301e954..f51bbde58c 100644
--- a/modules/network/multivpc/variables.tf
+++ b/modules/network/multivpc/variables.tf
@@ -186,3 +186,15 @@ variable "network_interface_defaults" {
alias_ip_range = []
}
}
+
+variable "network_profile" {
+ type = string
+ description = <<-EOT
+ A full or partial URL of the network profile to apply to this network.
+ This field can be set only at resource creation time. For example, the
+ following are valid URLs:
+ - https://www.googleapis.com/compute/beta/projects/{projectId}/global/networkProfiles/{network_profile_name}
+ - projects/{projectId}/global/networkProfiles/{network_profile_name}}
+ EOT
+ default = null
+}
diff --git a/modules/network/pre-existing-subnetwork/versions.tf b/modules/network/pre-existing-subnetwork/versions.tf
index f5693ac098..bed38076f2 100644
--- a/modules/network/pre-existing-subnetwork/versions.tf
+++ b/modules/network/pre-existing-subnetwork/versions.tf
@@ -22,7 +22,7 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:pre-existing-subnetwork/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:pre-existing-subnetwork/v1.44.0"
}
required_version = ">= 0.14.0"
diff --git a/modules/network/pre-existing-vpc/versions.tf b/modules/network/pre-existing-vpc/versions.tf
index 6825dec0b0..00e8dcf8bc 100644
--- a/modules/network/pre-existing-vpc/versions.tf
+++ b/modules/network/pre-existing-vpc/versions.tf
@@ -22,7 +22,7 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:pre-existing-vpc/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:pre-existing-vpc/v1.44.0"
}
required_version = ">= 0.14.0"
diff --git a/modules/network/vpc/README.md b/modules/network/vpc/README.md
index 97e28d548a..ff0fd46c95 100644
--- a/modules/network/vpc/README.md
+++ b/modules/network/vpc/README.md
@@ -165,7 +165,9 @@ limitations under the License.
## Providers
-No providers.
+| Name | Version |
+|------|---------|
+| [terraform](#provider\_terraform) | n/a |
## Modules
@@ -173,11 +175,13 @@ No providers.
|------|--------|---------|
| [cloud\_router](#module\_cloud\_router) | terraform-google-modules/cloud-router/google | ~> 6.0 |
| [nat\_ip\_addresses](#module\_nat\_ip\_addresses) | terraform-google-modules/address/google | ~> 4.1 |
-| [vpc](#module\_vpc) | terraform-google-modules/network/google | ~> 9.0 |
+| [vpc](#module\_vpc) | terraform-google-modules/network/google | ~> 10.0 |
## Resources
-No resources.
+| Name | Type |
+|------|------|
+| [terraform_data.secondary_ranges_validation](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
## Inputs
@@ -201,11 +205,13 @@ No resources.
| [network\_address\_range](#input\_network\_address\_range) | IP address range (CIDR) for global network | `string` | `"10.0.0.0/9"` | no |
| [network\_description](#input\_network\_description) | An optional description of this resource (changes will trigger resource destroy/create) | `string` | `""` | no |
| [network\_name](#input\_network\_name) | The name of the network to be created (if unsupplied, will default to "{deployment\_name}-net") | `string` | `null` | no |
+| [network\_profile](#input\_network\_profile) | A full or partial URL of the network profile to apply to this network.
This field can be set only at resource creation time. For example, the
following are valid URLs:
- https://www.googleapis.com/compute/beta/projects/{projectId}/global/networkProfiles/{network_profile_name}
- projects/{projectId}/global/networkProfiles/{network\_profile\_name}} | `string` | `null` | no |
| [network\_routing\_mode](#input\_network\_routing\_mode) | The network routing mode (default "GLOBAL") | `string` | `"GLOBAL"` | no |
| [primary\_subnetwork](#input\_primary\_subnetwork) | DEPRECATED: please see https://goo.gle/hpc-toolkit-vpc-deprecation for migration instructions | `map(string)` | `null` | no |
| [project\_id](#input\_project\_id) | Project in which the HPC deployment will be created | `string` | n/a | yes |
| [region](#input\_region) | The default region for Cloud resources | `string` | n/a | yes |
-| [secondary\_ranges](#input\_secondary\_ranges) | Secondary ranges that will be used in some of the subnets. Please see https://goo.gle/hpc-toolkit-vpc-deprecation for migration instructions. | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
+| [secondary\_ranges](#input\_secondary\_ranges) | "Secondary ranges associated with the subnets.
This will be deprecated in favour of secondary\_ranges\_list at a later date.
Please migrate to using the same." | `map(list(object({ range_name = string, ip_cidr_range = string })))` | `{}` | no |
+| [secondary\_ranges\_list](#input\_secondary\_ranges\_list) | List of secondary ranges associated with the subnets. | list(object({
subnetwork_name = string,
ranges = list(object({
range_name = string,
ip_cidr_range = string
}))
})) | `[]` | no |
| [shared\_vpc\_host](#input\_shared\_vpc\_host) | Makes this project a Shared VPC host if 'true' (default 'false') | `bool` | `false` | no |
| [subnetwork\_name](#input\_subnetwork\_name) | The name of the network to be created (if unsupplied, will default to "{deployment\_name}-primary-subnet") | `string` | `null` | no |
| [subnetwork\_size](#input\_subnetwork\_size) | DEPRECATED: please see https://goo.gle/hpc-toolkit-vpc-deprecation for migration instructions | `number` | `null` | no |
diff --git a/modules/network/vpc/main.tf b/modules/network/vpc/main.tf
index 3c1ceff0d2..3ad533a957 100644
--- a/modules/network/vpc/main.tf
+++ b/modules/network/vpc/main.tf
@@ -152,23 +152,29 @@ locals {
var.enable_internal_traffic ? [local.allow_internal_traffic] : [],
length(local.iap_ports) > 0 ? [local.allow_iap_ingress] : []
)
+
+ secondary_ranges_map = {
+ for secondary_range in var.secondary_ranges_list :
+ secondary_range.subnetwork_name => secondary_range.ranges
+ }
}
module "vpc" {
source = "terraform-google-modules/network/google"
- version = "~> 9.0"
+ version = "~> 10.0"
network_name = local.network_name
project_id = var.project_id
auto_create_subnetworks = false
subnets = local.subnetworks
- secondary_ranges = var.secondary_ranges
+ secondary_ranges = length(local.secondary_ranges_map) > 0 ? local.secondary_ranges_map : var.secondary_ranges
routing_mode = var.network_routing_mode
mtu = var.mtu
description = var.network_description
shared_vpc_host = var.shared_vpc_host
delete_default_internet_gateway_routes = var.delete_default_internet_gateway_routes
firewall_rules = local.firewall_rules
+ network_profile = var.network_profile
}
# This use of the module may appear odd when var.ips_per_nat = 0. The module
diff --git a/modules/network/vpc/variables.tf b/modules/network/vpc/variables.tf
index 12495b6770..f4e7321784 100644
--- a/modules/network/vpc/variables.tf
+++ b/modules/network/vpc/variables.tf
@@ -149,10 +149,26 @@ variable "additional_subnetworks" {
variable "secondary_ranges" {
type = map(list(object({ range_name = string, ip_cidr_range = string })))
- description = "Secondary ranges that will be used in some of the subnets. Please see https://goo.gle/hpc-toolkit-vpc-deprecation for migration instructions."
+ description = <<-EOT
+ "Secondary ranges associated with the subnets.
+ This will be deprecated in favour of secondary_ranges_list at a later date.
+ Please migrate to using the same."
+ EOT
default = {}
}
+variable "secondary_ranges_list" {
+ type = list(object({
+ subnetwork_name = string,
+ ranges = list(object({
+ range_name = string,
+ ip_cidr_range = string
+ }))
+ }))
+ description = "List of secondary ranges associated with the subnets."
+ default = []
+}
+
variable "network_routing_mode" {
type = string
default = "GLOBAL"
@@ -250,3 +266,24 @@ variable "firewall_log_config" {
error_message = "var.firewall_log_config must be set to \"DISABLE_LOGGING\", or enable logging with \"INCLUDE_ALL_METADATA\" or \"EXCLUDE_ALL_METADATA\""
}
}
+
+resource "terraform_data" "secondary_ranges_validation" {
+ lifecycle {
+ precondition {
+ condition = length(var.secondary_ranges) == 0 || length(var.secondary_ranges_list) == 0
+ error_message = "Only one of var.secondary_ranges or var.secondary_ranges_list should be specified"
+ }
+ }
+}
+
+variable "network_profile" {
+ type = string
+ description = <<-EOT
+ A full or partial URL of the network profile to apply to this network.
+ This field can be set only at resource creation time. For example, the
+ following are valid URLs:
+ - https://www.googleapis.com/compute/beta/projects/{projectId}/global/networkProfiles/{network_profile_name}
+ - projects/{projectId}/global/networkProfiles/{network_profile_name}}
+ EOT
+ default = null
+}
diff --git a/modules/scheduler/batch-job-template/README.md b/modules/scheduler/batch-job-template/README.md
index d4068a93c3..4dc73e8309 100644
--- a/modules/scheduler/batch-job-template/README.md
+++ b/modules/scheduler/batch-job-template/README.md
@@ -141,7 +141,7 @@ limitations under the License.
| Name | Source | Version |
|------|--------|---------|
| [instance\_template](#module\_instance\_template) | terraform-google-modules/vm/google//modules/instance_template | ~> 12.1 |
-| [netstorage\_startup\_script](#module\_netstorage\_startup\_script) | github.com/GoogleCloudPlatform/hpc-toolkit//modules/scripts/startup-script | v1.39.0 |
+| [netstorage\_startup\_script](#module\_netstorage\_startup\_script) | ../../scripts/startup-script | n/a |
## Resources
diff --git a/modules/scheduler/batch-job-template/startup_from_network_storage.tf b/modules/scheduler/batch-job-template/startup_from_network_storage.tf
index 070b0b8c33..02bc58e4f7 100644
--- a/modules/scheduler/batch-job-template/startup_from_network_storage.tf
+++ b/modules/scheduler/batch-job-template/startup_from_network_storage.tf
@@ -55,7 +55,7 @@ locals {
}
module "netstorage_startup_script" {
- source = "github.com/GoogleCloudPlatform/hpc-toolkit//modules/scripts/startup-script?ref=v1.39.0"
+ source = "../../scripts/startup-script"
labels = local.labels
project_id = var.project_id
diff --git a/modules/scheduler/batch-login-node/versions.tf b/modules/scheduler/batch-login-node/versions.tf
index 05f674c89d..16c1b02494 100644
--- a/modules/scheduler/batch-login-node/versions.tf
+++ b/modules/scheduler/batch-login-node/versions.tf
@@ -22,7 +22,7 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:batch-login-node/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:batch-login-node/v1.44.0"
}
required_version = ">= 0.14.0"
diff --git a/modules/scheduler/gke-cluster/README.md b/modules/scheduler/gke-cluster/README.md
index 93140e9191..74f1ac0ba3 100644
--- a/modules/scheduler/gke-cluster/README.md
+++ b/modules/scheduler/gke-cluster/README.md
@@ -110,7 +110,6 @@ limitations under the License.
| [google](#requirement\_google) | > 5.0 |
| [google-beta](#requirement\_google-beta) | > 5.0 |
| [kubernetes](#requirement\_kubernetes) | ~> 2.23 |
-| [null](#requirement\_null) | ~> 3.0 |
## Providers
@@ -118,7 +117,6 @@ limitations under the License.
|------|---------|
| [google](#provider\_google) | > 5.0 |
| [google-beta](#provider\_google-beta) | > 5.0 |
-| [null](#provider\_null) | ~> 3.0 |
## Modules
@@ -133,7 +131,6 @@ limitations under the License.
|------|------|
| [google-beta_google_container_cluster.gke_cluster](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/google_container_cluster) | resource |
| [google-beta_google_container_node_pool.system_node_pools](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/google_container_node_pool) | resource |
-| [null_resource.enable_parallelstore_csi](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [google_client_config.default](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
| [google_project.project](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project) | data source |
diff --git a/modules/scheduler/gke-cluster/main.tf b/modules/scheduler/gke-cluster/main.tf
index 6a5bcfb786..48a225d5e8 100644
--- a/modules/scheduler/gke-cluster/main.tf
+++ b/modules/scheduler/gke-cluster/main.tf
@@ -185,6 +185,9 @@ resource "google_container_cluster" "gke_cluster" {
dns_cache_config {
enabled = var.enable_node_local_dns_cache
}
+ parallelstore_csi_driver_config {
+ enabled = var.enable_parallelstore_csi
+ }
}
timeouts {
@@ -305,17 +308,6 @@ resource "google_container_node_pool" "system_node_pools" {
}
}
-### TODO: remove this after Terraform support for GKE Parallelstore CSI is added. ###
-### Instead use addons_config above to enable the CSI ###
-resource "null_resource" "enable_parallelstore_csi" {
- count = var.enable_parallelstore_csi == true ? 1 : 0
-
- provisioner "local-exec" {
- command = "gcloud container clusters update ${local.name} --location=${var.region} --project=${var.project_id} --update-addons=ParallelstoreCsiDriver=ENABLED"
- }
- depends_on = [google_container_node_pool.system_node_pools] # avoid cluster operation conflict
-}
-
data "google_client_config" "default" {}
provider "kubernetes" {
diff --git a/modules/scheduler/gke-cluster/versions.tf b/modules/scheduler/gke-cluster/versions.tf
index 28bf526fec..1f327efbe8 100644
--- a/modules/scheduler/gke-cluster/versions.tf
+++ b/modules/scheduler/gke-cluster/versions.tf
@@ -28,12 +28,8 @@ terraform {
source = "hashicorp/kubernetes"
version = "~> 2.23"
}
- null = {
- source = "hashicorp/null"
- version = "~> 3.0"
- }
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:gke-cluster/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:gke-cluster/v1.44.0"
}
}
diff --git a/modules/scheduler/pre-existing-gke-cluster/versions.tf b/modules/scheduler/pre-existing-gke-cluster/versions.tf
index b0808d9acf..e1a9453e83 100644
--- a/modules/scheduler/pre-existing-gke-cluster/versions.tf
+++ b/modules/scheduler/pre-existing-gke-cluster/versions.tf
@@ -23,7 +23,7 @@ terraform {
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:pre-existing-gke-cluster/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:pre-existing-gke-cluster/v1.44.0"
}
required_version = ">= 1.3"
diff --git a/modules/scripts/startup-script/versions.tf b/modules/scripts/startup-script/versions.tf
index b2bdb0e875..90b1dd202c 100644
--- a/modules/scripts/startup-script/versions.tf
+++ b/modules/scripts/startup-script/versions.tf
@@ -30,7 +30,7 @@ terraform {
}
}
provider_meta "google" {
- module_name = "blueprints/terraform/hpc-toolkit:startup-script/v1.43.0"
+ module_name = "blueprints/terraform/hpc-toolkit:startup-script/v1.44.0"
}
required_version = ">= 1.3"
diff --git a/pkg/config/expand.go b/pkg/config/expand.go
index 9bad4dd2d1..ae5c30a328 100644
--- a/pkg/config/expand.go
+++ b/pkg/config/expand.go
@@ -199,11 +199,11 @@ func getDefaultGoogleProviders(bp Blueprint) map[string]TerraformProvider {
return map[string]TerraformProvider{
"google": {
Source: "hashicorp/google",
- Version: "~> 6.10.0",
+ Version: "~> 6.13.0",
Configuration: gglConf},
"google-beta": {
Source: "hashicorp/google-beta",
- Version: "~> 6.10.0",
+ Version: "~> 6.13.0",
Configuration: gglConf}}
}
diff --git a/pkg/config/expand_test.go b/pkg/config/expand_test.go
index ad00218133..e1ad008407 100644
--- a/pkg/config/expand_test.go
+++ b/pkg/config/expand_test.go
@@ -93,10 +93,10 @@ func (s *zeroSuite) TestExpandProviders(c *C) {
c.Check(g.TerraformProviders, DeepEquals, map[string]PR{
"google": TerraformProvider{
Source: "hashicorp/google",
- Version: "~> 6.10.0"},
+ Version: "~> 6.13.0"},
"google-beta": TerraformProvider{
Source: "hashicorp/google-beta",
- Version: "~> 6.10.0"}})
+ Version: "~> 6.13.0"}})
}
{ // no def PR, group PR
diff --git a/pkg/inspect/modules_test.go b/pkg/inspect/modules_test.go
index 03e9d570b7..1fdc2bd4fc 100644
--- a/pkg/inspect/modules_test.go
+++ b/pkg/inspect/modules_test.go
@@ -20,6 +20,7 @@ import (
"hpc-toolkit/pkg/modulereader"
"log"
"path/filepath"
+ "strings"
"testing"
"github.com/hashicorp/hcl/v2/ext/typeexpr"
@@ -61,6 +62,11 @@ func getModules() []modInfo {
}
allMods = []modInfo{}
for _, sk := range sks {
+ if strings.Contains(sk.Source, "/internal/") {
+ continue // skip internal modules
+ // TODO: remove skipping internal modules
+ }
+
info, err := modulereader.GetModuleInfo(modPath(sk.Source), sk.Kind)
if err != nil {
log.Fatal(err)
diff --git a/tools/cloud-build/daily-tests/ansible_playbooks/test-validation/test-gke-kueue.yml b/tools/cloud-build/daily-tests/ansible_playbooks/test-validation/test-gke-kueue.yml
new file mode 100644
index 0000000000..39aac2dfd5
--- /dev/null
+++ b/tools/cloud-build/daily-tests/ansible_playbooks/test-validation/test-gke-kueue.yml
@@ -0,0 +1,125 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Assert variables are defined
+ ansible.builtin.assert:
+ that:
+ - region is defined
+ - custom_vars.project is defined
+
+- name: Get cluster credentials for kubectl
+ delegate_to: localhost
+ ansible.builtin.command: gcloud container clusters get-credentials {{ deployment_name }} --region {{ region }} --project {{ custom_vars.project }}
+
+- name: Create the topology kueue
+ delegate_to: localhost
+ ansible.builtin.shell: |
+ array=({{ workspace }}/tools/cloud-build/daily-tests/blueprints/kueue-config-files/tas-queues.yaml)
+ kubectl create -f ${array[0]}
+ echo ${array[0]}
+ args:
+ executable: /bin/bash
+ changed_when: False
+
+- name: Create the host topology kueue job
+ delegate_to: localhost
+ ansible.builtin.shell: |
+ array=({{ workspace }}/tools/cloud-build/daily-tests/blueprints/kueue-config-files/host-topology-tas-small-job.yaml)
+ kubectl create -f ${array[0]}
+ echo ${array[0]}
+ args:
+ executable: /bin/bash
+ changed_when: False
+
+- name: Ensure all pods are on the same host
+ delegate_to: localhost
+ ansible.builtin.shell: |
+ kubectl get pods \
+ -o custom-columns="Name:.metadata.name,Host:.spec.nodeSelector.cloud\.google\.com/gce-topology-host" | \
+ sort -k2 | uniq -f 1 | wc -l
+ register: unique_host_count
+ until: unique_host_count.stdout | int == 2
+ retries: 10
+ delay: 10
+
+- name: Delete the host topology kueue job
+ delegate_to: localhost
+ ansible.builtin.shell: |
+ kubectl delete --all jobs
+ args:
+ executable: /bin/bash
+ changed_when: False
+
+- name: Create the rack topology kueue job
+ delegate_to: localhost
+ ansible.builtin.shell: |
+ array=({{ workspace }}/tools/cloud-build/daily-tests/blueprints/kueue-config-files/rack-topology-tas-small-job.yaml)
+ kubectl create -f ${array[0]}
+ echo ${array[0]}
+ args:
+ executable: /bin/bash
+ changed_when: False
+
+- name: Ensure all pods are on the same rack
+ delegate_to: localhost
+ ansible.builtin.shell: |
+ kubectl get pods \
+ -o custom-columns="Name:.metadata.name,Host:.spec.nodeSelector.cloud\.google\.com/gce-topology-subblock" | \
+ sort -k2 | uniq -f 1 | wc -l
+ register: unique_host_count
+ until: unique_host_count.stdout | int == 2
+ retries: 10
+ delay: 10
+
+- name: Delete the rack topology kueue job
+ delegate_to: localhost
+ ansible.builtin.shell: |
+ kubectl delete --all jobs
+ args:
+ executable: /bin/bash
+ changed_when: False
+
+- name: Create the block topology kueue job
+ delegate_to: localhost
+ ansible.builtin.shell: |
+ array=({{ workspace }}/tools/cloud-build/daily-tests/blueprints/kueue-config-files/block-topology-tas-small-job.yaml)
+ kubectl create -f ${array[0]}
+ echo ${array[0]}
+ args:
+ executable: /bin/bash
+ changed_when: False
+
+- name: Ensure all pods are on the same block
+ delegate_to: localhost
+ ansible.builtin.shell: |
+ kubectl get pods \
+ -o custom-columns="Name:.metadata.name,Host:.spec.nodeSelector.cloud\.google\.com/gce-topology-block" | \
+ sort -k2 | uniq -f 1 | wc -l
+ register: unique_host_count
+ until: unique_host_count.stdout | int == 2
+ retries: 10
+ delay: 10
+
+- name: Wait for job to complete
+ delegate_to: localhost
+ ansible.builtin.command: |
+ kubectl get job --field-selector status.successful=2
+ register: job_completion
+ until: job_completion.stdout_lines | length > 1
+ retries: 10
+ delay: 5
+
+- name: Print job_completion debug output
+ ansible.builtin.debug:
+ var: job_completion.stdout_lines
diff --git a/tools/cloud-build/daily-tests/ansible_playbooks/test-validation/test-gke-storage-parallelstore.yml b/tools/cloud-build/daily-tests/ansible_playbooks/test-validation/test-gke-managed-parallelstore.yml
similarity index 100%
rename from tools/cloud-build/daily-tests/ansible_playbooks/test-validation/test-gke-storage-parallelstore.yml
rename to tools/cloud-build/daily-tests/ansible_playbooks/test-validation/test-gke-managed-parallelstore.yml
diff --git a/tools/cloud-build/daily-tests/blueprints/gke-a2-highgpu.yaml b/tools/cloud-build/daily-tests/blueprints/gke-a2-highgpu.yaml
new file mode 100644
index 0000000000..b715448e65
--- /dev/null
+++ b/tools/cloud-build/daily-tests/blueprints/gke-a2-highgpu.yaml
@@ -0,0 +1,99 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+blueprint_name: gke-a2-highgpu
+
+vars:
+ project_id: hpc-toolkit-dev ## Set GCP Project ID Here ##
+ deployment_name: gke-a2-highgpu
+ region: us-central1
+ zone: us-central1-f
+
+ # Cidr block containing the IP of the machine calling terraform.
+ # The following line must be updated for this example to work.
+ authorized_cidr: 0.0.0.0/0
+
+deployment_groups:
+- group: primary
+ modules:
+ - id: network1
+ source: modules/network/vpc
+ settings:
+ subnetwork_name: $(vars.deployment_name)-subnet
+ mtu: 8244
+ secondary_ranges_list:
+ - subnetwork_name: $(vars.deployment_name)-subnet
+ ranges:
+ - range_name: pods
+ ip_cidr_range: 10.4.0.0/14
+ - range_name: services
+ ip_cidr_range: 10.0.32.0/20
+
+ - id: gke_service_account
+ source: community/modules/project/service-account
+ settings:
+ name: gke-sa
+ project_roles:
+ - logging.logWriter
+ - monitoring.metricWriter
+ - monitoring.viewer
+ - stackdriver.resourceMetadata.writer
+ - storage.objectViewer
+ - artifactregistry.reader
+
+ - id: gpunets
+ source: modules/network/multivpc
+ settings:
+ network_name_prefix: $(vars.deployment_name)-gpunet
+ global_ip_address_range: 192.169.0.0/16
+ network_count: 4
+ subnetwork_cidr_suffix: 24
+ mtu: 8244
+
+ - id: gke_cluster
+ source: modules/scheduler/gke-cluster
+ use: [network1, gpunets, gke_service_account]
+ settings:
+ enable_private_endpoint: false # Allows for access from authorized public IPs
+ release_channel: 'RAPID'
+ master_authorized_networks:
+ - cidr_block: $(vars.authorized_cidr) # Allows your machine run kubectl command. It's required for the multi-network setup.
+ display_name: "kubectl-access-network"
+ outputs: [instructions]
+
+ - id: a2_highgpu_pool
+ source: modules/compute/gke-node-pool
+ use: [gke_cluster, gpunets, gke_service_account]
+ settings:
+ auto_upgrade: true
+ machine_type: a2-highgpu-2g
+ static_node_count: 6
+ zones: [$(vars.zone)]
+ image_type: UBUNTU_CONTAINERD
+ placement_policy:
+ name: a2-highgpu-compact
+ type: "COMPACT"
+ outputs: [instructions]
+
+ - id: workload_component_install
+ source: modules/management/kubectl-apply
+ use: [gke_cluster]
+ settings:
+ kueue:
+ install: true
+ version: v0.9.0
+ jobset:
+ install: true
diff --git a/tools/cloud-build/daily-tests/blueprints/kueue-config-files/block-topology-tas-small-job.yaml b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/block-topology-tas-small-job.yaml
new file mode 100644
index 0000000000..aefbc20679
--- /dev/null
+++ b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/block-topology-tas-small-job.yaml
@@ -0,0 +1,43 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ generateName: tas-sample-small-preferred-block-
+ labels:
+ kueue.x-k8s.io/queue-name: tas-user-queue
+spec:
+ parallelism: 2
+ completions: 2
+ completionMode: Indexed
+ template:
+ metadata:
+ annotations:
+ kueue.x-k8s.io/podset-required-topology: "cloud.google.com/gce-topology-block"
+ spec:
+ tolerations:
+ - key: "nvidia.com/gpu"
+ operator: "Exists"
+ effect: NoSchedule
+ containers:
+ - name: dummy-job
+ image: gcr.io/k8s-staging-perf-tests/sleep:v0.1.0
+ args: ["10s"]
+ resources:
+ requests:
+ nvidia.com/gpu: 1
+ limits:
+ nvidia.com/gpu: 1
+ restartPolicy: Never
diff --git a/tools/cloud-build/daily-tests/blueprints/kueue-config-files/host-topology-tas-small-job.yaml b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/host-topology-tas-small-job.yaml
new file mode 100644
index 0000000000..92e45a8e43
--- /dev/null
+++ b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/host-topology-tas-small-job.yaml
@@ -0,0 +1,43 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ generateName: tas-sample-small-required-host-
+ labels:
+ kueue.x-k8s.io/queue-name: tas-user-queue
+spec:
+ parallelism: 2
+ completions: 2
+ completionMode: Indexed
+ template:
+ metadata:
+ annotations:
+ kueue.x-k8s.io/podset-required-topology: "cloud.google.com/gce-topology-host"
+ spec:
+ tolerations:
+ - key: "nvidia.com/gpu"
+ operator: "Exists"
+ effect: NoSchedule
+ containers:
+ - name: dummy-job
+ image: gcr.io/k8s-staging-perf-tests/sleep:v0.1.0
+ args: ["10s"]
+ resources:
+ requests:
+ nvidia.com/gpu: 1
+ limits:
+ nvidia.com/gpu: 1
+ restartPolicy: Never
diff --git a/tools/cloud-build/daily-tests/blueprints/kueue-config-files/kueue-configuration.yaml.tftpl b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/kueue-configuration.yaml.tftpl
new file mode 100644
index 0000000000..ea2db87ace
--- /dev/null
+++ b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/kueue-configuration.yaml.tftpl
@@ -0,0 +1,73 @@
+apiVersion: kueue.x-k8s.io/v1beta1
+kind: ResourceFlavor
+metadata:
+ name: gke-1xh100-mega-80gb-8
+spec:
+ nodeLabels:
+ cloud.google.com/gke-accelerator: system
+---
+
+apiVersion: kueue.x-k8s.io/v1beta1
+kind: ClusterQueue
+metadata:
+ name: cluster-queue
+spec:
+ preemption:
+ reclaimWithinCohort: Never # Don't preempt other queues in the cohort.
+ withinClusterQueue: LowerPriority
+ namespaceSelector: {} # match all.
+ resourceGroups:
+ - coveredResources: ["nvidia.com/gpu"]
+ flavors:
+ - name: gke-1xh100-mega-80gb-8
+ resources:
+ - name: "nvidia.com/gpu"
+ nominalQuota: ${num_chips}
+---
+apiVersion: kueue.x-k8s.io/v1beta1
+kind: LocalQueue
+metadata:
+ namespace: default
+ name: multislice-queue
+spec:
+ clusterQueue: cluster-queue # Point to the ClusterQueue
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+ name: very-low
+value: 100
+globalDefault: false
+description: "Very Low"
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+ name: low
+value: 250
+globalDefault: false
+description: "Low"
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+ name: medium
+value: 500
+globalDefault: false
+description: "Medium"
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+ name: high
+value: 750
+globalDefault: false
+description: "High"
+---
+apiVersion: scheduling.k8s.io/v1
+kind: PriorityClass
+metadata:
+ name: very-high
+value: 1000
+globalDefault: false
+description: "Very High"
diff --git a/tools/cloud-build/daily-tests/blueprints/kueue-config-files/rack-topology-tas-small-job.yaml b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/rack-topology-tas-small-job.yaml
new file mode 100644
index 0000000000..039eeec136
--- /dev/null
+++ b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/rack-topology-tas-small-job.yaml
@@ -0,0 +1,43 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ generateName: tas-sample-small-required-rack-
+ labels:
+ kueue.x-k8s.io/queue-name: tas-user-queue
+spec:
+ parallelism: 2
+ completions: 2
+ completionMode: Indexed
+ template:
+ metadata:
+ annotations:
+ kueue.x-k8s.io/podset-required-topology: "cloud.google.com/gce-topology-subblock"
+ spec:
+ tolerations:
+ - key: "nvidia.com/gpu"
+ operator: "Exists"
+ effect: NoSchedule
+ containers:
+ - name: dummy-job
+ image: gcr.io/k8s-staging-perf-tests/sleep:v0.1.0
+ args: ["10s"]
+ resources:
+ requests:
+ nvidia.com/gpu: 1
+ limits:
+ nvidia.com/gpu: 1
+ restartPolicy: Never
diff --git a/tools/cloud-build/daily-tests/blueprints/kueue-config-files/sample-kueue-job.yaml b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/sample-kueue-job.yaml
new file mode 100644
index 0000000000..d84b9830c5
--- /dev/null
+++ b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/sample-kueue-job.yaml
@@ -0,0 +1,47 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ namespace: default
+ generateName: sample-kueue-job
+ annotations:
+ kueue.x-k8s.io/queue-name: multislice-queue
+spec:
+ ttlSecondsAfterFinished: 90 # Job will be deleted after 90 seconds
+ parallelism: 3 # This Job will have 3 replicas running at the same time
+ completions: 3 # This Job requires 3 completions
+ suspend: true # Set to true to allow Kueue to control the Job when it starts
+ template:
+ spec:
+ tolerations:
+ - key: "components.gke.io/gke-managed-components"
+ operator: "Equal"
+ value: "true"
+ - key: "user-workload"
+ operator: "Equal"
+ value: "true"
+ effect: "NoSchedule"
+ - key: "nvidia.com/gpu"
+ operator: "Equal"
+ value: "present"
+ effect: "NoSchedule"
+ nodeSelector:
+ cloud.google.com/gke-accelerator: nvidia-h100-80gb # Specify the GPU hardware
+ containers:
+ - name: dummy-job
+ image: ubuntu
+ command: ["sh", "-c", "echo Hello world!"]
+ restartPolicy: Never
diff --git a/tools/cloud-build/daily-tests/blueprints/kueue-config-files/tas-queues.yaml b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/tas-queues.yaml
new file mode 100644
index 0000000000..adaae65769
--- /dev/null
+++ b/tools/cloud-build/daily-tests/blueprints/kueue-config-files/tas-queues.yaml
@@ -0,0 +1,55 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: kueue.x-k8s.io/v1alpha1
+kind: Topology
+metadata:
+ name: "gke-default"
+spec:
+ levels:
+ - nodeLabel: "cloud.google.com/gce-topology-block"
+ - nodeLabel: "cloud.google.com/gce-topology-subblock"
+ - nodeLabel: "cloud.google.com/gce-topology-host"
+ - nodeLabel: "kubernetes.io/hostname"
+---
+kind: ResourceFlavor
+apiVersion: kueue.x-k8s.io/v1beta1
+metadata:
+ name: "tas-flavor"
+spec:
+ nodeLabels:
+ cloud.google.com/gke-nodepool: "a2-highgpu-2g-a2highgpupool"
+ topologyName: "gke-default"
+---
+apiVersion: kueue.x-k8s.io/v1beta1
+kind: ClusterQueue
+metadata:
+ name: "tas-cluster-queue"
+spec:
+ namespaceSelector: {} # match all.
+ resourceGroups:
+ - coveredResources: ["nvidia.com/gpu"]
+ flavors:
+ - name: "tas-flavor"
+ resources:
+ - name: "nvidia.com/gpu"
+ nominalQuota: 12 # 6 nodes, 2 GPU each
+---
+apiVersion: kueue.x-k8s.io/v1beta1
+kind: LocalQueue
+metadata:
+ namespace: "default"
+ name: "tas-user-queue"
+spec:
+ clusterQueue: "tas-cluster-queue"
diff --git a/tools/cloud-build/daily-tests/blueprints/ml-gke-e2e.yaml b/tools/cloud-build/daily-tests/blueprints/ml-gke-e2e.yaml
index a2cec04396..9183dcb50b 100644
--- a/tools/cloud-build/daily-tests/blueprints/ml-gke-e2e.yaml
+++ b/tools/cloud-build/daily-tests/blueprints/ml-gke-e2e.yaml
@@ -21,11 +21,9 @@ vars:
region: asia-southeast1
zones:
- asia-southeast1-b # g2 machine has better availability in this zone
-
# Cidr block containing the IP of the machine calling terraform.
# The following line must be updated for this example to work.
authorized_cidr: /32
-
gcp_public_cidrs_access_enabled: false
deployment_groups:
@@ -34,9 +32,10 @@ deployment_groups:
- id: network1
source: modules/network/vpc
settings:
- subnetwork_name: gke-subnet1
- secondary_ranges:
- gke-subnet1:
+ subnetwork_name: $(vars.deployment_name)-subnet
+ secondary_ranges_list:
+ - subnetwork_name: $(vars.deployment_name)-subnet
+ ranges:
- range_name: pods
ip_cidr_range: 10.4.0.0/14
- range_name: services
@@ -93,6 +92,7 @@ deployment_groups:
"value": "g2-latest-driver"
}
]
+ requested_gpu_per_pod: 1
outputs: [instructions]
- id: n1_pool_default
@@ -154,6 +154,7 @@ deployment_groups:
"value": "n1-pool-full-spec"
}
]
+ requested_gpu_per_pod: 1
outputs: [instructions]
- id: default_settings_pool
diff --git a/tools/cloud-build/daily-tests/builds/gke-a2-highgpu-kueue.yaml b/tools/cloud-build/daily-tests/builds/gke-a2-highgpu-kueue.yaml
new file mode 100644
index 0000000000..413e7926aa
--- /dev/null
+++ b/tools/cloud-build/daily-tests/builds/gke-a2-highgpu-kueue.yaml
@@ -0,0 +1,53 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+tags:
+- m.gke-cluster
+- m.gke-node-pool
+- m.service-account
+- m.vpc
+- m.multivpc
+- m.kubectl-apply
+- gke
+
+timeout: 14400s # 4hr
+steps:
+- id: gke-a2-highgpu-kueue-test
+ name: us-central1-docker.pkg.dev/$PROJECT_ID/hpc-toolkit-repo/test-runner
+ entrypoint: /bin/bash
+ env:
+ - "ANSIBLE_HOST_KEY_CHECKING=false"
+ - "ANSIBLE_CONFIG=/workspace/tools/cloud-build/ansible.cfg"
+ args:
+ - -c
+ - |
+ set -x -e
+ cd /workspace && make
+ BUILD_ID_FULL=$BUILD_ID
+ BUILD_ID_SHORT=$${BUILD_ID_FULL:0:6}
+ EXAMPLE_BP=tools/cloud-build/daily-tests/blueprints/gke-a2-highgpu.yaml
+
+ # Replacing the static subnet name to prevent collisions
+ sed -i "s/gke-subnet-a2-high/gke-subnet-a2-high-$${BUILD_ID_SHORT}/" $${EXAMPLE_BP}
+ echo ' - id: remote-node' >> $${EXAMPLE_BP}
+ echo ' source: modules/compute/vm-instance' >> $${EXAMPLE_BP}
+ echo ' use: [network1]' >> $${EXAMPLE_BP}
+ echo ' settings:' >> $${EXAMPLE_BP}
+ echo ' machine_type: e2-standard-2' >> $${EXAMPLE_BP}
+ echo ' name_prefix: remote-node' >> $${EXAMPLE_BP}
+ echo ' add_deployment_name_before_prefix: true' >> $${EXAMPLE_BP}
+ ansible-playbook tools/cloud-build/daily-tests/ansible_playbooks/base-integration-test.yml \
+ --user=sa_106486320838376751393 --extra-vars="project=${PROJECT_ID} build=$${BUILD_ID_SHORT}" \
+ --extra-vars="@tools/cloud-build/daily-tests/tests/gke-a2-highgpu-kueue.yml"
diff --git a/tools/cloud-build/daily-tests/builds/gke-storage-parallelstore.yaml b/tools/cloud-build/daily-tests/builds/gke-managed-parallelstore.yaml
similarity index 91%
rename from tools/cloud-build/daily-tests/builds/gke-storage-parallelstore.yaml
rename to tools/cloud-build/daily-tests/builds/gke-managed-parallelstore.yaml
index a51c8cebab..01010a0435 100644
--- a/tools/cloud-build/daily-tests/builds/gke-storage-parallelstore.yaml
+++ b/tools/cloud-build/daily-tests/builds/gke-managed-parallelstore.yaml
@@ -27,7 +27,7 @@ timeout: 14400s # 4hr
steps:
## Test GKE
-- id: gke-storage-parallelstore
+- id: gke-managed-parallelstore
name: us-central1-docker.pkg.dev/$PROJECT_ID/hpc-toolkit-repo/test-runner
entrypoint: /bin/bash
env:
@@ -40,7 +40,7 @@ steps:
cd /workspace && make
BUILD_ID_FULL=$BUILD_ID
BUILD_ID_SHORT=$${BUILD_ID_FULL:0:6}
- SG_EXAMPLE=examples/gke-storage-parallelstore.yaml
+ SG_EXAMPLE=examples/gke-managed-parallelstore.yaml
# adding vm to act as remote node
echo ' - id: remote-node' >> $${SG_EXAMPLE}
@@ -58,4 +58,4 @@ steps:
ansible-playbook tools/cloud-build/daily-tests/ansible_playbooks/base-integration-test.yml \
--user=sa_106486320838376751393 --extra-vars="project=${PROJECT_ID} build=$${BUILD_ID_SHORT}" \
- --extra-vars="@tools/cloud-build/daily-tests/tests/gke-storage-parallelstore.yml"
+ --extra-vars="@tools/cloud-build/daily-tests/tests/gke-managed-parallelstore.yml"
diff --git a/tools/cloud-build/daily-tests/builds/slurm-gcp-v6-reconfig-size.yaml b/tools/cloud-build/daily-tests/builds/slurm-gcp-v6-reconfig-size.yaml
new file mode 100644
index 0000000000..8d6e390ebe
--- /dev/null
+++ b/tools/cloud-build/daily-tests/builds/slurm-gcp-v6-reconfig-size.yaml
@@ -0,0 +1,34 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+tags:
+- m.pre-existing-vpc
+- m.schedmd-slurm-gcp-v6-controller
+- m.schedmd-slurm-gcp-v6-login
+- m.schedmd-slurm-gcp-v6-nodeset
+- m.schedmd-slurm-gcp-v6-partition
+- slurm6
+
+timeout: 14400s # 4hr
+steps:
+- id: slurm-topology
+ name: us-central1-docker.pkg.dev/$PROJECT_ID/hpc-toolkit-repo/test-runner
+ entrypoint: /bin/bash
+ args:
+ - -c
+ - |
+ set -x -e
+ cd /workspace && make
+ python3 tools/python-integration-tests/slurm_reconfig_size.py
diff --git a/tools/cloud-build/daily-tests/builds/slurm-gcp-v6-simple-job-completion.yaml b/tools/cloud-build/daily-tests/builds/slurm-gcp-v6-simple-job-completion.yaml
new file mode 100644
index 0000000000..7acd7bdc11
--- /dev/null
+++ b/tools/cloud-build/daily-tests/builds/slurm-gcp-v6-simple-job-completion.yaml
@@ -0,0 +1,34 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+tags:
+- m.pre-existing-vpc
+- m.schedmd-slurm-gcp-v6-controller
+- m.schedmd-slurm-gcp-v6-login
+- m.schedmd-slurm-gcp-v6-nodeset
+- m.schedmd-slurm-gcp-v6-partition
+- slurm6
+
+timeout: 14400s # 4hr
+steps:
+- id: slurm-topology
+ name: us-central1-docker.pkg.dev/$PROJECT_ID/hpc-toolkit-repo/test-runner
+ entrypoint: /bin/bash
+ args:
+ - -c
+ - |
+ set -x -e
+ cd /workspace && make
+ python3 tools/python-integration-tests/slurm_simple_job_completion.py
diff --git a/tools/cloud-build/daily-tests/builds/slurm-gcp-v6-topology.yaml b/tools/cloud-build/daily-tests/builds/slurm-gcp-v6-topology.yaml
new file mode 100644
index 0000000000..51bfa17c71
--- /dev/null
+++ b/tools/cloud-build/daily-tests/builds/slurm-gcp-v6-topology.yaml
@@ -0,0 +1,34 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+tags:
+- m.pre-existing-vpc
+- m.schedmd-slurm-gcp-v6-controller
+- m.schedmd-slurm-gcp-v6-login
+- m.schedmd-slurm-gcp-v6-nodeset
+- m.schedmd-slurm-gcp-v6-partition
+- slurm6
+
+timeout: 14400s # 4hr
+steps:
+- id: slurm-topology
+ name: us-central1-docker.pkg.dev/$PROJECT_ID/hpc-toolkit-repo/test-runner
+ entrypoint: /bin/bash
+ args:
+ - -c
+ - |
+ set -x -e
+ cd /workspace && make
+ python3 tools/python-integration-tests/slurm_topology.py
diff --git a/tools/cloud-build/daily-tests/tests/gke-a2-highgpu-kueue.yml b/tools/cloud-build/daily-tests/tests/gke-a2-highgpu-kueue.yml
new file mode 100644
index 0000000000..0735f4f970
--- /dev/null
+++ b/tools/cloud-build/daily-tests/tests/gke-a2-highgpu-kueue.yml
@@ -0,0 +1,41 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+
+# region, zone must be defined
+# in build file with --extra-vars flag!
+test_name: gke-a2high-kueue
+deployment_name: gke-a2high-kueue-{{ build }}
+workspace: /workspace
+blueprint_yaml: "{{ workspace }}/tools/cloud-build/daily-tests/blueprints/gke-a2-highgpu.yaml"
+network: "gke-a2high-net-{{ build }}"
+region: us-central1
+zone: us-central1-f
+remote_node: "{{ deployment_name }}-remote-node-0"
+reservation_affinity:
+ consume_reservation_type: SPECIFIC_RESERVATION
+ specific_reservations:
+ - name: a2-reservation-0
+ project: "{{ project }}"
+cli_deployment_vars:
+ region: "{{ region }}"
+ zone: "{{ zone }}"
+ network_name: "{{ network }}"
+ reservation_affinity: "{{ reservation_affinity }}"
+ local_ssd_count_nvme_block: 2
+custom_vars:
+ project: "{{ project }}"
+post_deploy_tests:
+- test-validation/test-gke-kueue.yml
diff --git a/tools/cloud-build/daily-tests/tests/gke-a3-highgpu.yml b/tools/cloud-build/daily-tests/tests/gke-a3-highgpu.yml
index ea7e105141..dc88ac46d2 100644
--- a/tools/cloud-build/daily-tests/tests/gke-a3-highgpu.yml
+++ b/tools/cloud-build/daily-tests/tests/gke-a3-highgpu.yml
@@ -20,7 +20,7 @@ test_name: gke-a3high
deployment_name: gke-a3high-{{ build }}
workspace: /workspace
blueprint_yaml: "{{ workspace }}/examples/gke-a3-highgpu.yaml"
-network: "gke-a3high-net-{{ build }}"
+network: "{{ deployment_name }}-net"
region: us-west1
zone: us-west1-a
remote_node: "{{ deployment_name }}-remote-node-0"
diff --git a/tools/cloud-build/daily-tests/tests/gke-a3-megagpu.yml b/tools/cloud-build/daily-tests/tests/gke-a3-megagpu.yml
index f24facfe68..dec2cad59e 100644
--- a/tools/cloud-build/daily-tests/tests/gke-a3-megagpu.yml
+++ b/tools/cloud-build/daily-tests/tests/gke-a3-megagpu.yml
@@ -20,7 +20,7 @@ test_name: gke-a3mega
deployment_name: gke-a3mega-{{ build }}
workspace: /workspace
blueprint_yaml: "{{ workspace }}/examples/gke-a3-megagpu.yaml"
-network: "gke-a3mega-net-{{ build }}"
+network: "{{ deployment_name }}-net"
region: us-west4
zone: us-west4-a
remote_node: "{{ deployment_name }}-remote-node-0"
diff --git a/tools/cloud-build/daily-tests/tests/gke-storage-parallelstore.yml b/tools/cloud-build/daily-tests/tests/gke-managed-parallelstore.yml
similarity index 81%
rename from tools/cloud-build/daily-tests/tests/gke-storage-parallelstore.yml
rename to tools/cloud-build/daily-tests/tests/gke-managed-parallelstore.yml
index a6de4bf239..cd9e7f712b 100644
--- a/tools/cloud-build/daily-tests/tests/gke-storage-parallelstore.yml
+++ b/tools/cloud-build/daily-tests/tests/gke-managed-parallelstore.yml
@@ -12,16 +12,16 @@
# See the License for the specific language governing permissions and
# limitations under the License.
---
-test_name: gke-storage-parallelstore
-deployment_name: gke-storage-parallelstore-{{ build }}
+test_name: gke-managed-parallelstore
+deployment_name: gke-managed-parallelstore-{{ build }}
zone: us-central1-a # for remote node
region: us-central1
workspace: /workspace
-blueprint_yaml: "{{ workspace }}/examples/gke-storage-parallelstore.yaml"
+blueprint_yaml: "{{ workspace }}/examples/gke-managed-parallelstore.yaml"
network: "{{ deployment_name }}-net"
remote_node: "{{ deployment_name }}-0"
post_deploy_tests:
-- test-validation/test-gke-storage-parallelstore.yml
+- test-validation/test-gke-managed-parallelstore.yml
custom_vars:
project: "{{ project }}"
cli_deployment_vars:
diff --git a/tools/cloud-build/daily-tests/tests/gke-storage.yml b/tools/cloud-build/daily-tests/tests/gke-storage.yml
index f2addf9432..3e37d04a9e 100644
--- a/tools/cloud-build/daily-tests/tests/gke-storage.yml
+++ b/tools/cloud-build/daily-tests/tests/gke-storage.yml
@@ -17,7 +17,7 @@ deployment_name: gke-storage-{{ build }}
zone: us-central1-a # for remote node
workspace: /workspace
blueprint_yaml: "{{ workspace }}/examples/storage-gke.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
remote_node: "{{ deployment_name }}-0"
post_deploy_tests: []
cli_deployment_vars:
diff --git a/tools/cloud-build/daily-tests/tests/hcls-v5-legacy.yml b/tools/cloud-build/daily-tests/tests/hcls-v5-legacy.yml
index 2699508885..073e773d2c 100644
--- a/tools/cloud-build/daily-tests/tests/hcls-v5-legacy.yml
+++ b/tools/cloud-build/daily-tests/tests/hcls-v5-legacy.yml
@@ -22,7 +22,7 @@ slurm_cluster_name: "hcls{{ build[0:6] }}"
zone: europe-west1-c
workspace: /workspace
blueprint_yaml: "{{ workspace }}/docs/videos/healthcare-and-life-sciences/hcls-blueprint-v5-legacy.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
login_node: "{{ slurm_cluster_name }}-login-*"
controller_node: "{{ slurm_cluster_name }}-controller"
cli_deployment_vars:
diff --git a/tools/cloud-build/daily-tests/tests/hpc-enterprise-slurm.yml b/tools/cloud-build/daily-tests/tests/hpc-enterprise-slurm.yml
index d8793672f7..26a2343334 100644
--- a/tools/cloud-build/daily-tests/tests/hpc-enterprise-slurm.yml
+++ b/tools/cloud-build/daily-tests/tests/hpc-enterprise-slurm.yml
@@ -26,7 +26,7 @@ cli_deployment_vars:
gpu_zones: "[europe-west4-a,europe-west4-b,europe-west4-c]"
workspace: /workspace
blueprint_yaml: "{{ workspace }}/examples/hpc-enterprise-slurm.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
# Note: Pattern matching in gcloud only supports 1 wildcard.
login_node: "{{ slurm_cluster_name }}-slurm-login-*"
diff --git a/tools/cloud-build/daily-tests/tests/hpc-slurm-chromedesktop.yml b/tools/cloud-build/daily-tests/tests/hpc-slurm-chromedesktop.yml
index 59e7e20b5e..700a3a1807 100644
--- a/tools/cloud-build/daily-tests/tests/hpc-slurm-chromedesktop.yml
+++ b/tools/cloud-build/daily-tests/tests/hpc-slurm-chromedesktop.yml
@@ -26,7 +26,7 @@ cli_deployment_vars:
zone: "{{ zone }}"
workspace: /workspace
blueprint_yaml: "{{ workspace }}/community/examples/hpc-slurm-chromedesktop-v5-legacy.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
# Note: Pattern matching in gcloud only supports 1 wildcard.
login_node: "{{ slurm_cluster_name }}-login-*"
controller_node: "{{ slurm_cluster_name }}-controller"
diff --git a/tools/cloud-build/daily-tests/tests/htc-slurm.yml b/tools/cloud-build/daily-tests/tests/htc-slurm.yml
index a34fe41c8b..819df638bf 100644
--- a/tools/cloud-build/daily-tests/tests/htc-slurm.yml
+++ b/tools/cloud-build/daily-tests/tests/htc-slurm.yml
@@ -15,7 +15,7 @@
---
test_name: htc-slurm-v6
-deployment_name: htcv6{{ build }}
+deployment_name: htc-v6-{{ build }}
slurm_cluster_name: "htcv6{{ build[0:5] }}"
zone: us-west4-c
@@ -26,7 +26,7 @@ cli_deployment_vars:
workspace: /workspace
blueprint_yaml: "{{ workspace }}/community/examples/htc-slurm.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
# Note: Pattern matching in gcloud only supports 1 wildcard, a*-login-* won't work.
login_node: "{{ slurm_cluster_name }}-slurm-login-*"
controller_node: "{{ slurm_cluster_name }}-controller"
diff --git a/tools/cloud-build/daily-tests/tests/ml-a3-highgpu-slurm-image-legacy.yml b/tools/cloud-build/daily-tests/tests/ml-a3-highgpu-slurm-image-legacy.yml
index dfda8f955d..1c36c4f792 100644
--- a/tools/cloud-build/daily-tests/tests/ml-a3-highgpu-slurm-image-legacy.yml
+++ b/tools/cloud-build/daily-tests/tests/ml-a3-highgpu-slurm-image-legacy.yml
@@ -27,4 +27,4 @@ cli_deployment_vars:
region: us-west1
zone: us-west1-a
source_image_project_id: deeplearning-platform
- source_image: dlvm-tcpd-cu120-648491853-ubuntu-2004-py310
+ source_image: dlvm-tcpd-cu120-677850957-ubuntu-2004-py310
diff --git a/tools/cloud-build/daily-tests/tests/ml-a3-highgpu-slurm-image.yml b/tools/cloud-build/daily-tests/tests/ml-a3-highgpu-slurm-image.yml
index 4f55da7b40..fbce6a6029 100644
--- a/tools/cloud-build/daily-tests/tests/ml-a3-highgpu-slurm-image.yml
+++ b/tools/cloud-build/daily-tests/tests/ml-a3-highgpu-slurm-image.yml
@@ -27,4 +27,4 @@ cli_deployment_vars:
region: us-west1
zone: us-west1-a
source_image_project_id: deeplearning-platform
- source_image: dlvm-tcpd-cu120-648491853-ubuntu-2004-py310
+ source_image: dlvm-tcpd-cu120-677850957-ubuntu-2004-py310
diff --git a/tools/cloud-build/daily-tests/tests/ml-slurm.yml b/tools/cloud-build/daily-tests/tests/ml-slurm.yml
index 06fbdaa012..62ce6587b5 100644
--- a/tools/cloud-build/daily-tests/tests/ml-slurm.yml
+++ b/tools/cloud-build/daily-tests/tests/ml-slurm.yml
@@ -16,7 +16,7 @@
test_name: ml-slurm-v6
deployment_name: ml-slurm-v6-{{ build }}
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
workspace: /workspace
blueprint_yaml: "{{ workspace }}/examples/ml-slurm.yaml"
packer_group_name: packer
diff --git a/tools/cloud-build/daily-tests/tests/slurm-v5-debian.yml b/tools/cloud-build/daily-tests/tests/slurm-v5-debian.yml
index 002730c1ae..2a06c30571 100644
--- a/tools/cloud-build/daily-tests/tests/slurm-v5-debian.yml
+++ b/tools/cloud-build/daily-tests/tests/slurm-v5-debian.yml
@@ -29,7 +29,7 @@ cli_deployment_vars:
zone: us-west4-c
workspace: /workspace
blueprint_yaml: "{{ workspace }}/community/examples/hpc-slurm-ubuntu2004-v5-legacy.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
# Note: Pattern matching in gcloud only supports 1 wildcard, centv5*-login-* won't work.
login_node: "{{ slurm_cluster_name }}-login-*"
controller_node: "{{ slurm_cluster_name }}-controller"
diff --git a/tools/cloud-build/daily-tests/tests/slurm-v5-hpc-centos7.yml b/tools/cloud-build/daily-tests/tests/slurm-v5-hpc-centos7.yml
index d40b21d566..52400b9e66 100644
--- a/tools/cloud-build/daily-tests/tests/slurm-v5-hpc-centos7.yml
+++ b/tools/cloud-build/daily-tests/tests/slurm-v5-hpc-centos7.yml
@@ -28,7 +28,7 @@ cli_deployment_vars:
zones: "[us-west4-a,us-west4-b,us-west4-c]"
workspace: /workspace
blueprint_yaml: "{{ workspace }}/examples/hpc-slurm-v5-legacy.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
# Note: Pattern matching in gcloud only supports 1 wildcard, centv5*-login-* won't work.
login_node: "{{ slurm_cluster_name }}-login-*"
controller_node: "{{ slurm_cluster_name }}-controller"
diff --git a/tools/cloud-build/daily-tests/tests/slurm-v5-rocky8.yml b/tools/cloud-build/daily-tests/tests/slurm-v5-rocky8.yml
index 7120a56973..cb76a571b4 100644
--- a/tools/cloud-build/daily-tests/tests/slurm-v5-rocky8.yml
+++ b/tools/cloud-build/daily-tests/tests/slurm-v5-rocky8.yml
@@ -29,7 +29,7 @@ cli_deployment_vars:
zone: us-west4-c
workspace: /workspace
blueprint_yaml: "{{ workspace }}/community/examples/hpc-slurm-ubuntu2004-v5-legacy.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
# Note: Pattern matching in gcloud only supports 1 wildcard, centv5*-login-* won't work.
login_node: "{{ slurm_cluster_name }}-login-*"
controller_node: "{{ slurm_cluster_name }}-controller"
diff --git a/tools/cloud-build/daily-tests/tests/slurm-v5-ubuntu.yml b/tools/cloud-build/daily-tests/tests/slurm-v5-ubuntu.yml
index b54b5ad21d..e104f5ede2 100644
--- a/tools/cloud-build/daily-tests/tests/slurm-v5-ubuntu.yml
+++ b/tools/cloud-build/daily-tests/tests/slurm-v5-ubuntu.yml
@@ -22,7 +22,7 @@ slurm_cluster_name: "ubunv5{{ build[0:4] }}"
zone: us-west4-c
workspace: /workspace
blueprint_yaml: "{{ workspace }}/community/examples/hpc-slurm-ubuntu2004-v5-legacy.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
# Note: Pattern matching in gcloud only supports 1 wildcard, centv5*-login-* won't work.
login_node: "{{ slurm_cluster_name }}-login-*"
controller_node: "{{ slurm_cluster_name }}-controller"
diff --git a/tools/cloud-build/daily-tests/tests/slurm-v6-debian.yml b/tools/cloud-build/daily-tests/tests/slurm-v6-debian.yml
index 90338aabd9..4c34464538 100644
--- a/tools/cloud-build/daily-tests/tests/slurm-v6-debian.yml
+++ b/tools/cloud-build/daily-tests/tests/slurm-v6-debian.yml
@@ -29,7 +29,7 @@ cli_deployment_vars:
zone: us-west4-c
workspace: /workspace
blueprint_yaml: "{{ workspace }}/community/examples/hpc-slurm-ubuntu2004.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
# Note: Pattern matching in gcloud only supports 1 wildcard, centv5*-login-* won't work.
login_node: "{{ slurm_cluster_name }}-slurm-login-*"
controller_node: "{{ slurm_cluster_name }}-controller"
diff --git a/tools/cloud-build/daily-tests/tests/slurm-v6-rocky8.yml b/tools/cloud-build/daily-tests/tests/slurm-v6-rocky8.yml
index 3a9e27d5b8..688deb86db 100644
--- a/tools/cloud-build/daily-tests/tests/slurm-v6-rocky8.yml
+++ b/tools/cloud-build/daily-tests/tests/slurm-v6-rocky8.yml
@@ -28,7 +28,7 @@ cli_deployment_vars:
zone: us-central1-a
workspace: /workspace
blueprint_yaml: "{{ workspace }}/examples/hpc-slurm.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
# Note: Pattern matching in gcloud only supports 1 wildcard, a*-login-* won't work.
login_node: "{{ slurm_cluster_name }}-slurm-login-*"
controller_node: "{{ slurm_cluster_name }}-controller"
diff --git a/tools/cloud-build/daily-tests/tests/slurm-v6-ssd.yml b/tools/cloud-build/daily-tests/tests/slurm-v6-ssd.yml
index acf2ecb013..fdeea5a603 100644
--- a/tools/cloud-build/daily-tests/tests/slurm-v6-ssd.yml
+++ b/tools/cloud-build/daily-tests/tests/slurm-v6-ssd.yml
@@ -22,7 +22,7 @@ slurm_cluster_name: "ssdv6{{ build[0:5] }}"
zone: us-central1-a
workspace: /workspace
blueprint_yaml: "{{ workspace }}/community/examples/hpc-slurm-local-ssd.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
# Note: Pattern matching in gcloud only supports 1 wildcard, centv5*-login-* won't work.
login_node: "{{ slurm_cluster_name }}-slurm-login-*"
controller_node: "{{ slurm_cluster_name }}-controller"
diff --git a/tools/cloud-build/daily-tests/tests/slurm-v6-ubuntu.yml b/tools/cloud-build/daily-tests/tests/slurm-v6-ubuntu.yml
index 904866b3a5..768efcfadf 100644
--- a/tools/cloud-build/daily-tests/tests/slurm-v6-ubuntu.yml
+++ b/tools/cloud-build/daily-tests/tests/slurm-v6-ubuntu.yml
@@ -22,7 +22,7 @@ slurm_cluster_name: "ubunv6{{ build[0:4] }}"
zone: us-west4-c
workspace: /workspace
blueprint_yaml: "{{ workspace }}/community/examples/hpc-slurm-ubuntu2004.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
# Note: Pattern matching in gcloud only supports 1 wildcard, centv5*-login-* won't work.
login_node: "{{ slurm_cluster_name }}-slurm-login-*"
controller_node: "{{ slurm_cluster_name }}-controller"
diff --git a/tools/cloud-build/daily-tests/tests/spack-gromacs.yml b/tools/cloud-build/daily-tests/tests/spack-gromacs.yml
index c86e74eb81..75c2e7d558 100644
--- a/tools/cloud-build/daily-tests/tests/spack-gromacs.yml
+++ b/tools/cloud-build/daily-tests/tests/spack-gromacs.yml
@@ -20,7 +20,7 @@ slurm_cluster_name: "groma{{ build[0:5] }}"
zone: us-central1-c
workspace: /workspace
blueprint_yaml: "{{ workspace }}/community/examples/hpc-slurm-gromacs.yaml"
-network: "{{ test_name }}-net"
+network: "{{ deployment_name }}-net"
login_node: "{{ slurm_cluster_name }}-slurm-login-*"
# Image name to be used to filter logs from /var/log/messages for startup script.
image_name: "slurm-gcp-dev-hpc-rocky-linux-8-*"
diff --git a/tools/cloud-build/daily-tests/validate_tests_metadata.py b/tools/cloud-build/daily-tests/validate_tests_metadata.py
index c6e11fd881..16905a1f72 100644
--- a/tools/cloud-build/daily-tests/validate_tests_metadata.py
+++ b/tools/cloud-build/daily-tests/validate_tests_metadata.py
@@ -73,6 +73,9 @@ def get_blueprint(build_path: str) -> Optional[str]:
f"{BUILDS_DIR}/chrome-remote-desktop.yaml": "tools/cloud-build/daily-tests/blueprints/crd-default.yaml",
f"{BUILDS_DIR}/chrome-remote-desktop-ubuntu.yaml": "tools/cloud-build/daily-tests/blueprints/crd-ubuntu.yaml",
f"{BUILDS_DIR}/gcluster-dockerfile.yaml": "tools/cloud-build/daily-tests/blueprints/e2e.yaml",
+ f"{BUILDS_DIR}/slurm-gcp-v6-reconfig-size.yaml": "tools/python-integration-tests/blueprints/slurm-simple-reconfig.yaml",
+ f"{BUILDS_DIR}/slurm-gcp-v6-simple-job-completion.yaml": "tools/python-integration-tests/blueprints/slurm-simple.yaml",
+ f"{BUILDS_DIR}/slurm-gcp-v6-topology.yaml": "tools/python-integration-tests/blueprints/topology-test.yaml",
}
if build_path in SPECIAL_CASES:
return SPECIAL_CASES[build_path]
diff --git a/tools/cloud-build/images/cluster-toolkit-dockerfile/Dockerfile b/tools/cloud-build/images/cluster-toolkit-dockerfile/Dockerfile
index 0276bfce29..fe80cc75b1 100644
--- a/tools/cloud-build/images/cluster-toolkit-dockerfile/Dockerfile
+++ b/tools/cloud-build/images/cluster-toolkit-dockerfile/Dockerfile
@@ -28,7 +28,8 @@ RUN apt-get update && \
git \
make \
unzip \
- wget
+ wget \
+ python3-pip
# Install Terraform
ARG TERRAFORM_VERSION=1.5.2
@@ -70,6 +71,9 @@ RUN echo $PATH
RUN mkdir /out
WORKDIR /out
+RUN echo "[global]" >> /etc/pip.conf
+RUN echo "break-system-packages = true" >> /etc/pip.conf
+
# Command to execute when running the container (placeholder)
ENTRYPOINT ["gcluster"]
CMD ["--help"]
diff --git a/tools/cloud-build/images/test-runner/Dockerfile b/tools/cloud-build/images/test-runner/Dockerfile
index 0baa889e83..9139d9f4cf 100644
--- a/tools/cloud-build/images/test-runner/Dockerfile
+++ b/tools/cloud-build/images/test-runner/Dockerfile
@@ -44,6 +44,7 @@ RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - && \
pip install --no-cache-dir --upgrade pip && \
pip install --no-cache-dir -r https://raw.githubusercontent.com/GoogleCloudPlatform/slurm-gcp/v5/scripts/requirements.txt && \
pip install --no-cache-dir ansible && \
+ pip install --no-cache-dir paramiko && \
rm -rf ~/.cache/pip/* && \
cd /workspace && \
# Add .terraformrc to $HOME to allow use of google-private
diff --git a/tools/python-integration-tests/blueprints/slurm-simple-reconfig.yaml b/tools/python-integration-tests/blueprints/slurm-simple-reconfig.yaml
new file mode 100644
index 0000000000..a9ac6d891f
--- /dev/null
+++ b/tools/python-integration-tests/blueprints/slurm-simple-reconfig.yaml
@@ -0,0 +1,58 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+blueprint_name: slurm-test
+
+vars:
+ project_id: ## Set GCP Project ID Here ##
+ deployment_name: slurm-test
+ region: us-central1
+ zone: us-central1-a
+
+deployment_groups:
+- group: primary
+ modules:
+ - id: network
+ source: modules/network/pre-existing-vpc
+
+ - id: nodeset
+ source: community/modules/compute/schedmd-slurm-gcp-v6-nodeset
+ use: [network]
+ settings:
+ bandwidth_tier: gvnic_enabled
+ machine_type: c2-standard-4
+ node_count_dynamic_max: 3
+ allow_automatic_updates: false
+
+ - id: partition
+ source: community/modules/compute/schedmd-slurm-gcp-v6-partition
+ use: [nodeset]
+ settings:
+ is_default: true
+ partition_name: compute
+
+ - id: slurm_login
+ source: community/modules/scheduler/schedmd-slurm-gcp-v6-login
+ use: [network]
+ settings:
+ machine_type: n1-standard-4
+ enable_login_public_ips: true
+
+ - id: slurm_controller
+ source: community/modules/scheduler/schedmd-slurm-gcp-v6-controller
+ use: [network, slurm_login, partition]
+ settings:
+ machine_type: n1-standard-4
+ enable_controller_public_ips: true
diff --git a/tools/python-integration-tests/blueprints/slurm-simple.yaml b/tools/python-integration-tests/blueprints/slurm-simple.yaml
new file mode 100644
index 0000000000..235674c4d2
--- /dev/null
+++ b/tools/python-integration-tests/blueprints/slurm-simple.yaml
@@ -0,0 +1,58 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+blueprint_name: slurm-test
+
+vars:
+ project_id: ## Set GCP Project ID Here ##
+ deployment_name: slurm-test
+ region: us-central1
+ zone: us-central1-a
+
+deployment_groups:
+- group: primary
+ modules:
+ - id: network
+ source: modules/network/pre-existing-vpc
+
+ - id: nodeset
+ source: community/modules/compute/schedmd-slurm-gcp-v6-nodeset
+ use: [network]
+ settings:
+ bandwidth_tier: gvnic_enabled
+ machine_type: c2-standard-4
+ node_count_dynamic_max: 5
+ allow_automatic_updates: false
+
+ - id: partition
+ source: community/modules/compute/schedmd-slurm-gcp-v6-partition
+ use: [nodeset]
+ settings:
+ is_default: true
+ partition_name: compute
+
+ - id: slurm_login
+ source: community/modules/scheduler/schedmd-slurm-gcp-v6-login
+ use: [network]
+ settings:
+ machine_type: n1-standard-4
+ enable_login_public_ips: true
+
+ - id: slurm_controller
+ source: community/modules/scheduler/schedmd-slurm-gcp-v6-controller
+ use: [network, slurm_login, partition]
+ settings:
+ machine_type: n1-standard-4
+ enable_controller_public_ips: true
diff --git a/tools/python-integration-tests/blueprints/topology-test.yaml b/tools/python-integration-tests/blueprints/topology-test.yaml
new file mode 100644
index 0000000000..acb494c801
--- /dev/null
+++ b/tools/python-integration-tests/blueprints/topology-test.yaml
@@ -0,0 +1,61 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+blueprint_name: topology-test
+
+vars:
+ project_id: ## Set GCP Project ID Here ##
+ deployment_name: topology-test
+ region: us-central1
+ zone: us-central1-a
+
+deployment_groups:
+- group: primary
+ modules:
+ - id: network
+ source: modules/network/pre-existing-vpc
+
+ - id: nodeset
+ source: community/modules/compute/schedmd-slurm-gcp-v6-nodeset
+ use: [network]
+ settings:
+ bandwidth_tier: gvnic_enabled
+ machine_type: n2-standard-4
+ node_count_dynamic_max: 0
+ node_count_static: 5
+ allow_automatic_updates: false
+ enable_placement: true
+
+ - id: partition
+ source: community/modules/compute/schedmd-slurm-gcp-v6-partition
+ use: [nodeset]
+ settings:
+ is_default: true
+ partition_name: topo
+ exclusive: false
+
+ - id: slurm_login
+ source: community/modules/scheduler/schedmd-slurm-gcp-v6-login
+ use: [network]
+ settings:
+ machine_type: n1-standard-4
+ enable_login_public_ips: true
+
+ - id: slurm_controller
+ source: community/modules/scheduler/schedmd-slurm-gcp-v6-controller
+ use: [network, slurm_login, partition]
+ settings:
+ machine_type: n1-standard-4
+ enable_controller_public_ips: true
diff --git a/tools/python-integration-tests/deployment.py b/tools/python-integration-tests/deployment.py
new file mode 100644
index 0000000000..3ed43361b9
--- /dev/null
+++ b/tools/python-integration-tests/deployment.py
@@ -0,0 +1,129 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+import shutil
+import os
+import subprocess
+import yaml
+
+class Deployment:
+ def __init__(self, blueprint: str):
+ self.blueprint_yaml = blueprint
+ self.state_bucket = "daily-tests-tf-state"
+ self.project_id = None
+ self.workspace = None
+ self.instance_name = None
+ self.username = None
+ self.deployment_name = None
+ self.zone = None
+
+ def run_command(self, cmd: str, err_msg: str = None) -> subprocess.CompletedProcess:
+ res = subprocess.run(cmd, shell=True, universal_newlines=True, check=True,
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ return res
+
+ def parse_blueprint(self, file_path: str):
+ with open(file_path, 'r') as file:
+ content = yaml.safe_load(file)
+ self.deployment_name = content["vars"]["deployment_name"]
+ self.zone = content["vars"]["zone"]
+
+ def get_posixAccount_info(self):
+ # Extract the username from posixAccounts
+ result = self.run_command(f"gcloud compute os-login describe-profile --format=json").stdout
+ posixAccounts = json.loads(result)
+
+ for account in posixAccounts.get('posixAccounts', []):
+ if 'accountId' in account:
+ self.project_id = account['accountId']
+ self.username = account['username']
+
+ def set_deployment_variables(self):
+ self.workspace = os.path.abspath(os.getcwd().strip())
+ self.parse_blueprint(self.blueprint_yaml)
+ self.get_posixAccount_info()
+ self.instance_name = self.deployment_name.replace("-", "")[:10] + "-slurm-login-001"
+
+ def create_blueprint(self):
+ cmd = [
+ "./gcluster",
+ "create",
+ "-l",
+ "ERROR",
+ self.blueprint_yaml,
+ "--backend-config",
+ f"bucket={self.state_bucket}",
+ "--vars",
+ f"project_id={self.project_id}",
+ "--vars",
+ f"deployment_name={self.deployment_name}",
+ "-w"
+ ]
+
+ subprocess.run(cmd, check=True, cwd=self.workspace)
+
+ def compress_blueprint(self):
+ cmd = [
+ "tar",
+ "-czf",
+ "%s.tgz" % (self.deployment_name),
+ "%s" % (self.deployment_name),
+ ]
+
+ subprocess.run(cmd, check=True, cwd=self.workspace)
+
+ def upload_deployment(self):
+ cmd = [
+ "gsutil",
+ "cp",
+ "%s.tgz" % (self.deployment_name),
+ "gs://%s/%s/" % (self.state_bucket, self.deployment_name)
+ ]
+
+ subprocess.run(cmd, check=True, cwd=self.workspace)
+
+ def print_download_command(self):
+ print("gcloud storage cp gs://%s/%s/%s.tgz ." % (self.state_bucket, self.deployment_name, self.deployment_name))
+
+ def create_deployment_directory(self):
+ self.set_deployment_variables()
+ self.create_blueprint()
+ self.compress_blueprint()
+ self.upload_deployment()
+ self.print_download_command()
+
+ def deploy(self):
+ # Create deployment directory
+ self.create_deployment_directory()
+ cmd = [
+ "./gcluster",
+ "deploy",
+ self.deployment_name,
+ "--auto-approve"
+ ]
+
+ subprocess.run(cmd, check=True, cwd=self.workspace)
+
+ def destroy(self):
+ cmd = [
+ "./gcluster",
+ "destroy",
+ self.deployment_name,
+ "--auto-approve"
+ ]
+
+ subprocess.run(cmd, check=True, cwd=self.workspace)
+ os.remove(f"{self.deployment_name}.tgz")
+ shutil.rmtree(self.deployment_name)
diff --git a/tools/python-integration-tests/slurm_reconfig_size.py b/tools/python-integration-tests/slurm_reconfig_size.py
new file mode 100644
index 0000000000..597eac1756
--- /dev/null
+++ b/tools/python-integration-tests/slurm_reconfig_size.py
@@ -0,0 +1,41 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from ssh import SSHManager
+from deployment import Deployment
+from test import SlurmTest
+import unittest
+import time
+
+class SlurmReconfigureSize(SlurmTest):
+ # Class to test simple reconfiguration
+ def __init__(self, deployment):
+ super().__init__(Deployment("tools/python-integration-tests/blueprints/slurm-simple.yaml"))
+ self.reconfig_blueprint = "tools/python-integration-tests/blueprints/slurm-simple-reconfig.yaml"
+
+ def runTest(self):
+ # Check 5 nodes are available
+ self.assert_equal(len(self.get_nodes()), 5)
+
+ self.deployment = Deployment(self.reconfig_blueprint)
+ self.deployment.deploy()
+
+ # Wait 90 seconds for reconfig
+ time.sleep(90)
+
+ # Check 3 nodes are available
+ self.assert_equal(len(self.get_nodes()), 3)
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/tools/python-integration-tests/slurm_simple_job_completion.py b/tools/python-integration-tests/slurm_simple_job_completion.py
new file mode 100644
index 0000000000..702f337e96
--- /dev/null
+++ b/tools/python-integration-tests/slurm_simple_job_completion.py
@@ -0,0 +1,78 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from ssh import SSHManager
+from deployment import Deployment
+from test import SlurmTest
+import unittest
+import time
+import json
+
+class SlurmSimpleJobCompletionTest(SlurmTest):
+ # Class to test simple slurm job completion
+ def __init__(self, deployment):
+ super().__init__(Deployment("tools/python-integration-tests/blueprints/slurm-simple.yaml"))
+ self.job_list = {}
+
+ def runTest(self):
+ # Submits 5 jobs and checks if they are successful.
+ for i in range(5):
+ self.submit_job('sbatch -N 1 --wrap "sleep 20"')
+ self.monitor_squeue()
+
+ for job_id in self.job_list.keys():
+ result = self.is_job_complete(job_id)
+ self.assert_equal(True, result, f"Something went wrong with JobID:{job_id}.")
+ print(f"JobID {job_id} finished successfully.")
+
+ def monitor_squeue(self):
+ # Monitors squeue and updates self.job_list until all running jobs are complete.
+ lines = []
+
+ while True:
+ stdin, stdout, stderr = self.ssh_client.exec_command('squeue')
+
+ lines = stdout.read().decode().splitlines()[1:] # Skip header
+
+ if not lines:
+ break
+ for line in lines:
+ parts = line.split()
+ job_id, partition, _, _, state, times, nodes, nodelist = line.split()
+
+ if job_id not in self.job_list:
+ print(f"Job id {job_id} is not recognized.")
+ else:
+ self.job_list[job_id].update({
+ "partition": partition,
+ "state": state,
+ "time": times,
+ "nodes": nodes,
+ "nodelist": nodelist,
+ })
+ time.sleep(5)
+
+ def is_job_complete(self, job_id: str):
+ # Checks if a job successfully completed.
+ stdin, stdout, stderr = self.ssh_client.exec_command(f'scontrol show job {job_id} --json')
+ content = json.load(stdout)
+ return content["jobs"][0]["job_state"][0] == "COMPLETED"
+
+ def submit_job(self, cmd: str):
+ stdin, stdout, stderr = self.ssh_client.exec_command(cmd)
+ jobID = stdout.read().decode().split()[-1]
+ self.job_list[jobID] = {}
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/tools/python-integration-tests/slurm_topology.py b/tools/python-integration-tests/slurm_topology.py
new file mode 100644
index 0000000000..6b1499d2fd
--- /dev/null
+++ b/tools/python-integration-tests/slurm_topology.py
@@ -0,0 +1,59 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from ssh import SSHManager
+from deployment import Deployment
+from test import SlurmTest
+from collections import defaultdict
+import unittest
+import logging
+
+class SlurmTopologyTest(SlurmTest):
+ # Class to test Slurm topology
+ def __init__(self, deployment):
+ super().__init__(Deployment("tools/python-integration-tests/blueprints/topology-test.yaml"))
+
+ def runTest(self):
+ # Checks isomorphism of last layer of nodes to determine topology.
+ r_rack, s_rack = defaultdict(set), defaultdict(set)
+ nodes = self.get_nodes()
+
+ for node in nodes:
+ r_rack[self.get_real_rack(node)].add(node)
+ s_rack[self.get_slurm_rack(node)].add(node)
+
+ r_rack_set = [set(v) for v in r_rack.values()]
+ s_rack_set = [set(v) for v in s_rack.values()]
+
+ self.assert_equal(r_rack_set, s_rack_set, "The two sets did not match.")
+
+ def get_slurm_topology(self):
+ stdin, stdout, stderr = self.ssh_client.exec_command("scontrol show topo")
+ return stdout.read().decode()
+
+ def get_node_depth(self, switch_name: str):
+ return switch_name.count("_")
+
+ def get_real_rack(self, node: str):
+ result = self.run_command(f"gcloud compute instances describe {node} --zone={self.deployment.zone} --project={self.deployment.project_id} --format='value(resourceStatus.physicalHost)'")
+ return result.stdout.split("/")[1]
+
+ def get_slurm_rack(self, node: str):
+ stdin, stdout, stderr = self.ssh_client.exec_command(f"scontrol show topology {node} | tail -1 | cut -d' ' -f1")
+ switch_name = stdout.read().decode()
+ self.assert_equal(self.get_node_depth(switch_name), 2, f"{node} does not have the expected topology depth of 2."),
+ return switch_name
+
+if __name__ == "__main__":
+ unittest.main()
diff --git a/tools/python-integration-tests/ssh.py b/tools/python-integration-tests/ssh.py
new file mode 100644
index 0000000000..b051020ad6
--- /dev/null
+++ b/tools/python-integration-tests/ssh.py
@@ -0,0 +1,79 @@
+# Copyright 2024 "Google LLC"
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+import subprocess
+import time
+import paramiko
+
+class SSHManager:
+ # Manages tunnel and SSH connection.
+ _instance = None
+
+ def __new__(cls, *args, **kwargs):
+ if not cls._instance:
+ cls._instance = super(SSHManager, cls).__new__(cls)
+ return cls._instance
+
+ def __init__(self):
+ if not hasattr(self, 'ssh_client'):
+ self.tunnel = None
+ self.key = None
+ self.ssh_client = None
+
+ def run_command(self, cmd: str) -> subprocess.CompletedProcess:
+ res = subprocess.run(cmd, text=True, check=True, capture_output=True)
+
+ def create_tunnel(self, instance_name, port, project_id, zone):
+ iap_tunnel_cmd = [
+ "gcloud", "compute", "start-iap-tunnel", instance_name,
+ "22", "--project", project_id, "--zone", zone,
+ f"--local-host-port=localhost:{port}"
+ ]
+
+ self.tunnel = subprocess.Popen(iap_tunnel_cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+
+ # Sleep to give the tunnel a few seconds to set up
+ time.sleep(3)
+
+ def get_keypath(self):
+ key_path = os.path.expanduser("~/.ssh/google_compute_engine")
+ os.makedirs(os.path.dirname(key_path), exist_ok=True)
+
+ self.run_command(["ssh-keygen", "-t", "rsa", "-f", key_path, "-N", ""])
+
+ # Add the public key to OS Login
+ public_key_path = key_path + ".pub"
+ self.run_command(["gcloud", "compute", "os-login", "ssh-keys", "add", "--key-file", public_key_path, "--ttl", "60m"])
+
+ return key_path
+
+ def setup_connection(self, instance_name, port, project_id, zone):
+ self.ssh_client = paramiko.SSHClient()
+ self.ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+ self.key = paramiko.RSAKey.from_private_key_file(self.get_keypath())
+ self.create_tunnel(instance_name, port, project_id, zone)
+
+ def close(self):
+ # Closes existing SSH connection and tunnel
+ if self.ssh_client:
+ self.ssh_client.close()
+ if self.tunnel:
+ self.tunnel.terminate()
+ time.sleep(1) # give a second to terminate
+ if self.tunnel.poll() is None:
+ self.tunnel.kill() # kill leftover process if still running
+ self.tunnel.stdout.close()
+ self.tunnel.stderr.close()
+ self.tunnel = None
diff --git a/tools/python-integration-tests/test.py b/tools/python-integration-tests/test.py
index 00412f7d7b..a02fa6ed65 100644
--- a/tools/python-integration-tests/test.py
+++ b/tools/python-integration-tests/test.py
@@ -13,280 +13,57 @@
# limitations under the License.
import json
-import logging
-import shutil
-import os
-import re
-import signal
-import socket
import subprocess
-import sys
import time
-import paramiko
-from collections import defaultdict
-import argparse
-import yaml
+import unittest
+from ssh import SSHManager
+from deployment import Deployment
-def run_command(cmd: str, err_msg: str = None) -> subprocess.CompletedProcess:
- res = subprocess.run(cmd, shell=True, universal_newlines=True, check=True,
- stdout=subprocess.PIPE, stderr=subprocess.PIPE)
- if res.returncode != 0:
- raise subprocess.SubprocessError(f"{err_msg}:\n{res.stderr}")
-
- return res
-
-def parse_blueprint(file_path: str):
- with open(file_path, 'r') as file:
- content = yaml.safe_load(file)
- return content["vars"]["deployment_name"], content["vars"]["zone"]
-
-def get_account_info():
- # Extract the username from posixAccounts
- result = run_command(f"gcloud compute os-login describe-profile --format=json").stdout
- posixAccounts = json.loads(result)
-
- for account in posixAccounts.get('posixAccounts', []):
- if 'accountId' in account:
- project_id = account['accountId']
- username = account['username']
- return project_id, username
-
-def create_deployment(blueprint: str):
- project_id, username = get_account_info()
- deployment_name, zone = parse_blueprint(blueprint)
- return Deployment(blueprint, project_id, username, deployment_name, zone)
-
-def test_simple_job_completion(blueprint: str):
- deployment = create_deployment(blueprint)
- deployment.deploy()
- try:
- # Waiting to let the login node finish set up or ssh will fail.
- print("Wait 60 seconds")
- time.sleep(60)
-
- ssh = deployment.ssh()
- test = Test(ssh, deployment)
- test.check_simple_job_completion()
- finally:
- deployment.close_tunnel()
- deployment.destroy()
-
-def test_topology(blueprint: str):
- deployment = create_deployment(blueprint)
- deployment.deploy()
- try:
- # Waiting to let the login node finish set up or ssh will fail.
- print("Wait 60 seconds")
- time.sleep(60)
- ssh = deployment.ssh()
- test = Test(ssh, deployment)
- test.check_topology()
- finally:
- deployment.close_tunnel()
- deployment.destroy()
-
-class Deployment:
- def __init__(self, blueprint: str, project_id: str, username: str, deployment_name: str, zone: str):
- self.blueprint_yaml = blueprint
- self.project_id = project_id
- self.state_bucket = "daily-tests-tf-state"
- self.workspace = ""
- self.username = username
- self.deployment_name = deployment_name
- self.zone = zone
- self.test_name = deployment_name
- self.tunnel = None
-
- def get_workspace(self):
- return os.path.abspath(os.getcwd().strip())
-
- def create_blueprint(self):
- self.workspace = self.get_workspace()
-
- cmd = [
- "./gcluster",
- "create",
- "-l",
- "ERROR",
- self.blueprint_yaml,
- "--backend-config",
- f"bucket={self.state_bucket}",
- "--vars",
- f"project_id={self.project_id}",
- "--vars",
- f"deployment_name={self.deployment_name}"
- ]
-
- subprocess.run(cmd, check=True, cwd=self.workspace)
-
- def compress_blueprint(self):
- cmd = [
- "tar",
- "-czf",
- "%s.tgz" % (self.deployment_name),
- "%s" % (self.deployment_name),
- ]
-
- subprocess.run(cmd, check=True, cwd=self.workspace)
-
- def upload_deployment(self):
- cmd = [
- "gsutil",
- "cp",
- "%s.tgz" % (self.deployment_name),
- "gs://%s/%s/" % (self.state_bucket, self.test_name)
- ]
-
- subprocess.run(cmd, check=True, cwd=self.workspace)
-
- def print_download_command(self):
- print("gcloud storage cp gs://%s/%s/%s.tgz ." % (self.state_bucket, self.test_name, self.deployment_name))
-
- def create_deployment_directory(self):
- self.create_blueprint()
- self.compress_blueprint()
- self.upload_deployment()
- self.print_download_command()
-
- def deploy(self):
- # Create deployment directory
- self.create_deployment_directory()
- cmd = [
- "./gcluster",
- "deploy",
- self.deployment_name,
- "--auto-approve"
- ]
-
- subprocess.run(cmd, check=True, cwd=self.workspace)
-
- def ssh(self) -> paramiko.SSHClient:
- instance_name = self.deployment_name.replace("-", "")[:10] + "-slurm-login-001"
-
- # Use existing SSH key pair (assuming it's already in ~/.ssh/google_compute_engine)
- key_path = os.path.expanduser("~/.ssh/google_compute_engine")
-
- # Add the public key to OS Login
- public_key_path = key_path + ".pub"
- subprocess.run(
- [
- "gcloud", "compute", "os-login", "ssh-keys", "describe",
- "--key-file", public_key_path
- ],
- check=True, capture_output=True
- )
-
- # Construct the gcloud command to create the IAP tunnel
- iap_tunnel_cmd = [
- "gcloud", "compute", "start-iap-tunnel", instance_name,
- "22", "--project", self.project_id, "--zone", self.zone,
- "--local-host-port=localhost:10022"
- ]
-
- # Create the IAP tunnel process
- self.tunnel = subprocess.Popen(iap_tunnel_cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-
- # Sleep to give the tunnel a few seconds to set up
- time.sleep(3)
-
- # Create an SSH client
- ssh = paramiko.SSHClient()
- ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
-
- # Load the private key
- key = paramiko.RSAKey.from_private_key_file(key_path)
-
- # Connect to the VM
- ssh.connect("localhost", port=10022, username=self.username, pkey=key)
-
- return ssh
-
- def close_tunnel(self):
- if self.tunnel:
- self.tunnel.terminate()
- self.tunnel.wait()
- self.tunnel = None
-
- def destroy(self):
- cmd = [
- "./gcluster",
- "destroy",
- self.deployment_name,
- "--auto-approve"
- ]
-
- subprocess.run(cmd, check=True, cwd=self.workspace)
- os.remove(f"{self.deployment_name}.tgz")
- shutil.rmtree(self.deployment_name)
-
-
-class Test:
- def __init__(self, ssh, deployment):
- self.ssh = ssh
+class Test(unittest.TestCase): # Inherit from unittest.TestCase
+ def __init__(self, deployment):
+ super().__init__() # Call the superclass constructor
self.deployment = deployment
- self.job_list = {}
-
- def get_slurm_topology(self):
- stdin, stdout, stderr = self.ssh.exec_command("scontrol show topo")
- return stdout.read().decode()
-
- def monitor_squeue(self):
- # Monitors squeue and updates self.job_list until all running jobs are complete.
- lines = []
+ self.ssh_manager = None
+ self.ssh_client = None
- while True:
- stdin, stdout, stderr = self.ssh.exec_command('squeue')
-
- lines = stdout.read().decode().splitlines()[1:] # Skip header
+ def run_command(self, cmd: str) -> subprocess.CompletedProcess:
+ res = subprocess.run(cmd, shell=True, text=True, check=True,
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ return res
- if not lines:
- break
- for line in lines:
- parts = line.split()
- job_id, partition, _, _, state, times, nodes, nodelist = line.split()
+ def setUp(self):
+ self.addCleanup(self.clean_up)
+ self.deployment.deploy()
+ time.sleep(90)
- if job_id not in self.job_list:
- print(f"Job id {job_id} is not recognized.")
- else:
- self.job_list[job_id].update({
- "partition": partition,
- "state": state,
- "time": times,
- "nodes": nodes,
- "nodelist": nodelist,
- })
- time.sleep(5)
+ def clean_up(self):
+ self.deployment.destroy()
- def is_job_complete(self, job_id: str):
- # Checks if a job successfully completed.
- stdin, stdout, stderr = self.ssh.exec_command(f'scontrol show job {job_id} --json')
- content = json.load(stdout)
- return content["jobs"][0]["job_state"][0] == "COMPLETED"
+class SlurmTest(Test):
+ # Base class for Slurm-specific tests.
+ def ssh(self, hostname):
+ self.ssh_manager = SSHManager()
+ self.ssh_manager.setup_connection(hostname, 10022, self.deployment.project_id, self.deployment.zone)
+ self.ssh_client = self.ssh_manager.ssh_client
+ self.ssh_client.connect("localhost", 10022, username=self.deployment.username, pkey=self.ssh_manager.key)
- def submit_job(self, cmd: str):
- stdin, stdout, stderr = self.ssh.exec_command(cmd)
- jobID = stdout.read().decode().split()[-1]
- self.job_list[jobID] = {}
+ def close_ssh(self):
+ self.ssh_manager.close()
- def get_node_depth(self, switch_name: str):
- return switch_name.count("_")
+ def setUp(self):
+ try:
+ super().setUp()
+ hostname = self.get_login_node()
+ self.ssh(hostname)
+ except Exception as err:
+ self.fail(f"Unexpected error encountered. stderr: {err.stderr}")
- def get_real_rack(self, node: str):
- result = run_command(f"gcloud compute instances describe {node} --zone={self.deployment.zone} --project={self.deployment.project_id} --format='value(resourceStatus.physicalHost)'")
- return result.stdout.split("/")[1]
-
- def get_slurm_rack(self, node: str):
- stdin, stdout, stderr = self.ssh.exec_command(f"scontrol show topology {node} | tail -1 | cut -d' ' -f1")
- switch_name = stdout.read().decode()
- self.assert_equal(self.get_node_depth(switch_name), 2, f"{node} does not have the expected topology depth of 2."),
- return switch_name
+ def clean_up(self):
+ super().clean_up()
+ self.close_ssh()
- def get_nodes(self):
- nodes = []
- stdin, stdout, stderr = self.ssh.exec_command("scontrol show node| grep NodeName")
- for line in stdout.read().decode().splitlines():
- nodes.append(line.split()[0].split("=")[1])
- return nodes
+ def get_login_node(self):
+ return self.deployment.deployment_name.replace("-", "")[:10] + "-slurm-login-001"
def assert_equal(self, value1, value2, message=None):
if value1 != value2:
@@ -294,51 +71,9 @@ def assert_equal(self, value1, value2, message=None):
message = f"Assertion failed: {value1} != {value2}"
raise AssertionError(message)
- def check_simple_job_completion(self):
- # Submits 5 jobs and checks if they are successful.
- for i in range(5):
- self.submit_job('sbatch -N 1 --wrap "sleep 20"')
- self.monitor_squeue()
-
- for job_id in self.job_list.keys():
- result = self.is_job_complete(job_id)
- self.assert_equal(True, result, f"Something went wrong with JobID:{job_id}.")
- print(f"JobID {job_id} finished successfully.")
-
- def check_topology(self):
- # Checks isomorphism of last layer of nodes to determine topology.
- r_rack, s_rack = defaultdict(set), defaultdict(set)
- nodes = self.get_nodes()
-
- for node in nodes:
- r_rack[self.get_real_rack(node)].add(node)
- s_rack[self.get_slurm_rack(node)].add(node)
-
- r_rack_set = [set(v) for v in r_rack.values()]
- s_rack_set = [set(v) for v in s_rack.values()]
-
- self.assert_equal(r_rack_set, s_rack_set, "The two sets did not match.")
-
-def main(simple_test_blueprints, topo_test_blueprints) -> None:
- if simple_test_blueprints:
- for blueprint in simple_test_blueprints:
- test_simple_job_completion(blueprint)
- print(f'{blueprint} passed simple slurm test.')
-
- if topo_test_blueprints:
- for blueprint in topo_test_blueprints:
- test_topology(blueprint)
- print(f'{blueprint} passed topology test.')
-
-if __name__ == "__main__":
- parser = argparse.ArgumentParser(
- prog='test.py',
- description="",
- formatter_class=argparse.RawTextHelpFormatter
- )
- parser.add_argument("--simple", nargs="+", help="File path(s) to blueprint(s) to do the simple slurm test on.")
- parser.add_argument("--topo", nargs="+", help="File path(s) to blueprint(s) to do the topology test on.")
-
- args = parser.parse_args()
-
- main(args.simple, args.topo)
+ def get_nodes(self):
+ nodes = []
+ stdin, stdout, stderr = self.ssh_client.exec_command("scontrol show node| grep NodeName")
+ for line in stdout.read().decode().splitlines():
+ nodes.append(line.split()[0].split("=")[1])
+ return nodes
diff --git a/tools/validate_configs/golden_copies/expectations/igc_pkr/.ghpc/artifacts/expanded_blueprint.yaml b/tools/validate_configs/golden_copies/expectations/igc_pkr/.ghpc/artifacts/expanded_blueprint.yaml
index 1db9c66495..dd66cf7aa1 100644
--- a/tools/validate_configs/golden_copies/expectations/igc_pkr/.ghpc/artifacts/expanded_blueprint.yaml
+++ b/tools/validate_configs/golden_copies/expectations/igc_pkr/.ghpc/artifacts/expanded_blueprint.yaml
@@ -38,14 +38,14 @@ deployment_groups:
terraform_providers:
google:
source: hashicorp/google
- version: ~> 6.10.0
+ version: ~> 6.13.0
configuration:
project: ((var.project_id))
region: ((var.region))
zone: ((var.zone))
google-beta:
source: hashicorp/google-beta
- version: ~> 6.10.0
+ version: ~> 6.13.0
configuration:
project: ((var.project_id))
region: ((var.region))
diff --git a/tools/validate_configs/golden_copies/expectations/igc_pkr/zero/versions.tf b/tools/validate_configs/golden_copies/expectations/igc_pkr/zero/versions.tf
index ed7b1bb3ba..fab3c44cd0 100644
--- a/tools/validate_configs/golden_copies/expectations/igc_pkr/zero/versions.tf
+++ b/tools/validate_configs/golden_copies/expectations/igc_pkr/zero/versions.tf
@@ -20,11 +20,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 6.10.0"
+ version = "~> 6.13.0"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "~> 6.10.0"
+ version = "~> 6.13.0"
}
}
}
diff --git a/tools/validate_configs/golden_copies/expectations/igc_tf/.ghpc/artifacts/expanded_blueprint.yaml b/tools/validate_configs/golden_copies/expectations/igc_tf/.ghpc/artifacts/expanded_blueprint.yaml
index fd6bd3e490..1906e9a832 100644
--- a/tools/validate_configs/golden_copies/expectations/igc_tf/.ghpc/artifacts/expanded_blueprint.yaml
+++ b/tools/validate_configs/golden_copies/expectations/igc_tf/.ghpc/artifacts/expanded_blueprint.yaml
@@ -44,14 +44,14 @@ deployment_groups:
terraform_providers:
google:
source: hashicorp/google
- version: ~> 6.10.0
+ version: ~> 6.13.0
configuration:
project: ((var.project_id))
region: ((var.region))
zone: ((var.zone))
google-beta:
source: hashicorp/google-beta
- version: ~> 6.10.0
+ version: ~> 6.13.0
configuration:
project: ((var.project_id))
region: ((var.region))
@@ -80,14 +80,14 @@ deployment_groups:
terraform_providers:
google:
source: hashicorp/google
- version: ~> 6.10.0
+ version: ~> 6.13.0
configuration:
project: ((var.project_id))
region: ((var.region))
zone: ((var.zone))
google-beta:
source: hashicorp/google-beta
- version: ~> 6.10.0
+ version: ~> 6.13.0
configuration:
project: ((var.project_id))
region: ((var.region))
diff --git a/tools/validate_configs/golden_copies/expectations/igc_tf/one/versions.tf b/tools/validate_configs/golden_copies/expectations/igc_tf/one/versions.tf
index ed7b1bb3ba..fab3c44cd0 100644
--- a/tools/validate_configs/golden_copies/expectations/igc_tf/one/versions.tf
+++ b/tools/validate_configs/golden_copies/expectations/igc_tf/one/versions.tf
@@ -20,11 +20,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 6.10.0"
+ version = "~> 6.13.0"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "~> 6.10.0"
+ version = "~> 6.13.0"
}
}
}
diff --git a/tools/validate_configs/golden_copies/expectations/igc_tf/zero/versions.tf b/tools/validate_configs/golden_copies/expectations/igc_tf/zero/versions.tf
index ed7b1bb3ba..fab3c44cd0 100644
--- a/tools/validate_configs/golden_copies/expectations/igc_tf/zero/versions.tf
+++ b/tools/validate_configs/golden_copies/expectations/igc_tf/zero/versions.tf
@@ -20,11 +20,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 6.10.0"
+ version = "~> 6.13.0"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "~> 6.10.0"
+ version = "~> 6.13.0"
}
}
}
diff --git a/tools/validate_configs/golden_copies/expectations/merge_flatten/.ghpc/artifacts/expanded_blueprint.yaml b/tools/validate_configs/golden_copies/expectations/merge_flatten/.ghpc/artifacts/expanded_blueprint.yaml
index 208cdde2ac..15a203a4b5 100644
--- a/tools/validate_configs/golden_copies/expectations/merge_flatten/.ghpc/artifacts/expanded_blueprint.yaml
+++ b/tools/validate_configs/golden_copies/expectations/merge_flatten/.ghpc/artifacts/expanded_blueprint.yaml
@@ -39,14 +39,14 @@ deployment_groups:
terraform_providers:
google:
source: hashicorp/google
- version: ~> 6.10.0
+ version: ~> 6.13.0
configuration:
project: ((var.project_id))
region: ((var.region))
zone: ((var.zone))
google-beta:
source: hashicorp/google-beta
- version: ~> 6.10.0
+ version: ~> 6.13.0
configuration:
project: ((var.project_id))
region: ((var.region))
diff --git a/tools/validate_configs/golden_copies/expectations/merge_flatten/zero/versions.tf b/tools/validate_configs/golden_copies/expectations/merge_flatten/zero/versions.tf
index ed7b1bb3ba..fab3c44cd0 100644
--- a/tools/validate_configs/golden_copies/expectations/merge_flatten/zero/versions.tf
+++ b/tools/validate_configs/golden_copies/expectations/merge_flatten/zero/versions.tf
@@ -20,11 +20,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 6.10.0"
+ version = "~> 6.13.0"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "~> 6.10.0"
+ version = "~> 6.13.0"
}
}
}
diff --git a/tools/validate_configs/golden_copies/expectations/versioned_blueprint/.ghpc/artifacts/expanded_blueprint.yaml b/tools/validate_configs/golden_copies/expectations/versioned_blueprint/.ghpc/artifacts/expanded_blueprint.yaml
index d8414f6db3..0a51078be5 100644
--- a/tools/validate_configs/golden_copies/expectations/versioned_blueprint/.ghpc/artifacts/expanded_blueprint.yaml
+++ b/tools/validate_configs/golden_copies/expectations/versioned_blueprint/.ghpc/artifacts/expanded_blueprint.yaml
@@ -47,14 +47,14 @@ deployment_groups:
terraform_providers:
google:
source: hashicorp/google
- version: ~> 6.10.0
+ version: ~> 6.13.0
configuration:
project: ((var.project_id))
region: ((var.region))
zone: ((var.zone))
google-beta:
source: hashicorp/google-beta
- version: ~> 6.10.0
+ version: ~> 6.13.0
configuration:
project: ((var.project_id))
region: ((var.region))
diff --git a/tools/validate_configs/golden_copies/expectations/versioned_blueprint/primary/versions.tf b/tools/validate_configs/golden_copies/expectations/versioned_blueprint/primary/versions.tf
index ed7b1bb3ba..fab3c44cd0 100644
--- a/tools/validate_configs/golden_copies/expectations/versioned_blueprint/primary/versions.tf
+++ b/tools/validate_configs/golden_copies/expectations/versioned_blueprint/primary/versions.tf
@@ -20,11 +20,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
- version = "~> 6.10.0"
+ version = "~> 6.13.0"
}
google-beta = {
source = "hashicorp/google-beta"
- version = "~> 6.10.0"
+ version = "~> 6.13.0"
}
}
}