diff --git a/Makefile b/Makefile index 83ff4c457..925fd81a5 100644 --- a/Makefile +++ b/Makefile @@ -29,7 +29,7 @@ export PROJECT_CLONE_IMG ?= quay.io/devfile/project-clone:next export PULL_POLICY ?= Always export DEFAULT_ROUTING ?= basic export KUBECONFIG ?= ${HOME}/.kube/config -export DEVWORKSPACE_API_VERSION ?= 32cae1f8e42c22035138ef6ee93080bc47d751c6 +export DEVWORKSPACE_API_VERSION ?= 2609b3576ec912b955a5b4a7398ce48f8e39e879 # Enable using Podman instead of Docker export DOCKER ?= docker diff --git a/build/make/deploy.mk b/build/make/deploy.mk index f94e07eef..fa78a37b9 100644 --- a/build/make/deploy.mk +++ b/build/make/deploy.mk @@ -77,9 +77,9 @@ _check_controller_running: ### install: Install controller in the configured Kubernetes cluster in ~/.kube/config install: _print_vars _check_cert_manager _init_devworkspace_crds _create_namespace generate_deployment ifeq ($(PLATFORM),kubernetes) - $(K8S_CLI) apply -f deploy/current/kubernetes/combined.yaml + $(K8S_CLI) apply -f deploy/current/kubernetes/combined.yaml --server-side=true --force-conflicts else - $(K8S_CLI) apply -f deploy/current/openshift/combined.yaml + $(K8S_CLI) apply -f deploy/current/openshift/combined.yaml --server-side=true --force-conflicts endif # Can't pipe into $(K8S_CLI) as stdin is closed. cat deploy/default-config.yaml | envsubst > deploy/default-config.temp.yaml diff --git a/deploy/bundle/manifests/workspace.devfile.io_devworkspaces.yaml b/deploy/bundle/manifests/workspace.devfile.io_devworkspaces.yaml index 5c1fa71f0..c5d64d98d 100644 --- a/deploy/bundle/manifests/workspace.devfile.io_devworkspaces.yaml +++ b/deploy/bundle/manifests/workspace.devfile.io_devworkspaces.yaml @@ -2937,6 +2937,1371 @@ spec: spec: description: DevWorkspaceSpec defines the desired state of DevWorkspace properties: + contributions: + items: + oneOf: + - required: + - uri + - required: + - id + - required: + - kubernetes + properties: + attributes: + description: Map of implementation-dependant free-form YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commands: + description: Overrides of commands encapsulated in a parent devfile or a plugin. Overriding is done according to K8S strategic merge patch standard rules. + items: + oneOf: + - required: + - exec + - required: + - apply + - required: + - composite + properties: + apply: + description: "Command that consists in applying a given component definition, typically bound to a devworkspace event. \n For example, when an `apply` command is bound to a `preStart` event, and references a `container` component, it will start the container as a K8S initContainer in the devworkspace POD, unless the component has its `dedicatedPod` field set to `true`. \n When no `apply` command exist for a given component, it is assumed the component will be applied at devworkspace start by default, unless `deployByDefault` for that component is set to false." + properties: + component: + description: Describes component that will be applied + type: string + group: + description: Defines the group this command is part of + properties: + isDefault: + description: Identifies the default command for a given group kind + type: boolean + kind: + description: Kind of group the command is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides a label for this command to be used in Editor UI menus for example + type: string + type: object + attributes: + description: Map of implementation-dependant free-form YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commandType: + description: Type of devworkspace command + enum: + - Exec + - Apply + - Composite + type: string + composite: + description: Composite command that allows executing several sub-commands either sequentially or concurrently + properties: + commands: + description: The commands that comprise this composite command + items: + type: string + type: array + group: + description: Defines the group this command is part of + properties: + isDefault: + description: Identifies the default command for a given group kind + type: boolean + kind: + description: Kind of group the command is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides a label for this command to be used in Editor UI menus for example + type: string + parallel: + description: Indicates if the sub-commands should be executed concurrently + type: boolean + type: object + exec: + description: CLI Command executed in an existing component container + properties: + commandLine: + description: "The actual command-line string \n Special variables that can be used: \n - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. \n - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one." + type: string + component: + description: Describes component to which given action relates + type: string + env: + description: Optional list of environment variables that have to be set before running the command + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + group: + description: Defines the group this command is part of + properties: + isDefault: + description: Identifies the default command for a given group kind + type: boolean + kind: + description: Kind of group the command is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + hotReloadCapable: + description: "Whether the command is capable to reload itself when source code changes. If set to `true` the command won't be restarted and it is expected to handle file changes on its own. \n Default value is `false`" + type: boolean + label: + description: Optional label that provides a label for this command to be used in Editor UI menus for example + type: string + workingDir: + description: "Working directory where the command should be executed \n Special variables that can be used: \n - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. \n - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one." + type: string + type: object + id: + description: Mandatory identifier that allows referencing this command in composite commands, from a parent, or in events. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - id + type: object + type: array + components: + description: Overrides of components encapsulated in a parent devfile or a plugin. Overriding is done according to K8S strategic merge patch standard rules. + items: + oneOf: + - required: + - container + - required: + - kubernetes + - required: + - openshift + - required: + - volume + - required: + - image + properties: + attributes: + description: Map of implementation-dependant free-form YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + type: string + container: + description: Allows adding and configuring devworkspace-related containers + properties: + annotation: + description: Annotations that should be added to specific resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added to service + type: object + type: object + args: + description: "The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. \n Defaults to an empty array, meaning use whatever is defined in the image." + items: + type: string + type: array + command: + description: "The command to run in the dockerimage component instead of the default one provided in the image. \n Defaults to an empty array, meaning use whatever is defined in the image." + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: "Specify if a container should run in its own separated pod, instead of running as part of the main development environment pod. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: Port number to be used within the container component. The same port cannot be used by two different container components. + type: integer + required: + - name + type: object + type: array + env: + description: "Environment variables used in this container. \n The following variables are reserved and cannot be overridden via env: \n - `$PROJECTS_ROOT` \n - `$PROJECT_SOURCE`" + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: "Toggles whether or not the project source code should be mounted in the component. \n Defaults to true for all component types except plugins and components that set `dedicatedPod` to true." + type: boolean + sourceMapping: + description: Optional specification of the path in the container where project sources should be transferred/mounted when `mountSources` is `true`. When omitted, the default value of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that should be mounted is this container. + items: + description: Volume that should be mounted to a component container + properties: + name: + description: The volume mount name is the name of an existing `Volume` component. If several containers mount the same volume name then they will reuse the same volume and will be able to access to the same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: The path in the component container where the volume should be mounted. If not path is mentioned, default path is the is `/`. + type: string + required: + - name + type: object + type: array + type: object + image: + description: Allows specifying the definition of an image for outer loop builds + oneOf: + - required: + - dockerfile + - required: + - autoBuild + properties: + autoBuild: + description: "Defines if the image should be built during startup. \n Default value is `false`" + type: boolean + dockerfile: + description: Allows specifying dockerfile type build + oneOf: + - required: + - uri + - required: + - devfileRegistry + - required: + - git + properties: + args: + description: The arguments to supply to the dockerfile build. + items: + type: string + type: array + buildContext: + description: Path of source directory to establish build context. Defaults to ${PROJECT_SOURCE} in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry source + properties: + id: + description: Id in a devfile registry that contains a Dockerfile. The src in the OCI registry required for the Dockerfile build will be downloaded for building the image. + type: string + registryUrl: + description: Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. To ensure the Dockerfile gets resolved consistently in different environments, it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. + type: string + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the project should be checked out. Required if there are more than one remote configured + properties: + remote: + description: The remote name should be used as init. Required if there are more than one remote configured + type: string + revision: + description: The revision to checkout from. Should be branch name, tag or commit id. Default branch is used if missing or specified revision is not found. + type: string + type: object + fileLocation: + description: Location of the Dockerfile in the Git repository when using git as Dockerfile src. Defaults to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: The remotes map which should be initialized in the git project. Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. + type: object + type: object + rootRequired: + description: "Specify if a privileged builder pod is required. \n Default value is `false`" + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: URI Reference of a Dockerfile. It can be a full URL or a relative URI from the current devfile as the base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting outerloop build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + - AutoBuild + type: string + type: object + kubernetes: + description: Allows importing into the devworkspace the Kubernetes resources defined in a given manifest. For example this allows reusing the Kubernetes definitions used to deploy some runtime components in production. + oneOf: + - required: + - uri + - required: + - inlined + properties: + deployByDefault: + description: "Defines if the component should be deployed during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: Port number to be used within the container component. The same port cannot be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + name: + description: Mandatory name that allows referencing the component from other elements (such as commands) or from an external devfile that may reference this component through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: Allows importing into the devworkspace the OpenShift resources defined in a given manifest. For example this allows reusing the OpenShift definitions used to deploy some runtime components in production. + oneOf: + - required: + - uri + - required: + - inlined + properties: + deployByDefault: + description: "Defines if the component should be deployed during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant string-based free-form attributes. \n Examples of Che-specific attributes: \n - cookiesAuthEnabled: \"true\" / \"false\", \n - type: \"terminal\" / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should be exposed on the network. \n - `public` means that the endpoint will be exposed on the public network, typically through a K8S ingress or an OpenShift route. \n - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, typically by K8S services, to be consumed by other elements running on the same cloud internal network. \n - `none` means that the endpoint will not be exposed and will only be accessible inside the main devworkspace POD, on a local address. \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and transport protocols of the traffic that will go through this endpoint. \n - `http`: Endpoint will have `http` traffic, typically on a TCP connection. It will be automaticaly promoted to `https` when the `secure` field is set to `true`. \n - `https`: Endpoint will have `https` traffic, typically on a TCP connection. \n - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. \n - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. \n - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. \n - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. \n Default value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint should be secured and protected by some authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: Port number to be used within the container component. The same port cannot be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + volume: + description: Allows specifying the definition of a volume shared by several other components + properties: + ephemeral: + description: Ephemeral volumes are not stored persistently across restarts. Defaults to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + id: + description: Id in a registry that contains a Devfile yaml file + type: string + importReferenceType: + description: type of location from where the referenced template structure should be retrieved + enum: + - Uri + - Id + - Kubernetes + type: string + kubernetes: + description: Reference to a Kubernetes CRD of type DevWorkspaceTemplate + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + name: + description: Mandatory name that allows referencing the component from other elements (such as commands) or from an external devfile that may reference this component through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + registryUrl: + description: Registry URL to pull the parent devfile from when using id in the parent reference. To ensure the parent devfile gets resolved consistently in different environments, it is recommended to always specify the `registryUrl` when `id` is used. + type: string + uri: + description: URI Reference of a parent devfile YAML file. It can be a full URL or a relative URI with the current devfile as the base URI. + type: string + version: + description: Specific stack/sample version to pull the parent devfile from, when using id in the parent reference. To specify `version`, `id` must be defined and used as the import reference source. `version` can be either a specific stack version, or `latest`. If no `version` specified, default version will be used. + pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$ + type: string + required: + - name + type: object + type: array + podSpecOverride: + description: Pod fields to override within the DevWorkspace's Deployment. Fields defined here are strategically merged on top of the Pod template in the deployment, allowing for fine-grained customization of the Pods that are started for this DevWorkspace. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Subset of Pod Spec fields that can be overridden in a DevWorkspace's deployment + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. This field is alpha-level and is only honored when PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + hostAliases: + description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is beta-level, gated by the NonPreemptingPriority feature-gate. + type: string + priority: + description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. + type: string + readinessGates: + description: 'If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + items: + description: PodReadinessGate contains the reference to a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.' + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. + type: string + securityContext: + description: 'SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.' + properties: + fsGroup: + description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies to the container. + type: string + role: + description: Role is a SELinux role label that applies to the container. + type: string + type: + description: Type is a SELinux type label that applies to the container. + type: string + user: + description: User is a SELinux user label that applies to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers in this pod. + properties: + localhostProfile: + description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. + type: boolean + shareProcessNamespace: + description: 'Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assigment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object + type: object routingClass: type: string started: diff --git a/deploy/deployment/kubernetes/combined.yaml b/deploy/deployment/kubernetes/combined.yaml index a57ec18a3..977cc7130 100644 --- a/deploy/deployment/kubernetes/combined.yaml +++ b/deploy/deployment/kubernetes/combined.yaml @@ -10545,6 +10545,2354 @@ spec: spec: description: DevWorkspaceSpec defines the desired state of DevWorkspace properties: + contributions: + items: + oneOf: + - required: + - uri + - required: + - id + - required: + - kubernetes + properties: + attributes: + description: Map of implementation-dependant free-form YAML + attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commands: + description: Overrides of commands encapsulated in a parent + devfile or a plugin. Overriding is done according to K8S strategic + merge patch standard rules. + items: + oneOf: + - required: + - exec + - required: + - apply + - required: + - composite + properties: + apply: + description: "Command that consists in applying a given + component definition, typically bound to a devworkspace + event. \n For example, when an `apply` command is bound + to a `preStart` event, and references a `container` + component, it will start the container as a K8S initContainer + in the devworkspace POD, unless the component has its + `dedicatedPod` field set to `true`. \n When no `apply` + command exist for a given component, it is assumed the + component will be applied at devworkspace start by default, + unless `deployByDefault` for that component is set to + false." + properties: + component: + description: Describes component that will be applied + type: string + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + type: object + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commandType: + description: Type of devworkspace command + enum: + - Exec + - Apply + - Composite + type: string + composite: + description: Composite command that allows executing several + sub-commands either sequentially or concurrently + properties: + commands: + description: The commands that comprise this composite + command + items: + type: string + type: array + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + parallel: + description: Indicates if the sub-commands should + be executed concurrently + type: boolean + type: object + exec: + description: CLI Command executed in an existing component + container + properties: + commandLine: + description: "The actual command-line string \n Special + variables that can be used: \n - `$PROJECTS_ROOT`: + A path where projects sources are mounted as defined + by container component's sourceMapping. \n - `$PROJECT_SOURCE`: + A path to a project source ($PROJECTS_ROOT/). + If there are multiple projects, this will point + to the directory of the first one." + type: string + component: + description: Describes component to which given action + relates + type: string + env: + description: Optional list of environment variables + that have to be set before running the command + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + hotReloadCapable: + description: "Whether the command is capable to reload + itself when source code changes. If set to `true` + the command won't be restarted and it is expected + to handle file changes on its own. \n Default value + is `false`" + type: boolean + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + workingDir: + description: "Working directory where the command + should be executed \n Special variables that can + be used: \n - `$PROJECTS_ROOT`: A path where projects + sources are mounted as defined by container component's + sourceMapping. \n - `$PROJECT_SOURCE`: A path to + a project source ($PROJECTS_ROOT/). + If there are multiple projects, this will point + to the directory of the first one." + type: string + type: object + id: + description: Mandatory identifier that allows referencing + this command in composite commands, from a parent, or + in events. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - id + type: object + type: array + components: + description: Overrides of components encapsulated in a parent + devfile or a plugin. Overriding is done according to K8S strategic + merge patch standard rules. + items: + oneOf: + - required: + - container + - required: + - kubernetes + - required: + - openshift + - required: + - volume + - required: + - image + properties: + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be added to specific + resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added to service + type: object + type: object + args: + description: "The arguments to supply to the command + running the dockerimage component. The arguments + are supplied either to the default command provided + in the image or to the overridden command. \n Defaults + to an empty array, meaning use whatever is defined + in the image." + items: + type: string + type: array + command: + description: "The command to run in the dockerimage + component instead of the default one provided in + the image. \n Defaults to an empty array, meaning + use whatever is defined in the image." + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: "Specify if a container should run in + its own separated pod, instead of running as part + of the main development environment pod. \n Default + value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + env: + description: "Environment variables used in this container. + \n The following variables are reserved and cannot + be overridden via env: \n - `$PROJECTS_ROOT` \n + \ - `$PROJECT_SOURCE`" + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: "Toggles whether or not the project source + code should be mounted in the component. \n Defaults + to true for all component types except plugins and + components that set `dedicatedPod` to true." + type: boolean + sourceMapping: + description: Optional specification of the path in + the container where project sources should be transferred/mounted + when `mountSources` is `true`. When omitted, the + default value of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that should be + mounted is this container. + items: + description: Volume that should be mounted to a + component container + properties: + name: + description: The volume mount name is the name + of an existing `Volume` component. If several + containers mount the same volume name then + they will reuse the same volume and will be + able to access to the same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: The path in the component container + where the volume should be mounted. If not + path is mentioned, default path is the is + `/`. + type: string + required: + - name + type: object + type: array + type: object + image: + description: Allows specifying the definition of an image + for outer loop builds + oneOf: + - required: + - dockerfile + - required: + - autoBuild + properties: + autoBuild: + description: "Defines if the image should be built + during startup. \n Default value is `false`" + type: boolean + dockerfile: + description: Allows specifying dockerfile type build + oneOf: + - required: + - uri + - required: + - devfileRegistry + - required: + - git + properties: + args: + description: The arguments to supply to the dockerfile + build. + items: + type: string + type: array + buildContext: + description: Path of source directory to establish + build context. Defaults to ${PROJECT_SOURCE} + in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry source + properties: + id: + description: Id in a devfile registry that + contains a Dockerfile. The src in the OCI + registry required for the Dockerfile build + will be downloaded for building the image. + type: string + registryUrl: + description: Devfile Registry URL to pull + the Dockerfile from when using the Devfile + Registry as Dockerfile src. To ensure the + Dockerfile gets resolved consistently in + different environments, it is recommended + to always specify the `devfileRegistryUrl` + when `Id` is used. + type: string + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the project + should be checked out. Required if there + are more than one remote configured + properties: + remote: + description: The remote name should be + used as init. Required if there are + more than one remote configured + type: string + revision: + description: The revision to checkout + from. Should be branch name, tag or + commit id. Default branch is used if + missing or specified revision is not + found. + type: string + type: object + fileLocation: + description: Location of the Dockerfile in + the Git repository when using git as Dockerfile + src. Defaults to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: The remotes map which should + be initialized in the git project. Projects + must have at least one remote configured + while StarterProjects & Image Component's + Git source can only have at most one remote + configured. + type: object + type: object + rootRequired: + description: "Specify if a privileged builder + pod is required. \n Default value is `false`" + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: URI Reference of a Dockerfile. It + can be a full URL or a relative URI from the + current devfile as the base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting outerloop + build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + - AutoBuild + type: string + type: object + kubernetes: + description: Allows importing into the devworkspace the + Kubernetes resources defined in a given manifest. For + example this allows reusing the Kubernetes definitions + used to deploy some runtime components in production. + oneOf: + - required: + - uri + - required: + - inlined + properties: + deployByDefault: + description: "Defines if the component should be deployed + during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + name: + description: Mandatory name that allows referencing the + component from other elements (such as commands) or + from an external devfile that may reference this component + through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: Allows importing into the devworkspace the + OpenShift resources defined in a given manifest. For + example this allows reusing the OpenShift definitions + used to deploy some runtime components in production. + oneOf: + - required: + - uri + - required: + - inlined + properties: + deployByDefault: + description: "Defines if the component should be deployed + during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + volume: + description: Allows specifying the definition of a volume + shared by several other components + properties: + ephemeral: + description: Ephemeral volumes are not stored persistently + across restarts. Defaults to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + id: + description: Id in a registry that contains a Devfile yaml file + type: string + importReferenceType: + description: type of location from where the referenced template + structure should be retrieved + enum: + - Uri + - Id + - Kubernetes + type: string + kubernetes: + description: Reference to a Kubernetes CRD of type DevWorkspaceTemplate + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + name: + description: Mandatory name that allows referencing the component + from other elements (such as commands) or from an external + devfile that may reference this component through a parent + or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + registryUrl: + description: Registry URL to pull the parent devfile from when + using id in the parent reference. To ensure the parent devfile + gets resolved consistently in different environments, it is + recommended to always specify the `registryUrl` when `id` + is used. + type: string + uri: + description: URI Reference of a parent devfile YAML file. It + can be a full URL or a relative URI with the current devfile + as the base URI. + type: string + version: + description: Specific stack/sample version to pull the parent + devfile from, when using id in the parent reference. To specify + `version`, `id` must be defined and used as the import reference + source. `version` can be either a specific stack version, + or `latest`. If no `version` specified, default version will + be used. + pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$ + type: string + required: + - name + type: object + type: array + podSpecOverride: + description: Pod fields to override within the DevWorkspace's Deployment. + Fields defined here are strategically merged on top of the Pod template + in the deployment, allowing for fine-grained customization of the + Pods that are started for this DevWorkspace. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Subset of Pod Spec fields that can be overridden + in a DevWorkspace's deployment + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active + on the node relative to StartTime before the system will + actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to an update), the system may or may not try + to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is alpha-level and is only + honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may + not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is alpha-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to + the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is alpha-level and is only + honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + anti-affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is alpha-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether + a service account token should be automatically mounted. + type: boolean + dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters + specified here will be merged to the generated DNS configuration + based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. This + will be appended to the base nameservers generated from + DNSPolicy. Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This will + be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options + given in Options will override those that appear in + the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search paths + generated from DNSPolicy. Duplicated search paths will + be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', + 'Default' or 'None'. DNS parameters given in DNSConfig will + be merged with the policy selected with DNSPolicy. To have + DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + hostAliases: + description: HostAliases is an optional list of hosts and + IPs that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and + hostnames that will be injected as an entry in the pod's + hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default + to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the + host's network namespace. If this option is set, the ports + that will be used must be specified. Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default + to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, + the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any + of the images used by this PodSpec. If specified, these + secrets will be passed to individual puller implementations + for them to use. For example, in the case of docker, only + DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto + a specific node. If it is non-empty, the scheduler simply + schedules this pod onto that node, assuming that it fits + resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match + a node''s labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead associated + with running a pod for a given RuntimeClass. This field + will be autopopulated at admission time by the RuntimeClass + admission controller. If the RuntimeClass admission controller + is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create + requests which have the overhead already set. If RuntimeClass + is configured and selected in the PodSpec, Overhead will + be set to the value defined in the corresponding RuntimeClass, + otherwise it will remain unset and treated as zero. More + info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md + This field is alpha-level as of Kubernetes v1.16, and is + only honored by servers that enable the PodOverhead feature.' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting + pods with lower priority. One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. This field is + beta-level, gated by the NonPreemptingPriority feature-gate. + type: string + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When Priority + Admission Controller is enabled, it prevents users from + setting this field. The admission controller populates this + field from PriorityClassName. The higher the value, the + higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" + and "system-cluster-critical" are two special keywords which + indicate the highest priorities with the former being the + highest priority. Any other name must be defined by creating + a PriorityClass object with that name. If not specified, + the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: 'If specified, all readiness gates will be evaluated + for pod readiness. A pod is ready when all its containers + are ready AND all conditions specified in the readiness + gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + items: + description: PodReadinessGate contains the reference to + a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in + the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object + in the node.k8s.io group, which should be used to run this + pod. If no RuntimeClass resource matches the named class, + the pod will not be run. If unset or empty, the "legacy" + RuntimeClass will be used, which is an implicit class with + an empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14.' + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched + by default scheduler. + type: string + securityContext: + description: 'SecurityContext holds pod-level security attributes + and common container settings. Optional: Defaults to empty. See + type description for default values of each field.' + properties: + fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow + the Kubelet to change the ownership of that volume to + be owned by the pod: \n 1. The owning GID will be the + FSGroup 2. The setgid bit is set (new files created + in the volume will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, the Kubelet + will not modify the ownership and permissions of any + volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of + changing ownership and permission of the volume before + being exposed inside Pod. This field will only apply + to volume types which support fsGroup based ownership(and + permissions). It will have no effect on ephemeral volume + types such as: secret, configmaps and emptydir. Valid + values are "OnRootMismatch" and "Always". If not specified, + "Always" is used.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all + containers. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must only be + set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID. If unspecified, no groups will be added + to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by + the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options within a + container's SecurityContext will be used. If set in + both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured + as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the + hostname field of the kernel (the nodename field of struct + utsname). In Windows containers, this means setting the + registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no effect. + Default to false. + type: boolean + shareProcessNamespace: + description: 'Share a single process namespace between all + of the containers in a pod. When this is set containers + will be able to view and signal processes from other containers + in the same pod, and the first process in each container + will not be assigned PID 1. HostPID and ShareProcessNamespace + cannot both be set. Optional: Default to false.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have a domainname + at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to + terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). If this value is nil, the default grace period + will be used instead. The grace period is the duration in + seconds after the processes running in the pod are sent + a termination signal and the time when the processes are + forcibly halted with a kill signal. Set this value longer + than the expected cleanup time for your process. Defaults + to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group + of pods ought to spread across topology domains. Scheduler + will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be + scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default value + is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and try + to put balanced number of pods into each bucket. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving + higher precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assigment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P + | P | P | If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) + satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object + type: object routingClass: type: string started: diff --git a/deploy/deployment/kubernetes/objects/devworkspaces.workspace.devfile.io.CustomResourceDefinition.yaml b/deploy/deployment/kubernetes/objects/devworkspaces.workspace.devfile.io.CustomResourceDefinition.yaml index dac533570..5aad93c76 100644 --- a/deploy/deployment/kubernetes/objects/devworkspaces.workspace.devfile.io.CustomResourceDefinition.yaml +++ b/deploy/deployment/kubernetes/objects/devworkspaces.workspace.devfile.io.CustomResourceDefinition.yaml @@ -4145,6 +4145,2354 @@ spec: spec: description: DevWorkspaceSpec defines the desired state of DevWorkspace properties: + contributions: + items: + oneOf: + - required: + - uri + - required: + - id + - required: + - kubernetes + properties: + attributes: + description: Map of implementation-dependant free-form YAML + attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commands: + description: Overrides of commands encapsulated in a parent + devfile or a plugin. Overriding is done according to K8S strategic + merge patch standard rules. + items: + oneOf: + - required: + - exec + - required: + - apply + - required: + - composite + properties: + apply: + description: "Command that consists in applying a given + component definition, typically bound to a devworkspace + event. \n For example, when an `apply` command is bound + to a `preStart` event, and references a `container` + component, it will start the container as a K8S initContainer + in the devworkspace POD, unless the component has its + `dedicatedPod` field set to `true`. \n When no `apply` + command exist for a given component, it is assumed the + component will be applied at devworkspace start by default, + unless `deployByDefault` for that component is set to + false." + properties: + component: + description: Describes component that will be applied + type: string + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + type: object + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commandType: + description: Type of devworkspace command + enum: + - Exec + - Apply + - Composite + type: string + composite: + description: Composite command that allows executing several + sub-commands either sequentially or concurrently + properties: + commands: + description: The commands that comprise this composite + command + items: + type: string + type: array + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + parallel: + description: Indicates if the sub-commands should + be executed concurrently + type: boolean + type: object + exec: + description: CLI Command executed in an existing component + container + properties: + commandLine: + description: "The actual command-line string \n Special + variables that can be used: \n - `$PROJECTS_ROOT`: + A path where projects sources are mounted as defined + by container component's sourceMapping. \n - `$PROJECT_SOURCE`: + A path to a project source ($PROJECTS_ROOT/). + If there are multiple projects, this will point + to the directory of the first one." + type: string + component: + description: Describes component to which given action + relates + type: string + env: + description: Optional list of environment variables + that have to be set before running the command + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + hotReloadCapable: + description: "Whether the command is capable to reload + itself when source code changes. If set to `true` + the command won't be restarted and it is expected + to handle file changes on its own. \n Default value + is `false`" + type: boolean + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + workingDir: + description: "Working directory where the command + should be executed \n Special variables that can + be used: \n - `$PROJECTS_ROOT`: A path where projects + sources are mounted as defined by container component's + sourceMapping. \n - `$PROJECT_SOURCE`: A path to + a project source ($PROJECTS_ROOT/). + If there are multiple projects, this will point + to the directory of the first one." + type: string + type: object + id: + description: Mandatory identifier that allows referencing + this command in composite commands, from a parent, or + in events. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - id + type: object + type: array + components: + description: Overrides of components encapsulated in a parent + devfile or a plugin. Overriding is done according to K8S strategic + merge patch standard rules. + items: + oneOf: + - required: + - container + - required: + - kubernetes + - required: + - openshift + - required: + - volume + - required: + - image + properties: + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be added to specific + resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added to service + type: object + type: object + args: + description: "The arguments to supply to the command + running the dockerimage component. The arguments + are supplied either to the default command provided + in the image or to the overridden command. \n Defaults + to an empty array, meaning use whatever is defined + in the image." + items: + type: string + type: array + command: + description: "The command to run in the dockerimage + component instead of the default one provided in + the image. \n Defaults to an empty array, meaning + use whatever is defined in the image." + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: "Specify if a container should run in + its own separated pod, instead of running as part + of the main development environment pod. \n Default + value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + env: + description: "Environment variables used in this container. + \n The following variables are reserved and cannot + be overridden via env: \n - `$PROJECTS_ROOT` \n + \ - `$PROJECT_SOURCE`" + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: "Toggles whether or not the project source + code should be mounted in the component. \n Defaults + to true for all component types except plugins and + components that set `dedicatedPod` to true." + type: boolean + sourceMapping: + description: Optional specification of the path in + the container where project sources should be transferred/mounted + when `mountSources` is `true`. When omitted, the + default value of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that should be + mounted is this container. + items: + description: Volume that should be mounted to a + component container + properties: + name: + description: The volume mount name is the name + of an existing `Volume` component. If several + containers mount the same volume name then + they will reuse the same volume and will be + able to access to the same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: The path in the component container + where the volume should be mounted. If not + path is mentioned, default path is the is + `/`. + type: string + required: + - name + type: object + type: array + type: object + image: + description: Allows specifying the definition of an image + for outer loop builds + oneOf: + - required: + - dockerfile + - required: + - autoBuild + properties: + autoBuild: + description: "Defines if the image should be built + during startup. \n Default value is `false`" + type: boolean + dockerfile: + description: Allows specifying dockerfile type build + oneOf: + - required: + - uri + - required: + - devfileRegistry + - required: + - git + properties: + args: + description: The arguments to supply to the dockerfile + build. + items: + type: string + type: array + buildContext: + description: Path of source directory to establish + build context. Defaults to ${PROJECT_SOURCE} + in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry source + properties: + id: + description: Id in a devfile registry that + contains a Dockerfile. The src in the OCI + registry required for the Dockerfile build + will be downloaded for building the image. + type: string + registryUrl: + description: Devfile Registry URL to pull + the Dockerfile from when using the Devfile + Registry as Dockerfile src. To ensure the + Dockerfile gets resolved consistently in + different environments, it is recommended + to always specify the `devfileRegistryUrl` + when `Id` is used. + type: string + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the project + should be checked out. Required if there + are more than one remote configured + properties: + remote: + description: The remote name should be + used as init. Required if there are + more than one remote configured + type: string + revision: + description: The revision to checkout + from. Should be branch name, tag or + commit id. Default branch is used if + missing or specified revision is not + found. + type: string + type: object + fileLocation: + description: Location of the Dockerfile in + the Git repository when using git as Dockerfile + src. Defaults to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: The remotes map which should + be initialized in the git project. Projects + must have at least one remote configured + while StarterProjects & Image Component's + Git source can only have at most one remote + configured. + type: object + type: object + rootRequired: + description: "Specify if a privileged builder + pod is required. \n Default value is `false`" + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: URI Reference of a Dockerfile. It + can be a full URL or a relative URI from the + current devfile as the base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting outerloop + build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + - AutoBuild + type: string + type: object + kubernetes: + description: Allows importing into the devworkspace the + Kubernetes resources defined in a given manifest. For + example this allows reusing the Kubernetes definitions + used to deploy some runtime components in production. + oneOf: + - required: + - uri + - required: + - inlined + properties: + deployByDefault: + description: "Defines if the component should be deployed + during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + name: + description: Mandatory name that allows referencing the + component from other elements (such as commands) or + from an external devfile that may reference this component + through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: Allows importing into the devworkspace the + OpenShift resources defined in a given manifest. For + example this allows reusing the OpenShift definitions + used to deploy some runtime components in production. + oneOf: + - required: + - uri + - required: + - inlined + properties: + deployByDefault: + description: "Defines if the component should be deployed + during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + volume: + description: Allows specifying the definition of a volume + shared by several other components + properties: + ephemeral: + description: Ephemeral volumes are not stored persistently + across restarts. Defaults to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + id: + description: Id in a registry that contains a Devfile yaml file + type: string + importReferenceType: + description: type of location from where the referenced template + structure should be retrieved + enum: + - Uri + - Id + - Kubernetes + type: string + kubernetes: + description: Reference to a Kubernetes CRD of type DevWorkspaceTemplate + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + name: + description: Mandatory name that allows referencing the component + from other elements (such as commands) or from an external + devfile that may reference this component through a parent + or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + registryUrl: + description: Registry URL to pull the parent devfile from when + using id in the parent reference. To ensure the parent devfile + gets resolved consistently in different environments, it is + recommended to always specify the `registryUrl` when `id` + is used. + type: string + uri: + description: URI Reference of a parent devfile YAML file. It + can be a full URL or a relative URI with the current devfile + as the base URI. + type: string + version: + description: Specific stack/sample version to pull the parent + devfile from, when using id in the parent reference. To specify + `version`, `id` must be defined and used as the import reference + source. `version` can be either a specific stack version, + or `latest`. If no `version` specified, default version will + be used. + pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$ + type: string + required: + - name + type: object + type: array + podSpecOverride: + description: Pod fields to override within the DevWorkspace's Deployment. + Fields defined here are strategically merged on top of the Pod template + in the deployment, allowing for fine-grained customization of the + Pods that are started for this DevWorkspace. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Subset of Pod Spec fields that can be overridden + in a DevWorkspace's deployment + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active + on the node relative to StartTime before the system will + actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to an update), the system may or may not try + to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is alpha-level and is only + honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may + not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is alpha-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to + the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is alpha-level and is only + honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + anti-affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is alpha-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether + a service account token should be automatically mounted. + type: boolean + dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters + specified here will be merged to the generated DNS configuration + based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. This + will be appended to the base nameservers generated from + DNSPolicy. Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This will + be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options + given in Options will override those that appear in + the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search paths + generated from DNSPolicy. Duplicated search paths will + be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', + 'Default' or 'None'. DNS parameters given in DNSConfig will + be merged with the policy selected with DNSPolicy. To have + DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + hostAliases: + description: HostAliases is an optional list of hosts and + IPs that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and + hostnames that will be injected as an entry in the pod's + hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default + to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the + host's network namespace. If this option is set, the ports + that will be used must be specified. Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default + to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, + the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any + of the images used by this PodSpec. If specified, these + secrets will be passed to individual puller implementations + for them to use. For example, in the case of docker, only + DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto + a specific node. If it is non-empty, the scheduler simply + schedules this pod onto that node, assuming that it fits + resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match + a node''s labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead associated + with running a pod for a given RuntimeClass. This field + will be autopopulated at admission time by the RuntimeClass + admission controller. If the RuntimeClass admission controller + is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create + requests which have the overhead already set. If RuntimeClass + is configured and selected in the PodSpec, Overhead will + be set to the value defined in the corresponding RuntimeClass, + otherwise it will remain unset and treated as zero. More + info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md + This field is alpha-level as of Kubernetes v1.16, and is + only honored by servers that enable the PodOverhead feature.' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting + pods with lower priority. One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. This field is + beta-level, gated by the NonPreemptingPriority feature-gate. + type: string + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When Priority + Admission Controller is enabled, it prevents users from + setting this field. The admission controller populates this + field from PriorityClassName. The higher the value, the + higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" + and "system-cluster-critical" are two special keywords which + indicate the highest priorities with the former being the + highest priority. Any other name must be defined by creating + a PriorityClass object with that name. If not specified, + the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: 'If specified, all readiness gates will be evaluated + for pod readiness. A pod is ready when all its containers + are ready AND all conditions specified in the readiness + gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + items: + description: PodReadinessGate contains the reference to + a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in + the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object + in the node.k8s.io group, which should be used to run this + pod. If no RuntimeClass resource matches the named class, + the pod will not be run. If unset or empty, the "legacy" + RuntimeClass will be used, which is an implicit class with + an empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14.' + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched + by default scheduler. + type: string + securityContext: + description: 'SecurityContext holds pod-level security attributes + and common container settings. Optional: Defaults to empty. See + type description for default values of each field.' + properties: + fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow + the Kubelet to change the ownership of that volume to + be owned by the pod: \n 1. The owning GID will be the + FSGroup 2. The setgid bit is set (new files created + in the volume will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, the Kubelet + will not modify the ownership and permissions of any + volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of + changing ownership and permission of the volume before + being exposed inside Pod. This field will only apply + to volume types which support fsGroup based ownership(and + permissions). It will have no effect on ephemeral volume + types such as: secret, configmaps and emptydir. Valid + values are "OnRootMismatch" and "Always". If not specified, + "Always" is used.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all + containers. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must only be + set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID. If unspecified, no groups will be added + to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by + the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options within a + container's SecurityContext will be used. If set in + both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured + as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the + hostname field of the kernel (the nodename field of struct + utsname). In Windows containers, this means setting the + registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no effect. + Default to false. + type: boolean + shareProcessNamespace: + description: 'Share a single process namespace between all + of the containers in a pod. When this is set containers + will be able to view and signal processes from other containers + in the same pod, and the first process in each container + will not be assigned PID 1. HostPID and ShareProcessNamespace + cannot both be set. Optional: Default to false.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have a domainname + at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to + terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). If this value is nil, the default grace period + will be used instead. The grace period is the duration in + seconds after the processes running in the pod are sent + a termination signal and the time when the processes are + forcibly halted with a kill signal. Set this value longer + than the expected cleanup time for your process. Defaults + to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group + of pods ought to spread across topology domains. Scheduler + will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be + scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default value + is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and try + to put balanced number of pods into each bucket. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving + higher precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assigment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P + | P | P | If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) + satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object + type: object routingClass: type: string started: diff --git a/deploy/deployment/openshift/combined.yaml b/deploy/deployment/openshift/combined.yaml index 9a9521c72..986795044 100644 --- a/deploy/deployment/openshift/combined.yaml +++ b/deploy/deployment/openshift/combined.yaml @@ -10545,6 +10545,2354 @@ spec: spec: description: DevWorkspaceSpec defines the desired state of DevWorkspace properties: + contributions: + items: + oneOf: + - required: + - uri + - required: + - id + - required: + - kubernetes + properties: + attributes: + description: Map of implementation-dependant free-form YAML + attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commands: + description: Overrides of commands encapsulated in a parent + devfile or a plugin. Overriding is done according to K8S strategic + merge patch standard rules. + items: + oneOf: + - required: + - exec + - required: + - apply + - required: + - composite + properties: + apply: + description: "Command that consists in applying a given + component definition, typically bound to a devworkspace + event. \n For example, when an `apply` command is bound + to a `preStart` event, and references a `container` + component, it will start the container as a K8S initContainer + in the devworkspace POD, unless the component has its + `dedicatedPod` field set to `true`. \n When no `apply` + command exist for a given component, it is assumed the + component will be applied at devworkspace start by default, + unless `deployByDefault` for that component is set to + false." + properties: + component: + description: Describes component that will be applied + type: string + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + type: object + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commandType: + description: Type of devworkspace command + enum: + - Exec + - Apply + - Composite + type: string + composite: + description: Composite command that allows executing several + sub-commands either sequentially or concurrently + properties: + commands: + description: The commands that comprise this composite + command + items: + type: string + type: array + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + parallel: + description: Indicates if the sub-commands should + be executed concurrently + type: boolean + type: object + exec: + description: CLI Command executed in an existing component + container + properties: + commandLine: + description: "The actual command-line string \n Special + variables that can be used: \n - `$PROJECTS_ROOT`: + A path where projects sources are mounted as defined + by container component's sourceMapping. \n - `$PROJECT_SOURCE`: + A path to a project source ($PROJECTS_ROOT/). + If there are multiple projects, this will point + to the directory of the first one." + type: string + component: + description: Describes component to which given action + relates + type: string + env: + description: Optional list of environment variables + that have to be set before running the command + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + hotReloadCapable: + description: "Whether the command is capable to reload + itself when source code changes. If set to `true` + the command won't be restarted and it is expected + to handle file changes on its own. \n Default value + is `false`" + type: boolean + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + workingDir: + description: "Working directory where the command + should be executed \n Special variables that can + be used: \n - `$PROJECTS_ROOT`: A path where projects + sources are mounted as defined by container component's + sourceMapping. \n - `$PROJECT_SOURCE`: A path to + a project source ($PROJECTS_ROOT/). + If there are multiple projects, this will point + to the directory of the first one." + type: string + type: object + id: + description: Mandatory identifier that allows referencing + this command in composite commands, from a parent, or + in events. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - id + type: object + type: array + components: + description: Overrides of components encapsulated in a parent + devfile or a plugin. Overriding is done according to K8S strategic + merge patch standard rules. + items: + oneOf: + - required: + - container + - required: + - kubernetes + - required: + - openshift + - required: + - volume + - required: + - image + properties: + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be added to specific + resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added to service + type: object + type: object + args: + description: "The arguments to supply to the command + running the dockerimage component. The arguments + are supplied either to the default command provided + in the image or to the overridden command. \n Defaults + to an empty array, meaning use whatever is defined + in the image." + items: + type: string + type: array + command: + description: "The command to run in the dockerimage + component instead of the default one provided in + the image. \n Defaults to an empty array, meaning + use whatever is defined in the image." + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: "Specify if a container should run in + its own separated pod, instead of running as part + of the main development environment pod. \n Default + value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + env: + description: "Environment variables used in this container. + \n The following variables are reserved and cannot + be overridden via env: \n - `$PROJECTS_ROOT` \n + \ - `$PROJECT_SOURCE`" + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: "Toggles whether or not the project source + code should be mounted in the component. \n Defaults + to true for all component types except plugins and + components that set `dedicatedPod` to true." + type: boolean + sourceMapping: + description: Optional specification of the path in + the container where project sources should be transferred/mounted + when `mountSources` is `true`. When omitted, the + default value of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that should be + mounted is this container. + items: + description: Volume that should be mounted to a + component container + properties: + name: + description: The volume mount name is the name + of an existing `Volume` component. If several + containers mount the same volume name then + they will reuse the same volume and will be + able to access to the same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: The path in the component container + where the volume should be mounted. If not + path is mentioned, default path is the is + `/`. + type: string + required: + - name + type: object + type: array + type: object + image: + description: Allows specifying the definition of an image + for outer loop builds + oneOf: + - required: + - dockerfile + - required: + - autoBuild + properties: + autoBuild: + description: "Defines if the image should be built + during startup. \n Default value is `false`" + type: boolean + dockerfile: + description: Allows specifying dockerfile type build + oneOf: + - required: + - uri + - required: + - devfileRegistry + - required: + - git + properties: + args: + description: The arguments to supply to the dockerfile + build. + items: + type: string + type: array + buildContext: + description: Path of source directory to establish + build context. Defaults to ${PROJECT_SOURCE} + in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry source + properties: + id: + description: Id in a devfile registry that + contains a Dockerfile. The src in the OCI + registry required for the Dockerfile build + will be downloaded for building the image. + type: string + registryUrl: + description: Devfile Registry URL to pull + the Dockerfile from when using the Devfile + Registry as Dockerfile src. To ensure the + Dockerfile gets resolved consistently in + different environments, it is recommended + to always specify the `devfileRegistryUrl` + when `Id` is used. + type: string + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the project + should be checked out. Required if there + are more than one remote configured + properties: + remote: + description: The remote name should be + used as init. Required if there are + more than one remote configured + type: string + revision: + description: The revision to checkout + from. Should be branch name, tag or + commit id. Default branch is used if + missing or specified revision is not + found. + type: string + type: object + fileLocation: + description: Location of the Dockerfile in + the Git repository when using git as Dockerfile + src. Defaults to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: The remotes map which should + be initialized in the git project. Projects + must have at least one remote configured + while StarterProjects & Image Component's + Git source can only have at most one remote + configured. + type: object + type: object + rootRequired: + description: "Specify if a privileged builder + pod is required. \n Default value is `false`" + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: URI Reference of a Dockerfile. It + can be a full URL or a relative URI from the + current devfile as the base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting outerloop + build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + - AutoBuild + type: string + type: object + kubernetes: + description: Allows importing into the devworkspace the + Kubernetes resources defined in a given manifest. For + example this allows reusing the Kubernetes definitions + used to deploy some runtime components in production. + oneOf: + - required: + - uri + - required: + - inlined + properties: + deployByDefault: + description: "Defines if the component should be deployed + during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + name: + description: Mandatory name that allows referencing the + component from other elements (such as commands) or + from an external devfile that may reference this component + through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: Allows importing into the devworkspace the + OpenShift resources defined in a given manifest. For + example this allows reusing the OpenShift definitions + used to deploy some runtime components in production. + oneOf: + - required: + - uri + - required: + - inlined + properties: + deployByDefault: + description: "Defines if the component should be deployed + during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + volume: + description: Allows specifying the definition of a volume + shared by several other components + properties: + ephemeral: + description: Ephemeral volumes are not stored persistently + across restarts. Defaults to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + id: + description: Id in a registry that contains a Devfile yaml file + type: string + importReferenceType: + description: type of location from where the referenced template + structure should be retrieved + enum: + - Uri + - Id + - Kubernetes + type: string + kubernetes: + description: Reference to a Kubernetes CRD of type DevWorkspaceTemplate + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + name: + description: Mandatory name that allows referencing the component + from other elements (such as commands) or from an external + devfile that may reference this component through a parent + or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + registryUrl: + description: Registry URL to pull the parent devfile from when + using id in the parent reference. To ensure the parent devfile + gets resolved consistently in different environments, it is + recommended to always specify the `registryUrl` when `id` + is used. + type: string + uri: + description: URI Reference of a parent devfile YAML file. It + can be a full URL or a relative URI with the current devfile + as the base URI. + type: string + version: + description: Specific stack/sample version to pull the parent + devfile from, when using id in the parent reference. To specify + `version`, `id` must be defined and used as the import reference + source. `version` can be either a specific stack version, + or `latest`. If no `version` specified, default version will + be used. + pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$ + type: string + required: + - name + type: object + type: array + podSpecOverride: + description: Pod fields to override within the DevWorkspace's Deployment. + Fields defined here are strategically merged on top of the Pod template + in the deployment, allowing for fine-grained customization of the + Pods that are started for this DevWorkspace. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Subset of Pod Spec fields that can be overridden + in a DevWorkspace's deployment + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active + on the node relative to StartTime before the system will + actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to an update), the system may or may not try + to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is alpha-level and is only + honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may + not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is alpha-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to + the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is alpha-level and is only + honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + anti-affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is alpha-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether + a service account token should be automatically mounted. + type: boolean + dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters + specified here will be merged to the generated DNS configuration + based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. This + will be appended to the base nameservers generated from + DNSPolicy. Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This will + be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options + given in Options will override those that appear in + the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search paths + generated from DNSPolicy. Duplicated search paths will + be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', + 'Default' or 'None'. DNS parameters given in DNSConfig will + be merged with the policy selected with DNSPolicy. To have + DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + hostAliases: + description: HostAliases is an optional list of hosts and + IPs that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and + hostnames that will be injected as an entry in the pod's + hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default + to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the + host's network namespace. If this option is set, the ports + that will be used must be specified. Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default + to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, + the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any + of the images used by this PodSpec. If specified, these + secrets will be passed to individual puller implementations + for them to use. For example, in the case of docker, only + DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto + a specific node. If it is non-empty, the scheduler simply + schedules this pod onto that node, assuming that it fits + resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match + a node''s labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead associated + with running a pod for a given RuntimeClass. This field + will be autopopulated at admission time by the RuntimeClass + admission controller. If the RuntimeClass admission controller + is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create + requests which have the overhead already set. If RuntimeClass + is configured and selected in the PodSpec, Overhead will + be set to the value defined in the corresponding RuntimeClass, + otherwise it will remain unset and treated as zero. More + info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md + This field is alpha-level as of Kubernetes v1.16, and is + only honored by servers that enable the PodOverhead feature.' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting + pods with lower priority. One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. This field is + beta-level, gated by the NonPreemptingPriority feature-gate. + type: string + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When Priority + Admission Controller is enabled, it prevents users from + setting this field. The admission controller populates this + field from PriorityClassName. The higher the value, the + higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" + and "system-cluster-critical" are two special keywords which + indicate the highest priorities with the former being the + highest priority. Any other name must be defined by creating + a PriorityClass object with that name. If not specified, + the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: 'If specified, all readiness gates will be evaluated + for pod readiness. A pod is ready when all its containers + are ready AND all conditions specified in the readiness + gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + items: + description: PodReadinessGate contains the reference to + a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in + the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object + in the node.k8s.io group, which should be used to run this + pod. If no RuntimeClass resource matches the named class, + the pod will not be run. If unset or empty, the "legacy" + RuntimeClass will be used, which is an implicit class with + an empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14.' + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched + by default scheduler. + type: string + securityContext: + description: 'SecurityContext holds pod-level security attributes + and common container settings. Optional: Defaults to empty. See + type description for default values of each field.' + properties: + fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow + the Kubelet to change the ownership of that volume to + be owned by the pod: \n 1. The owning GID will be the + FSGroup 2. The setgid bit is set (new files created + in the volume will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, the Kubelet + will not modify the ownership and permissions of any + volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of + changing ownership and permission of the volume before + being exposed inside Pod. This field will only apply + to volume types which support fsGroup based ownership(and + permissions). It will have no effect on ephemeral volume + types such as: secret, configmaps and emptydir. Valid + values are "OnRootMismatch" and "Always". If not specified, + "Always" is used.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all + containers. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must only be + set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID. If unspecified, no groups will be added + to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by + the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options within a + container's SecurityContext will be used. If set in + both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured + as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the + hostname field of the kernel (the nodename field of struct + utsname). In Windows containers, this means setting the + registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no effect. + Default to false. + type: boolean + shareProcessNamespace: + description: 'Share a single process namespace between all + of the containers in a pod. When this is set containers + will be able to view and signal processes from other containers + in the same pod, and the first process in each container + will not be assigned PID 1. HostPID and ShareProcessNamespace + cannot both be set. Optional: Default to false.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have a domainname + at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to + terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). If this value is nil, the default grace period + will be used instead. The grace period is the duration in + seconds after the processes running in the pod are sent + a termination signal and the time when the processes are + forcibly halted with a kill signal. Set this value longer + than the expected cleanup time for your process. Defaults + to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group + of pods ought to spread across topology domains. Scheduler + will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be + scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default value + is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and try + to put balanced number of pods into each bucket. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving + higher precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assigment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P + | P | P | If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) + satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object + type: object routingClass: type: string started: diff --git a/deploy/deployment/openshift/objects/devworkspaces.workspace.devfile.io.CustomResourceDefinition.yaml b/deploy/deployment/openshift/objects/devworkspaces.workspace.devfile.io.CustomResourceDefinition.yaml index 881ea0501..1efb6965c 100644 --- a/deploy/deployment/openshift/objects/devworkspaces.workspace.devfile.io.CustomResourceDefinition.yaml +++ b/deploy/deployment/openshift/objects/devworkspaces.workspace.devfile.io.CustomResourceDefinition.yaml @@ -4145,6 +4145,2354 @@ spec: spec: description: DevWorkspaceSpec defines the desired state of DevWorkspace properties: + contributions: + items: + oneOf: + - required: + - uri + - required: + - id + - required: + - kubernetes + properties: + attributes: + description: Map of implementation-dependant free-form YAML + attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commands: + description: Overrides of commands encapsulated in a parent + devfile or a plugin. Overriding is done according to K8S strategic + merge patch standard rules. + items: + oneOf: + - required: + - exec + - required: + - apply + - required: + - composite + properties: + apply: + description: "Command that consists in applying a given + component definition, typically bound to a devworkspace + event. \n For example, when an `apply` command is bound + to a `preStart` event, and references a `container` + component, it will start the container as a K8S initContainer + in the devworkspace POD, unless the component has its + `dedicatedPod` field set to `true`. \n When no `apply` + command exist for a given component, it is assumed the + component will be applied at devworkspace start by default, + unless `deployByDefault` for that component is set to + false." + properties: + component: + description: Describes component that will be applied + type: string + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + type: object + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commandType: + description: Type of devworkspace command + enum: + - Exec + - Apply + - Composite + type: string + composite: + description: Composite command that allows executing several + sub-commands either sequentially or concurrently + properties: + commands: + description: The commands that comprise this composite + command + items: + type: string + type: array + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + parallel: + description: Indicates if the sub-commands should + be executed concurrently + type: boolean + type: object + exec: + description: CLI Command executed in an existing component + container + properties: + commandLine: + description: "The actual command-line string \n Special + variables that can be used: \n - `$PROJECTS_ROOT`: + A path where projects sources are mounted as defined + by container component's sourceMapping. \n - `$PROJECT_SOURCE`: + A path to a project source ($PROJECTS_ROOT/). + If there are multiple projects, this will point + to the directory of the first one." + type: string + component: + description: Describes component to which given action + relates + type: string + env: + description: Optional list of environment variables + that have to be set before running the command + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + group: + description: Defines the group this command is part + of + properties: + isDefault: + description: Identifies the default command for + a given group kind + type: boolean + kind: + description: Kind of group the command is part + of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + hotReloadCapable: + description: "Whether the command is capable to reload + itself when source code changes. If set to `true` + the command won't be restarted and it is expected + to handle file changes on its own. \n Default value + is `false`" + type: boolean + label: + description: Optional label that provides a label + for this command to be used in Editor UI menus for + example + type: string + workingDir: + description: "Working directory where the command + should be executed \n Special variables that can + be used: \n - `$PROJECTS_ROOT`: A path where projects + sources are mounted as defined by container component's + sourceMapping. \n - `$PROJECT_SOURCE`: A path to + a project source ($PROJECTS_ROOT/). + If there are multiple projects, this will point + to the directory of the first one." + type: string + type: object + id: + description: Mandatory identifier that allows referencing + this command in composite commands, from a parent, or + in events. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - id + type: object + type: array + components: + description: Overrides of components encapsulated in a parent + devfile or a plugin. Overriding is done according to K8S strategic + merge patch standard rules. + items: + oneOf: + - required: + - container + - required: + - kubernetes + - required: + - openshift + - required: + - volume + - required: + - image + properties: + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be added to specific + resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added to service + type: object + type: object + args: + description: "The arguments to supply to the command + running the dockerimage component. The arguments + are supplied either to the default command provided + in the image or to the overridden command. \n Defaults + to an empty array, meaning use whatever is defined + in the image." + items: + type: string + type: array + command: + description: "The command to run in the dockerimage + component instead of the default one provided in + the image. \n Defaults to an empty array, meaning + use whatever is defined in the image." + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: "Specify if a container should run in + its own separated pod, instead of running as part + of the main development environment pod. \n Default + value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + env: + description: "Environment variables used in this container. + \n The following variables are reserved and cannot + be overridden via env: \n - `$PROJECTS_ROOT` \n + \ - `$PROJECT_SOURCE`" + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: "Toggles whether or not the project source + code should be mounted in the component. \n Defaults + to true for all component types except plugins and + components that set `dedicatedPod` to true." + type: boolean + sourceMapping: + description: Optional specification of the path in + the container where project sources should be transferred/mounted + when `mountSources` is `true`. When omitted, the + default value of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that should be + mounted is this container. + items: + description: Volume that should be mounted to a + component container + properties: + name: + description: The volume mount name is the name + of an existing `Volume` component. If several + containers mount the same volume name then + they will reuse the same volume and will be + able to access to the same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: The path in the component container + where the volume should be mounted. If not + path is mentioned, default path is the is + `/`. + type: string + required: + - name + type: object + type: array + type: object + image: + description: Allows specifying the definition of an image + for outer loop builds + oneOf: + - required: + - dockerfile + - required: + - autoBuild + properties: + autoBuild: + description: "Defines if the image should be built + during startup. \n Default value is `false`" + type: boolean + dockerfile: + description: Allows specifying dockerfile type build + oneOf: + - required: + - uri + - required: + - devfileRegistry + - required: + - git + properties: + args: + description: The arguments to supply to the dockerfile + build. + items: + type: string + type: array + buildContext: + description: Path of source directory to establish + build context. Defaults to ${PROJECT_SOURCE} + in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry source + properties: + id: + description: Id in a devfile registry that + contains a Dockerfile. The src in the OCI + registry required for the Dockerfile build + will be downloaded for building the image. + type: string + registryUrl: + description: Devfile Registry URL to pull + the Dockerfile from when using the Devfile + Registry as Dockerfile src. To ensure the + Dockerfile gets resolved consistently in + different environments, it is recommended + to always specify the `devfileRegistryUrl` + when `Id` is used. + type: string + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the project + should be checked out. Required if there + are more than one remote configured + properties: + remote: + description: The remote name should be + used as init. Required if there are + more than one remote configured + type: string + revision: + description: The revision to checkout + from. Should be branch name, tag or + commit id. Default branch is used if + missing or specified revision is not + found. + type: string + type: object + fileLocation: + description: Location of the Dockerfile in + the Git repository when using git as Dockerfile + src. Defaults to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: The remotes map which should + be initialized in the git project. Projects + must have at least one remote configured + while StarterProjects & Image Component's + Git source can only have at most one remote + configured. + type: object + type: object + rootRequired: + description: "Specify if a privileged builder + pod is required. \n Default value is `false`" + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: URI Reference of a Dockerfile. It + can be a full URL or a relative URI from the + current devfile as the base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting outerloop + build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + - AutoBuild + type: string + type: object + kubernetes: + description: Allows importing into the devworkspace the + Kubernetes resources defined in a given manifest. For + example this allows reusing the Kubernetes definitions + used to deploy some runtime components in production. + oneOf: + - required: + - uri + - required: + - inlined + properties: + deployByDefault: + description: "Defines if the component should be deployed + during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + name: + description: Mandatory name that allows referencing the + component from other elements (such as commands) or + from an external devfile that may reference this component + through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: Allows importing into the devworkspace the + OpenShift resources defined in a given manifest. For + example this allows reusing the OpenShift definitions + used to deploy some runtime components in production. + oneOf: + - required: + - uri + - required: + - inlined + properties: + deployByDefault: + description: "Defines if the component should be deployed + during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant + string-based free-form attributes. \n Examples + of Che-specific attributes: \n - cookiesAuthEnabled: + \"true\" / \"false\", \n - type: \"terminal\" + / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint should + be exposed on the network. \n - `public` means + that the endpoint will be exposed on the public + network, typically through a K8S ingress or + an OpenShift route. \n - `internal` means + that the endpoint will be exposed internally + outside of the main devworkspace POD, typically + by K8S services, to be consumed by other elements + running on the same cloud internal network. + \n - `none` means that the endpoint will not + be exposed and will only be accessible inside + the main devworkspace POD, on a local address. + \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + description: "Describes the application and + transport protocols of the traffic that will + go through this endpoint. \n - `http`: Endpoint + will have `http` traffic, typically on a TCP + connection. It will be automaticaly promoted + to `https` when the `secure` field is set + to `true`. \n - `https`: Endpoint will have + `https` traffic, typically on a TCP connection. + \n - `ws`: Endpoint will have `ws` traffic, + typically on a TCP connection. It will be + automaticaly promoted to `wss` when the `secure` + field is set to `true`. \n - `wss`: Endpoint + will have `wss` traffic, typically on a TCP + connection. \n - `tcp`: Endpoint will have + traffic on a TCP connection, without specifying + an application protocol. \n - `udp`: Endpoint + will have traffic on an UDP connection, without + specifying an application protocol. \n Default + value is `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + volume: + description: Allows specifying the definition of a volume + shared by several other components + properties: + ephemeral: + description: Ephemeral volumes are not stored persistently + across restarts. Defaults to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + id: + description: Id in a registry that contains a Devfile yaml file + type: string + importReferenceType: + description: type of location from where the referenced template + structure should be retrieved + enum: + - Uri + - Id + - Kubernetes + type: string + kubernetes: + description: Reference to a Kubernetes CRD of type DevWorkspaceTemplate + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + name: + description: Mandatory name that allows referencing the component + from other elements (such as commands) or from an external + devfile that may reference this component through a parent + or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + registryUrl: + description: Registry URL to pull the parent devfile from when + using id in the parent reference. To ensure the parent devfile + gets resolved consistently in different environments, it is + recommended to always specify the `registryUrl` when `id` + is used. + type: string + uri: + description: URI Reference of a parent devfile YAML file. It + can be a full URL or a relative URI with the current devfile + as the base URI. + type: string + version: + description: Specific stack/sample version to pull the parent + devfile from, when using id in the parent reference. To specify + `version`, `id` must be defined and used as the import reference + source. `version` can be either a specific stack version, + or `latest`. If no `version` specified, default version will + be used. + pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$ + type: string + required: + - name + type: object + type: array + podSpecOverride: + description: Pod fields to override within the DevWorkspace's Deployment. + Fields defined here are strategically merged on top of the Pod template + in the deployment, allowing for fine-grained customization of the + Pods that are started for this DevWorkspace. + properties: + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + http://kubernetes.io/docs/user-guide/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: http://kubernetes.io/docs/user-guide/labels' + type: object + type: object + spec: + description: Subset of Pod Spec fields that can be overridden + in a DevWorkspace's deployment + properties: + activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active + on the node relative to StartTime before the system will + actively try to mark it failed and kill associated containers. + Value must be a positive integer. + format: int64 + type: integer + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules + for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term + matches all objects with implicit weight 0 (i.e. + it's a no-op). A null preferred scheduling term + matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated + with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching + the corresponding nodeSelectorTerm, in the + range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to an update), the system may or may not try + to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector + terms. The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the + selector applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. + If the operator is Gt or Lt, the + values array must have a single + element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if + the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is alpha-level and is only + honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + affinity requirements specified by this field cease + to be met at some point during pod execution (e.g. + due to a pod label update), the system may or may + not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, + i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is alpha-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, + etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule + pods to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the + greatest sum of weights, i.e. for each node that + meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to + the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum + are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, + associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of + resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies to. + The term is applied to the union of the + namespaces selected by this field and + the ones listed in the namespaces field. + null selector and null or empty namespaces + list means "this pod's namespace". An + empty selector ({}) matches all namespaces. + This field is alpha-level and is only + honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. + This array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of + {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose + value of the label with key topologyKey + matches that of any node on which any + of the selected pods is running. Empty + topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching + the corresponding podAffinityTerm, in the + range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the + anti-affinity requirements specified by this field + cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may + or may not try to eventually evict the pod from + its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those + matching the labelSelector relative to the given + namespace(s)) that this pod should be co-located + (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node + whose value of the label with key + matches that of any node on which a pod of the + set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. This + field is alpha-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether + a service account token should be automatically mounted. + type: boolean + dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters + specified here will be merged to the generated DNS configuration + based on DNSPolicy. + properties: + nameservers: + description: A list of DNS name server IP addresses. This + will be appended to the base nameservers generated from + DNSPolicy. Duplicated nameservers will be removed. + items: + type: string + type: array + options: + description: A list of DNS resolver options. This will + be merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options + given in Options will override those that appear in + the base DNSPolicy. + items: + description: PodDNSConfigOption defines DNS resolver + options of a pod. + properties: + name: + description: Required. + type: string + value: + type: string + type: object + type: array + searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search paths + generated from DNSPolicy. Duplicated search paths will + be removed. + items: + type: string + type: array + type: object + dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', + 'Default' or 'None'. DNS parameters given in DNSConfig will + be merged with the policy selected with DNSPolicy. To have + DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. + type: string + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' + type: boolean + hostAliases: + description: HostAliases is an optional list of hosts and + IPs that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. + items: + description: HostAlias holds the mapping between IP and + hostnames that will be injected as an entry in the pod's + hosts file. + properties: + hostnames: + description: Hostnames for the above IP address. + items: + type: string + type: array + ip: + description: IP address of the host file entry. + type: string + type: object + type: array + hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default + to false.' + type: boolean + hostNetwork: + description: Host networking requested for this pod. Use the + host's network namespace. If this option is set, the ports + that will be used must be specified. Default to false. + type: boolean + hostPID: + description: 'Use the host''s pid namespace. Optional: Default + to false.' + type: boolean + hostname: + description: Specifies the hostname of the Pod If not specified, + the pod's hostname will be set to a system-defined value. + type: string + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any + of the images used by this PodSpec. If specified, these + secrets will be passed to individual puller implementations + for them to use. For example, in the case of docker, only + DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + nodeName: + description: NodeName is a request to schedule this pod onto + a specific node. If it is non-empty, the scheduler simply + schedules this pod onto that node, assuming that it fits + resource requirements. + type: string + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match + a node''s labels for the pod to be scheduled on that node. + More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead associated + with running a pod for a given RuntimeClass. This field + will be autopopulated at admission time by the RuntimeClass + admission controller. If the RuntimeClass admission controller + is enabled, overhead must not be set in Pod create requests. + The RuntimeClass admission controller will reject Pod create + requests which have the overhead already set. If RuntimeClass + is configured and selected in the PodSpec, Overhead will + be set to the value defined in the corresponding RuntimeClass, + otherwise it will remain unset and treated as zero. More + info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md + This field is alpha-level as of Kubernetes v1.16, and is + only honored by servers that enable the PodOverhead feature.' + type: object + preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting + pods with lower priority. One of Never, PreemptLowerPriority. + Defaults to PreemptLowerPriority if unset. This field is + beta-level, gated by the NonPreemptingPriority feature-gate. + type: string + priority: + description: The priority value. Various system components + use this field to find the priority of the pod. When Priority + Admission Controller is enabled, it prevents users from + setting this field. The admission controller populates this + field from PriorityClassName. The higher the value, the + higher the priority. + format: int32 + type: integer + priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" + and "system-cluster-critical" are two special keywords which + indicate the highest priorities with the former being the + highest priority. Any other name must be defined by creating + a PriorityClass object with that name. If not specified, + the pod priority will be default or zero if there is no + default. + type: string + readinessGates: + description: 'If specified, all readiness gates will be evaluated + for pod readiness. A pod is ready when all its containers + are ready AND all conditions specified in the readiness + gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + items: + description: PodReadinessGate contains the reference to + a pod condition + properties: + conditionType: + description: ConditionType refers to a condition in + the pod's condition list with matching type. + type: string + required: + - conditionType + type: object + type: array + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object + in the node.k8s.io group, which should be used to run this + pod. If no RuntimeClass resource matches the named class, + the pod will not be run. If unset or empty, the "legacy" + RuntimeClass will be used, which is an implicit class with + an empty definition that uses the default runtime handler. + More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md + This is a beta feature as of Kubernetes v1.14.' + type: string + schedulerName: + description: If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched + by default scheduler. + type: string + securityContext: + description: 'SecurityContext holds pod-level security attributes + and common container settings. Optional: Defaults to empty. See + type description for default values of each field.' + properties: + fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow + the Kubelet to change the ownership of that volume to + be owned by the pod: \n 1. The owning GID will be the + FSGroup 2. The setgid bit is set (new files created + in the volume will be owned by FSGroup) 3. The permission + bits are OR'd with rw-rw---- \n If unset, the Kubelet + will not modify the ownership and permissions of any + volume." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of + changing ownership and permission of the volume before + being exposed inside Pod. This field will only apply + to volume types which support fsGroup based ownership(and + permissions). It will have no effect on ephemeral volume + types such as: secret, configmaps and emptydir. Valid + values are "OnRootMismatch" and "Always". If not specified, + "Always" is used.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in SecurityContext. If set + in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all + containers. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must only be + set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID. If unspecified, no groups will be added + to any container. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by + the container runtime) might fail to launch. + items: + description: Sysctl defines a kernel parameter to be + set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options within a + container's SecurityContext will be used. If set in + both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. + type: string + runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. + type: string + type: object + type: object + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + setHostnameAsFQDN: + description: If true the pod's hostname will be configured + as the pod's FQDN, rather than the leaf name (the default). + In Linux containers, this means setting the FQDN in the + hostname field of the kernel (the nodename field of struct + utsname). In Windows containers, this means setting the + registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no effect. + Default to false. + type: boolean + shareProcessNamespace: + description: 'Share a single process namespace between all + of the containers in a pod. When this is set containers + will be able to view and signal processes from other containers + in the same pod, and the first process in each container + will not be assigned PID 1. HostPID and ShareProcessNamespace + cannot both be set. Optional: Default to false.' + type: boolean + subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have a domainname + at all. + type: string + terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to + terminate gracefully. May be decreased in delete request. + Value must be non-negative integer. The value zero indicates + stop immediately via the kill signal (no opportunity to + shut down). If this value is nil, the default grace period + will be used instead. The grace period is the duration in + seconds after the processes running in the pod are sent + a termination signal and the time when the processes are + forcibly halted with a kill signal. Set this value longer + than the expected cleanup time for your process. Defaults + to 30 seconds. + format: int64 + type: integer + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group + of pods ought to spread across topology domains. Scheduler + will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching + pods. Pods that match this label selector are counted + to determine the number of pods in their corresponding + topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which + pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the + number of matching pods in the target topology and + the global minimum. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be + scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies + that satisfy it. It''s a required field. Default value + is 1 and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. + Nodes that have a label with this key and identical + values are considered to be in the same topology. + We consider each as a "bucket", and try + to put balanced number of pods into each bucket. It's + a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not + to schedule it. - ScheduleAnyway tells the scheduler + to schedule the pod in any location, but giving + higher precedence to topologies that would help reduce + the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible + node assigment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, + MaxSkew is set to 1, and pods with the same labelSelector + spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P + | P | P | If WhenUnsatisfiable is set to DoNotSchedule, + incoming pod can only be scheduled to zone2(zone3) + to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) + satisfies MaxSkew(1). In other words, the cluster + can still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + type: object + type: object routingClass: type: string started: diff --git a/deploy/generate-deployment.sh b/deploy/generate-deployment.sh index 65032b677..a7f245970 100755 --- a/deploy/generate-deployment.sh +++ b/deploy/generate-deployment.sh @@ -115,7 +115,7 @@ if $USE_DEFAULT_ENV; then export PROJECT_CLONE_IMG=${PROJECT_CLONE_IMG:-"quay.io/devfile/project-clone:next"} export PULL_POLICY=Always export DEFAULT_ROUTING=basic - export DEVWORKSPACE_API_VERSION=32cae1f8e42c22035138ef6ee93080bc47d751c6 + export DEVWORKSPACE_API_VERSION=2609b3576ec912b955a5b4a7398ce48f8e39e879 export ROUTING_SUFFIX='""' export FORCE_DEVWORKSPACE_CRDS_UPDATE=true fi diff --git a/go.mod b/go.mod index 9156c0195..8473a4497 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/devfile/devworkspace-operator go 1.16 require ( - github.com/devfile/api/v2 v2.0.0-20220414122024-32cae1f8e42c + github.com/devfile/api/v2 v2.0.0-20220920140505-2609b3576ec9 github.com/go-git/go-git/v5 v5.2.0 github.com/go-logr/logr v0.4.0 github.com/google/go-cmp v0.5.5 diff --git a/go.sum b/go.sum index c992b2efe..b931ac402 100644 --- a/go.sum +++ b/go.sum @@ -106,8 +106,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE= -github.com/devfile/api/v2 v2.0.0-20220414122024-32cae1f8e42c h1:yyidoxal8ngJWDxRuVZMNh4PBwqDIzOkTeOagtmRiy0= -github.com/devfile/api/v2 v2.0.0-20220414122024-32cae1f8e42c/go.mod h1:kLX/nW93gigOHXK3NLeJL2fSS/sgEe+OHu8bo3aoOi4= +github.com/devfile/api/v2 v2.0.0-20220920140505-2609b3576ec9 h1:NVUmwuoo8wF7HUmqtn7pWQ75MrRAvZvLK7R/QdUL1wY= +github.com/devfile/api/v2 v2.0.0-20220920140505-2609b3576ec9/go.mod h1:dN7xFrOVG+iPqn4UKGibXLd5oVsdE8XyK9OEb5JL3aI= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= diff --git a/new.cabundle b/new.cabundle new file mode 100644 index 000000000..06681b43f --- /dev/null +++ b/new.cabundle @@ -0,0 +1,2 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lJZTkzTUx6VEJocUV3RFFZSktvWklodmNOQVFFTEJRQXdOakUwTURJR0ExVUUKQXd3cmIzQmxibk5vYVdaMExYTmxjblpwWTJVdGMyVnlkbWx1WnkxemFXZHVaWEpBTVRZMk16Y3dORGd4TlRBZQpGdzB5TWpBNU1qQXlNREV6TXpWYUZ3MHlOREV4TVRneU1ERXpNelphTURZeE5EQXlCZ05WQkFNTUsyOXdaVzV6CmFHbG1kQzF6WlhKMmFXTmxMWE5sY25acGJtY3RjMmxuYm1WeVFERTJOak0zTURRNE1UVXdnZ0VpTUEwR0NTcUcKU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lqeERnM1pvVGNqMnhoam0vRzBoQ0dpNGxENXNPa2I1YQpwczZSeGJ5emNoNE41RVRNaUZXUGxqRVdEMzVONjRJMEJyM1FKLzYwbHY3VVRvUU1Pc2dBVjJDZldmdFJka09FCm9PbWx5Qk41VEJ6eEJXdjhJZitGVTJSQUZLR1VSYkJDSlBzZUlDV20zMXBZREowUUYzQUQvaWREMTRWeUlNcGkKT3A2SVY3TkFJMzJNa3UyMGFPQlNFSFV4dmxFQzlTdXJRbzdCTWpLQWgrOUgxQ3IvVHZieHBYM293MzZsSFRqUwpBNkJZWjJiZytmcTMyemZyWHUrYjhmUU1qY3FDNHdHRHhXYklTdWI0MFl0cHNsbGk5ZVFpbi9LTERHYk1MNXVHCkpZRGRBYWp6Uk1hZlIxdlpxeVpIYktzZUtHUHIyaDJWYk1TTVhaT3pMNzRoR3h2V2ppbFBBZ01CQUFHall6QmgKTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFUMDJ1QQpwc2c4YTRNQkFrVVdab0NCejhXN3dUQWZCZ05WSFNNRUdEQVdnQlFUMDJ1QXBzZzhhNE1CQWtVV1pvQ0J6OFc3CndUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmMzhwZnU1d3BJUEhrNzZuY1FjaUpzQ3RCSmU5NXdseHZWRmgKVHBVV1lrY2pPQitZK1F0N0V6MmdYaHA2TGllOUhUdkVZRFpFY2NBSzZSS1o4dTRLSmd4QUVoN20xR2Z1NitRcgo0SXE2c05EMUlRb1hzcTh3RllPNURMT1U0N3NWSERITEhmb1JOTFNMd1BWaThNbDlpczJqU3RiZkVZK04yZlM5CnZFL1BFN2MwN0JrUDRxRFF4eDYwMjBqdXVSY1FFMFZrNmRTTWV3Ri9HRGd0MVd5SWIrR2YxbmVXK1RDMWJBT2EKQTMwMG41QnhkYTBjQ29pYjVFUXM3N0E2dmwwQWtNUUpVODJWSkI3Q0dkNy9iQ081ekovZkdTSlhONFo5ZHpiMwowUlpWck0wa1BVejN0dlhyTlRCWVJHZU5BNXMwRVJLK1h1NmU0MTcxSG9BK2xJTmFSQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K +... diff --git a/old.cabundle b/old.cabundle new file mode 100644 index 000000000..06681b43f --- /dev/null +++ b/old.cabundle @@ -0,0 +1,2 @@ +LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lJZTkzTUx6VEJocUV3RFFZSktvWklodmNOQVFFTEJRQXdOakUwTURJR0ExVUUKQXd3cmIzQmxibk5vYVdaMExYTmxjblpwWTJVdGMyVnlkbWx1WnkxemFXZHVaWEpBTVRZMk16Y3dORGd4TlRBZQpGdzB5TWpBNU1qQXlNREV6TXpWYUZ3MHlOREV4TVRneU1ERXpNelphTURZeE5EQXlCZ05WQkFNTUsyOXdaVzV6CmFHbG1kQzF6WlhKMmFXTmxMWE5sY25acGJtY3RjMmxuYm1WeVFERTJOak0zTURRNE1UVXdnZ0VpTUEwR0NTcUcKU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3lqeERnM1pvVGNqMnhoam0vRzBoQ0dpNGxENXNPa2I1YQpwczZSeGJ5emNoNE41RVRNaUZXUGxqRVdEMzVONjRJMEJyM1FKLzYwbHY3VVRvUU1Pc2dBVjJDZldmdFJka09FCm9PbWx5Qk41VEJ6eEJXdjhJZitGVTJSQUZLR1VSYkJDSlBzZUlDV20zMXBZREowUUYzQUQvaWREMTRWeUlNcGkKT3A2SVY3TkFJMzJNa3UyMGFPQlNFSFV4dmxFQzlTdXJRbzdCTWpLQWgrOUgxQ3IvVHZieHBYM293MzZsSFRqUwpBNkJZWjJiZytmcTMyemZyWHUrYjhmUU1qY3FDNHdHRHhXYklTdWI0MFl0cHNsbGk5ZVFpbi9LTERHYk1MNXVHCkpZRGRBYWp6Uk1hZlIxdlpxeVpIYktzZUtHUHIyaDJWYk1TTVhaT3pMNzRoR3h2V2ppbFBBZ01CQUFHall6QmgKTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFUMDJ1QQpwc2c4YTRNQkFrVVdab0NCejhXN3dUQWZCZ05WSFNNRUdEQVdnQlFUMDJ1QXBzZzhhNE1CQWtVV1pvQ0J6OFc3CndUQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFmMzhwZnU1d3BJUEhrNzZuY1FjaUpzQ3RCSmU5NXdseHZWRmgKVHBVV1lrY2pPQitZK1F0N0V6MmdYaHA2TGllOUhUdkVZRFpFY2NBSzZSS1o4dTRLSmd4QUVoN20xR2Z1NitRcgo0SXE2c05EMUlRb1hzcTh3RllPNURMT1U0N3NWSERITEhmb1JOTFNMd1BWaThNbDlpczJqU3RiZkVZK04yZlM5CnZFL1BFN2MwN0JrUDRxRFF4eDYwMjBqdXVSY1FFMFZrNmRTTWV3Ri9HRGd0MVd5SWIrR2YxbmVXK1RDMWJBT2EKQTMwMG41QnhkYTBjQ29pYjVFUXM3N0E2dmwwQWtNUUpVODJWSkI3Q0dkNy9iQ081ekovZkdTSlhONFo5ZHpiMwowUlpWck0wa1BVejN0dlhyTlRCWVJHZU5BNXMwRVJLK1h1NmU0MTcxSG9BK2xJTmFSQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K +... diff --git a/pkg/provision/workspace/deployment.go b/pkg/provision/workspace/deployment.go index 96a5a065e..c671f4523 100644 --- a/pkg/provision/workspace/deployment.go +++ b/pkg/provision/workspace/deployment.go @@ -246,6 +246,14 @@ func getSpecDeployment( }, } + if needsPodSpecOverrides(workspace) { + patchedDeployment, err := applyPodSpecOverrides(deployment, workspace) + if err != nil { + return nil, err + } + deployment = patchedDeployment + } + if podTolerations != nil && len(podTolerations) > 0 { deployment.Spec.Template.Spec.Tolerations = podTolerations } diff --git a/pkg/provision/workspace/override.go b/pkg/provision/workspace/override.go new file mode 100644 index 000000000..294714e2a --- /dev/null +++ b/pkg/provision/workspace/override.go @@ -0,0 +1,53 @@ +// Copyright (c) 2019-2022 Red Hat, Inc. +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package workspace + +import ( + "github.com/devfile/devworkspace-operator/pkg/common" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/json" + "k8s.io/apimachinery/pkg/util/strategicpatch" +) + +func needsPodSpecOverrides(workspace *common.DevWorkspaceWithConfig) bool { + return workspace.Spec.PodSpecOverrides != nil +} + +func applyPodSpecOverrides(deployment *appsv1.Deployment, workspace *common.DevWorkspaceWithConfig) (*appsv1.Deployment, error) { + patched := deployment.DeepCopy() + + originalBytes, err := json.Marshal(patched.Spec.Template) + if err != nil { + return nil, err + } + + podSpecOverride := workspace.Spec.PodSpecOverrides + patchBytes, err := json.Marshal(podSpecOverride) + if err != nil { + return nil, err + } + + patchedJSON, err := strategicpatch.StrategicMergePatch(originalBytes, patchBytes, &corev1.PodTemplateSpec{}) + if err != nil { + return nil, err + } + + patchedPodSpecTemplate := corev1.PodTemplateSpec{} + if err := json.Unmarshal(patchedJSON, &patchedPodSpecTemplate); err != nil { + return nil, err + } + patched.Spec.Template = patchedPodSpecTemplate + return patched, nil +} diff --git a/samples/pod-spec-overrides.yaml b/samples/pod-spec-overrides.yaml new file mode 100644 index 000000000..8ebf06250 --- /dev/null +++ b/samples/pod-spec-overrides.yaml @@ -0,0 +1,37 @@ +kind: DevWorkspace +apiVersion: workspace.devfile.io/v1alpha2 +metadata: + name: theia-next +spec: + started: true + podSpecOverride: + metadata: + annotations: + io.openshift.userns: "true" + io.kubernetes.cri-o.userns-mode: "auto:size=65536;map-to-root=true" # <-- user namespace + openshift.io/scc: container-build + spec: + runtimeClassName: kata + schedulerName: stork + template: + projects: + - name: web-nodejs-sample + git: + remotes: + origin: "https://github.com/che-samples/web-nodejs-sample.git" + components: + - name: theia + plugin: + uri: https://che-plugin-registry-main.surge.sh/v3/plugins/eclipse/che-theia/next/devfile.yaml + components: + - name: theia-ide + container: + env: + - name: THEIA_HOST + value: 0.0.0.0 + commands: + - id: say-hello + exec: + component: theia-ide + commandLine: echo "Hello from $(pwd)" + workingDir: ${PROJECTS_ROOT}/project/app